From 8f799585b95f2cdaa1bcb51bf53f51444b97d922 Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Sun, 26 Jun 2022 00:37:26 +0200 Subject: [PATCH 01/42] [MAJOR/BREAKING] Renamed `arm` to `modules` (#1498) * Renamed `arm` to `modules` (#1498) --- .../modulePipelines/ms.aad.domainservices.yml | 6 +- .../ms.analysisservices.servers.yml | 6 +- .../ms.apimanagement.service.yml | 6 +- ...s.appconfiguration.configurationstores.yml | 6 +- .../ms.authorization.locks.yml | 6 +- .../ms.authorization.policyassignments.yml | 6 +- .../ms.authorization.policydefinitions.yml | 6 +- .../ms.authorization.policyexemptions.yml | 6 +- .../ms.authorization.policysetdefinitions.yml | 6 +- .../ms.authorization.roleassignments.yml | 6 +- .../ms.authorization.roledefinitions.yml | 6 +- .../ms.automation.automationaccounts.yml | 6 +- .../ms.batch.batchaccounts.yml | 6 +- .../ms.cognitiveservices.accounts.yml | 6 +- .../ms.compute.availabilitysets.yml | 6 +- .../ms.compute.diskencryptionsets.yml | 6 +- .../modulePipelines/ms.compute.disks.yml | 6 +- .../modulePipelines/ms.compute.galleries.yml | 6 +- .../modulePipelines/ms.compute.images.yml | 6 +- .../ms.compute.proximityplacementgroups.yml | 6 +- .../ms.compute.virtualmachines.yml | 6 +- .../ms.compute.virtualmachinescalesets.yml | 6 +- .../ms.consumption.budgets.yml | 6 +- .../ms.containerinstance.containergroups.yml | 6 +- .../ms.containerregistry.registries.yml | 6 +- .../ms.containerservice.managedclusters.yml | 6 +- .../ms.databricks.workspaces.yml | 6 +- .../ms.datafactory.factories.yml | 6 +- .../ms.dataprotection.backupvaults.yml | 6 +- ...esktopvirtualization.applicationgroups.yml | 6 +- .../ms.desktopvirtualization.hostpools.yml | 6 +- .../ms.desktopvirtualization.scalingplans.yml | 6 +- .../ms.desktopvirtualization.workspaces.yml | 6 +- .../ms.documentdb.databaseaccounts.yml | 6 +- .../ms.eventgrid.systemtopics.yml | 6 +- .../modulePipelines/ms.eventgrid.topics.yml | 6 +- .../ms.eventhub.namespaces.yml | 6 +- .../ms.healthbot.healthbots.yml | 6 +- .../ms.insights.actiongroups.yml | 6 +- .../ms.insights.activitylogalerts.yml | 6 +- .../ms.insights.components.yml | 6 +- .../ms.insights.diagnosticsettings.yml | 6 +- .../ms.insights.metricalerts.yml | 6 +- .../ms.insights.privatelinkscopes.yml | 6 +- .../ms.insights.scheduledqueryrules.yml | 6 +- .../modulePipelines/ms.keyvault.vaults.yml | 6 +- .../ms.kubernetesconfiguration.extensions.yml | 6 +- ...rnetesconfiguration.fluxconfigurations.yml | 6 +- .../modulePipelines/ms.logic.workflows.yml | 6 +- .../ms.machinelearningservices.workspaces.yml | 6 +- ...managedidentity.userassignedidentities.yml | 6 +- ...anagedservices.registrationdefinitions.yml | 6 +- .../ms.management.managementgroups.yml | 6 +- .../ms.netapp.netappaccounts.yml | 6 +- .../ms.network.applicationgateways.yml | 6 +- .../ms.network.applicationsecuritygroups.yml | 6 +- .../ms.network.azurefirewalls.yml | 6 +- .../ms.network.bastionhosts.yml | 6 +- .../ms.network.connections.yml | 6 +- .../ms.network.ddosprotectionplans.yml | 6 +- .../ms.network.expressroutecircuits.yml | 6 +- .../ms.network.firewallpolicies.yml | 6 +- .../modulePipelines/ms.network.frontdoors.yml | 6 +- .../modulePipelines/ms.network.ipgroups.yml | 6 +- .../ms.network.loadbalancers.yml | 6 +- .../ms.network.localnetworkgateways.yml | 6 +- .../ms.network.natgateways.yml | 6 +- .../ms.network.networkinterfaces.yml | 6 +- .../ms.network.networksecuritygroups.yml | 6 +- .../ms.network.networkwatchers.yml | 6 +- .../ms.network.privatednszones.yml | 6 +- .../ms.network.privateendpoints.yml | 6 +- .../ms.network.publicipaddresses.yml | 6 +- .../ms.network.publicipprefixes.yml | 6 +- .../ms.network.routetables.yml | 6 +- .../ms.network.trafficmanagerprofiles.yml | 6 +- .../ms.network.virtualhubs.yml | 6 +- .../ms.network.virtualnetworkgateways.yml | 6 +- .../ms.network.virtualnetworks.yml | 6 +- .../ms.network.virtualwans.yml | 6 +- .../ms.network.vpngateways.yml | 6 +- .../modulePipelines/ms.network.vpnsites.yml | 6 +- .../ms.operationalinsights.workspaces.yml | 6 +- .../ms.operationsmanagement.solutions.yml | 6 +- .../ms.recoveryservices.vaults.yml | 6 +- .../ms.resources.deploymentscripts.yml | 6 +- .../ms.resources.resourcegroups.yml | 6 +- .../modulePipelines/ms.resources.tags.yml | 6 +- .../ms.security.azuresecuritycenter.yml | 6 +- .../ms.servicebus.namespaces.yml | 6 +- .../ms.servicefabric.clusters.yml | 6 +- .../ms.sql.managedinstances.yml | 6 +- .../modulePipelines/ms.sql.servers.yml | 6 +- .../ms.storage.storageaccounts.yml | 6 +- .../ms.synapse.privatelinkhubs.yml | 6 +- ...ms.virtualmachineimages.imagetemplates.yml | 6 +- .../modulePipelines/ms.web.connections.yml | 6 +- .../ms.web.hostingenvironments.yml | 6 +- .../modulePipelines/ms.web.serverfarms.yml | 6 +- .azuredevops/modulePipelines/ms.web.sites.yml | 6 +- .../modulePipelines/ms.web.staticsites.yml | 6 +- .../pipelineTemplates/jobs.publishModule.yml | 6 +- .../jobs.validateModulePester.yml | 12 +- .../platform.dependencies.yml | 2 +- .../platform.updateReadMe.yml | 10 +- .../templates/publishModule/action.yml | 30 +-- .../validateModuleDeployment/action.yml | 24 +-- .../templates/validateModulePester/action.yml | 18 +- .github/workflows/ms.aad.domainservices.yml | 6 +- .../workflows/ms.analysisservices.servers.yml | 6 +- .../workflows/ms.apimanagement.service.yml | 6 +- ...s.appconfiguration.configurationstores.yml | 6 +- .github/workflows/ms.authorization.locks.yml | 6 +- .../ms.authorization.policyassignments.yml | 6 +- .../ms.authorization.policydefinitions.yml | 6 +- .../ms.authorization.policyexemptions.yml | 6 +- .../ms.authorization.policysetdefinitions.yml | 6 +- .../ms.authorization.roleassignments.yml | 6 +- .../ms.authorization.roledefinitions.yml | 6 +- .../ms.automation.automationaccounts.yml | 6 +- .github/workflows/ms.batch.batchaccounts.yml | 6 +- .../ms.cognitiveservices.accounts.yml | 6 +- .../workflows/ms.compute.availabilitysets.yml | 6 +- .../ms.compute.diskencryptionsets.yml | 6 +- .github/workflows/ms.compute.disks.yml | 6 +- .github/workflows/ms.compute.galleries.yml | 6 +- .github/workflows/ms.compute.images.yml | 6 +- .../ms.compute.proximityplacementgroups.yml | 6 +- .../workflows/ms.compute.virtualmachines.yml | 6 +- .../ms.compute.virtualmachinescalesets.yml | 6 +- .github/workflows/ms.consumption.budgets.yml | 6 +- .../ms.containerinstance.containergroups.yml | 6 +- .../ms.containerregistry.registries.yml | 6 +- .../ms.containerservice.managedclusters.yml | 6 +- .../workflows/ms.databricks.workspaces.yml | 6 +- .../workflows/ms.datafactory.factories.yml | 6 +- .../ms.dataprotection.backupvaults.yml | 98 ++++----- ...esktopvirtualization.applicationgroups.yml | 6 +- .../ms.desktopvirtualization.hostpools.yml | 6 +- .../ms.desktopvirtualization.scalingplans.yml | 6 +- .../ms.desktopvirtualization.workspaces.yml | 6 +- .../ms.documentdb.databaseaccounts.yml | 6 +- .../workflows/ms.eventgrid.systemtopics.yml | 6 +- .github/workflows/ms.eventgrid.topics.yml | 6 +- .github/workflows/ms.eventhub.namespaces.yml | 6 +- .github/workflows/ms.healthbot.healthbots.yml | 6 +- .../workflows/ms.insights.actiongroups.yml | 6 +- .../ms.insights.activitylogalerts.yml | 6 +- .github/workflows/ms.insights.components.yml | 6 +- .../ms.insights.diagnosticsettings.yml | 6 +- .../workflows/ms.insights.metricalerts.yml | 6 +- .../ms.insights.privatelinkscopes.yml | 6 +- .../ms.insights.scheduledqueryrules.yml | 6 +- .github/workflows/ms.keyvault.vaults.yml | 6 +- .../ms.kubernetesconfiguration.extensions.yml | 6 +- ...rnetesconfiguration.fluxconfigurations.yml | 6 +- .github/workflows/ms.logic.workflows.yml | 6 +- .../ms.machinelearningservices.workspaces.yml | 6 +- ...managedidentity.userassignedidentities.yml | 6 +- ...anagedservices.registrationdefinitions.yml | 6 +- .../ms.management.managementgroups.yml | 6 +- .../workflows/ms.netapp.netappaccounts.yml | 6 +- .../ms.network.applicationgateways.yml | 6 +- .../ms.network.applicationsecuritygroups.yml | 6 +- .../workflows/ms.network.azurefirewalls.yml | 6 +- .github/workflows/ms.network.bastionhosts.yml | 6 +- .github/workflows/ms.network.connections.yml | 6 +- .../ms.network.ddosprotectionplans.yml | 6 +- .../ms.network.expressroutecircuits.yml | 6 +- .../workflows/ms.network.firewallpolicies.yml | 6 +- .github/workflows/ms.network.frontdoors.yml | 6 +- .github/workflows/ms.network.ipgroups.yml | 6 +- .../workflows/ms.network.loadbalancers.yml | 6 +- .../ms.network.localnetworkgateways.yml | 6 +- .github/workflows/ms.network.natgateways.yml | 6 +- .../ms.network.networkinterfaces.yml | 6 +- .../ms.network.networksecuritygroups.yml | 6 +- .../workflows/ms.network.networkwatchers.yml | 6 +- .../workflows/ms.network.privatednszones.yml | 6 +- .../workflows/ms.network.privateendpoints.yml | 6 +- .../ms.network.publicipaddresses.yml | 6 +- .../workflows/ms.network.publicipprefixes.yml | 6 +- .github/workflows/ms.network.routetables.yml | 6 +- .../ms.network.trafficmanagerprofiles.yml | 6 +- .github/workflows/ms.network.virtualhubs.yml | 6 +- .../ms.network.virtualnetworkgateways.yml | 6 +- .../workflows/ms.network.virtualnetworks.yml | 6 +- .github/workflows/ms.network.virtualwans.yml | 6 +- .github/workflows/ms.network.vpngateways.yml | 6 +- .github/workflows/ms.network.vpnsites.yml | 6 +- .../ms.operationalinsights.workspaces.yml | 6 +- .../ms.operationsmanagement.solutions.yml | 6 +- .../workflows/ms.recoveryservices.vaults.yml | 6 +- .../ms.resources.deploymentscripts.yml | 6 +- .../workflows/ms.resources.resourcegroups.yml | 6 +- .github/workflows/ms.resources.tags.yml | 6 +- .../ms.security.azuresecuritycenter.yml | 6 +- .../workflows/ms.servicebus.namespaces.yml | 6 +- .../workflows/ms.servicefabric.clusters.yml | 6 +- .github/workflows/ms.sql.managedinstances.yml | 6 +- .github/workflows/ms.sql.servers.yml | 6 +- .../workflows/ms.storage.storageaccounts.yml | 6 +- .../workflows/ms.synapse.privatelinkhubs.yml | 6 +- ...ms.virtualmachineimages.imagetemplates.yml | 6 +- .github/workflows/ms.web.connections.yml | 6 +- .../workflows/ms.web.hostingenvironments.yml | 6 +- .github/workflows/ms.web.serverfarms.yml | 6 +- .github/workflows/ms.web.sites.yml | 6 +- .github/workflows/ms.web.staticsites.yml | 6 +- .github/workflows/platform.dependencies.yml | 76 ++++--- .github/workflows/platform.updateReadMe.yml | 10 +- README.md | 202 +++++++++--------- .../.bicep/nested_roleAssignments.bicep | 43 ---- arm/README.md | 107 ---------- .../.bicep/nested_roleAssignments.bicep | 6 +- .../virtualMachinesMultiple/deploy.bicep | 2 +- .../deploy.bicep | 2 +- ...g started - Get module cross-references.md | 2 +- ...board module library and CI environment.md | 24 +-- docs/wiki/Solution creation.md | 16 +- ...ent - GitHub ReadMe module table update.md | 2 +- .../The CI environment - Pipeline design.md | 4 +- .../The CI environment - Static validation.md | 6 +- docs/wiki/The library - Module design.md | 6 +- docs/wiki/The library - Module usage.md | 32 +-- .../.global/global.module.tests.ps1 | 30 +-- {arm => modules}/.global/shared/helper.psm1 | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../Microsoft.AAD/DomainServices/deploy.bicep | 0 .../Microsoft.AAD/DomainServices/readme.md | 0 .../Microsoft.AAD/DomainServices/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../servers/.parameters/max.parameters.json | 0 .../servers/.parameters/min.parameters.json | 0 .../servers/.parameters/parameters.json | 0 .../servers/deploy.bicep | 0 .../servers/readme.md | 0 .../servers/version.json | 0 .../.bicep/nested_authorizationServers.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../service/.parameters/max.parameters.json | 0 .../service/.parameters/min.parameters.json | 0 .../service/.parameters/parameters.json | 0 .../service/apiVersionSets/deploy.bicep | 0 .../service/apiVersionSets/readme.md | 0 .../service/apiVersionSets/version.json | 0 .../service/apis/deploy.bicep | 0 .../service/apis/policies/deploy.bicep | 0 .../service/apis/policies/readme.md | 0 .../service/apis/policies/version.json | 0 .../service/apis/readme.md | 0 .../service/apis/version.json | 0 .../service/authorizationServers/deploy.bicep | 0 .../service/authorizationServers/readme.md | 0 .../service/authorizationServers/version.json | 0 .../service/backends/deploy.bicep | 0 .../service/backends/readme.md | 0 .../service/backends/version.json | 0 .../service/caches/deploy.bicep | 0 .../service/caches/readme.md | 0 .../service/caches/version.json | 0 .../service/deploy.bicep | 0 .../service/identityProviders/deploy.bicep | 0 .../service/identityProviders/readme.md | 0 .../service/identityProviders/version.json | 0 .../service/namedValues/deploy.bicep | 0 .../service/namedValues/readme.md | 0 .../service/namedValues/version.json | 0 .../service/policies/deploy.bicep | 0 .../service/policies/readme.md | 0 .../service/policies/version.json | 0 .../service/portalsettings/deploy.bicep | 0 .../service/portalsettings/readme.md | 0 .../service/portalsettings/version.json | 0 .../service/products/apis/deploy.bicep | 0 .../service/products/apis/readme.md | 0 .../service/products/apis/version.json | 0 .../service/products/deploy.bicep | 0 .../service/products/groups/deploy.bicep | 0 .../service/products/groups/readme.md | 0 .../service/products/groups/version.json | 0 .../service/products/readme.md | 0 .../service/products/version.json | 0 .../Microsoft.ApiManagement/service/readme.md | 0 .../service/subscriptions/deploy.bicep | 0 .../service/subscriptions/readme.md | 0 .../service/subscriptions/version.json | 0 .../service/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../configurationStores/deploy.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../keyValues/deploy.bicep | 0 .../configurationStores/keyValues/readme.md | 0 .../keyValues/version.json | 0 .../configurationStores/readme.md | 0 .../configurationStores/version.json | 0 .../locks/.parameters/rg.parameters.json | 0 .../locks/deploy.bicep | 0 .../Microsoft.Authorization/locks/readme.md | 0 .../locks/resourceGroup/deploy.bicep | 0 .../locks/resourceGroup/readme.md | 0 .../locks/resourceGroup/version.json | 0 .../locks/subscription/deploy.bicep | 0 .../locks/subscription/readme.md | 0 .../locks/subscription/version.json | 0 .../locks/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/rg.min.parameters.json | 0 .../.parameters/rg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../policyAssignments/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyAssignments/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../policyAssignments/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../subscription/deploy.bicep | 0 .../policyAssignments/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyAssignments/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../policyDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyDefinitions/readme.md | 2 +- .../subscription/deploy.bicep | 0 .../policyDefinitions/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyDefinitions/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/rg.min.parameters.json | 0 .../.parameters/rg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../policyExemptions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyExemptions/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../policyExemptions/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../subscription/deploy.bicep | 0 .../policyExemptions/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyExemptions/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../policySetDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policySetDefinitions/readme.md | 2 +- .../subscription/deploy.bicep | 0 .../subscription/readme.md | 0 .../subscription/version.json | 0 .../policySetDefinitions/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/rg.min.parameters.json | 0 .../.parameters/rg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../roleAssignments/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../roleAssignments/managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../roleAssignments/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../roleAssignments/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../roleAssignments/subscription/deploy.bicep | 0 .../roleAssignments/subscription/readme.md | 0 .../roleAssignments/subscription/version.json | 0 .../roleAssignments/version.json | 0 .../.parameters/mg.min.parameters.json | 0 .../.parameters/mg.parameters.json | 0 .../.parameters/rg.min.parameters.json | 0 .../.parameters/rg.parameters.json | 0 .../.parameters/sub.min.parameters.json | 0 .../.parameters/sub.parameters.json | 0 .../roleDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../roleDefinitions/managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../roleDefinitions/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../roleDefinitions/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../roleDefinitions/subscription/deploy.bicep | 0 .../roleDefinitions/subscription/readme.md | 0 .../roleDefinitions/subscription/version.json | 0 .../roleDefinitions/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/encr.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../automationAccounts/deploy.bicep | 0 .../jobSchedules/deploy.bicep | 0 .../automationAccounts/jobSchedules/readme.md | 0 .../jobSchedules/version.json | 0 .../automationAccounts/modules/deploy.bicep | 0 .../automationAccounts/modules/readme.md | 0 .../automationAccounts/modules/version.json | 0 .../automationAccounts/readme.md | 0 .../automationAccounts/runbooks/deploy.bicep | 0 .../automationAccounts/runbooks/readme.md | 0 .../automationAccounts/runbooks/version.json | 0 .../automationAccounts/schedules/deploy.bicep | 0 .../automationAccounts/schedules/readme.md | 0 .../automationAccounts/schedules/version.json | 0 .../softwareUpdateConfigurations/deploy.bicep | 0 .../softwareUpdateConfigurations/readme.md | 0 .../softwareUpdateConfigurations/version.json | 0 .../automationAccounts/variables/deploy.bicep | 0 .../automationAccounts/variables/readme.md | 0 .../automationAccounts/variables/version.json | 0 .../automationAccounts/version.json | 0 .../.parameters/min.parameters.json | 0 .../batchAccounts/.parameters/parameters.json | 0 .../batchAccounts/deploy.bicep | 0 .../Microsoft.Batch/batchAccounts/readme.md | 0 .../batchAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../accounts/.parameters/encr.parameters.json | 0 .../accounts/.parameters/min.parameters.json | 0 .../accounts/.parameters/parameters.json | 0 .../.parameters/speech.parameters.json | 0 .../accounts/deploy.bicep | 0 .../accounts/readme.md | 0 .../accounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../availabilitySets/deploy.bicep | 0 .../availabilitySets/readme.md | 0 .../availabilitySets/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../diskEncryptionSets/deploy.bicep | 0 .../diskEncryptionSets/readme.md | 0 .../diskEncryptionSets/version.json | 0 .../disks/.bicep/nested_roleAssignments.bicep | 0 .../disks/.parameters/image.parameters.json | 0 .../disks/.parameters/import.parameters.json | 0 .../disks/.parameters/min.parameters.json | 0 .../disks/.parameters/parameters.json | 0 .../Microsoft.Compute/disks/deploy.bicep | 0 .../Microsoft.Compute/disks/readme.md | 0 .../Microsoft.Compute/disks/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/images.parameters.json | 0 .../galleries/.parameters/parameters.json | 0 .../Microsoft.Compute/galleries/deploy.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../galleries/images/deploy.bicep | 0 .../galleries/images/readme.md | 0 .../galleries/images/version.json | 0 .../Microsoft.Compute/galleries/readme.md | 0 .../Microsoft.Compute/galleries/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../images/.parameters/parameters.json | 0 .../Microsoft.Compute/images/deploy.bicep | 0 .../Microsoft.Compute/images/readme.md | 0 .../Microsoft.Compute/images/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../proximityPlacementGroups/deploy.bicep | 0 .../proximityPlacementGroups/readme.md | 0 .../proximityPlacementGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/linux.min.parameters.json | 0 .../.parameters/linux.parameters.json | 0 .../.parameters/windows.min.parameters.json | 0 .../.parameters/windows.parameters.json | 0 .../virtualMachineScaleSets/deploy.bicep | 0 .../extensions/deploy.bicep | 0 .../extensions/readme.md | 0 .../extensions/version.json | 0 .../virtualMachineScaleSets/readme.md | 0 .../virtualMachineScaleSets/version.json | 0 .../.bicep/nested_networkInterface.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/linux.autmg.parameters.json | 0 .../.parameters/linux.min.parameters.json | 0 .../.parameters/linux.parameters.json | 0 .../.parameters/windows.autmg.parameters.json | 0 .../.parameters/windows.min.parameters.json | 0 .../.parameters/windows.parameters.json | 0 .../virtualMachines/deploy.bicep | 0 .../virtualMachines/extensions/deploy.bicep | 0 .../virtualMachines/extensions/readme.md | 0 .../virtualMachines/extensions/version.json | 0 .../virtualMachines/readme.md | 0 .../virtualMachines/version.json | 0 .../budgets/.parameters/parameters.json | 0 .../budgets/deploy.bicep | 0 .../Microsoft.Consumption/budgets/readme.md | 0 .../budgets/version.json | 0 .../.parameters/parameters.json | 0 .../containerGroups/deploy.bicep | 0 .../containerGroups/readme.md | 0 .../containerGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/encr.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../registries/.parameters/parameters.json | 0 .../registries/deploy.bicep | 0 .../registries/readme.md | 0 .../registries/replications/deploy.bicep | 0 .../registries/replications/readme.md | 0 .../registries/replications/version.json | 0 .../registries/version.json | 0 .../registries/webhooks/deploy.bicep | 0 .../registries/webhooks/readme.md | 0 .../registries/webhooks/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/azure.parameters.json | 0 .../.parameters/kubenet.parameters.json | 0 .../managedClusters/agentPools/deploy.bicep | 0 .../managedClusters/agentPools/readme.md | 0 .../managedClusters/agentPools/version.json | 0 .../managedClusters/deploy.bicep | 0 .../managedClusters/readme.md | 0 .../managedClusters/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../factories/.parameters/parameters.json | 0 .../factories/deploy.bicep | 0 .../factories/integrationRuntime/deploy.bicep | 0 .../factories/integrationRuntime/readme.md | 0 .../factories/integrationRuntime/version.json | 0 .../managedVirtualNetwork/deploy.bicep | 0 .../factories/managedVirtualNetwork/readme.md | 0 .../managedVirtualNetwork/version.json | 0 .../Microsoft.DataFactory/factories/readme.md | 0 .../factories/version.json | 0 .../.parameters/min.parameters.json | 0 .../backupVaults/.parameters/parameters.json | 0 .../backupVaults/backupPolicies/deploy.bicep | 0 .../backupVaults/backupPolicies/readme.md | 0 .../backupVaults/backupPolicies/version.json | 0 .../backupVaults/deploy.bicep | 0 .../backupVaults/readme.md | 0 .../backupVaults/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../workspaces/.parameters/parameters.json | 0 .../workspaces/deploy.bicep | 0 .../Microsoft.Databricks/workspaces/readme.md | 0 .../workspaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../applications/deploy.bicep | 0 .../applicationgroups/applications/readme.md | 0 .../applications/version.json | 0 .../applicationgroups/deploy.bicep | 0 .../applicationgroups/readme.md | 0 .../applicationgroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../hostpools/.parameters/parameters.json | 0 .../hostpools/deploy.bicep | 0 .../hostpools/readme.md | 0 .../hostpools/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../scalingplans/deploy.bicep | 0 .../scalingplans/readme.md | 0 .../scalingplans/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../workspaces/.parameters/parameters.json | 0 .../workspaces/deploy.bicep | 0 .../workspaces/readme.md | 0 .../workspaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/mongodb.parameters.json | 0 .../.parameters/plain.parameters.json | 0 .../.parameters/sqldb.parameters.json | 0 .../databaseAccounts/deploy.bicep | 0 .../mongodbDatabases/collections/deploy.bicep | 0 .../mongodbDatabases/collections/readme.md | 0 .../mongodbDatabases/collections/version.json | 0 .../mongodbDatabases/deploy.bicep | 0 .../mongodbDatabases/readme.md | 0 .../mongodbDatabases/version.json | 0 .../databaseAccounts/readme.md | 0 .../sqlDatabases/containers/deploy.bicep | 0 .../sqlDatabases/containers/readme.md | 0 .../sqlDatabases/containers/version.json | 0 .../sqlDatabases/deploy.bicep | 0 .../databaseAccounts/sqlDatabases/readme.md | 0 .../sqlDatabases/version.json | 0 .../databaseAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../systemTopics/.parameters/parameters.json | 0 .../systemTopics/deploy.bicep | 0 .../systemTopics/readme.md | 0 .../systemTopics/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../topics/.parameters/parameters.json | 0 .../Microsoft.EventGrid/topics/deploy.bicep | 0 .../Microsoft.EventGrid/topics/readme.md | 0 .../Microsoft.EventGrid/topics/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../namespaces/.parameters/parameters.json | 0 .../authorizationRules/deploy.bicep | 0 .../namespaces/authorizationRules/readme.md | 0 .../authorizationRules/version.json | 0 .../namespaces/deploy.bicep | 0 .../disasterRecoveryConfigs/deploy.bicep | 0 .../disasterRecoveryConfigs/readme.md | 0 .../disasterRecoveryConfigs/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../eventhubs/authorizationRules/deploy.bicep | 0 .../eventhubs/authorizationRules/readme.md | 0 .../eventhubs/authorizationRules/version.json | 0 .../eventhubs/consumergroups/deploy.bicep | 0 .../eventhubs/consumergroups/readme.md | 0 .../eventhubs/consumergroups/version.json | 0 .../namespaces/eventhubs/deploy.bicep | 0 .../namespaces/eventhubs/readme.md | 0 .../namespaces/eventhubs/version.json | 0 .../namespaces/networkRuleSets/deploy.bicep | 0 .../namespaces/networkRuleSets/readme.md | 0 .../namespaces/networkRuleSets/version.json | 0 .../Microsoft.EventHub/namespaces/readme.md | 0 .../namespaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../healthBots/.parameters/parameters.json | 0 .../healthBots/deploy.bicep | 0 .../Microsoft.HealthBot/healthBots/readme.md | 0 .../healthBots/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../actionGroups/.parameters/parameters.json | 0 .../actionGroups/deploy.bicep | 0 .../Microsoft.Insights/actionGroups/readme.md | 0 .../actionGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../activityLogAlerts/deploy.bicep | 0 .../activityLogAlerts/readme.md | 0 .../activityLogAlerts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../components/.parameters/parameters.json | 0 .../components/deploy.bicep | 0 .../Microsoft.Insights/components/readme.md | 0 .../components/version.json | 0 .../.parameters/parameters.json | 0 .../diagnosticSettings/deploy.bicep | 0 .../diagnosticSettings/readme.md | 0 .../diagnosticSettings/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../metricAlerts/.parameters/parameters.json | 0 .../metricAlerts/deploy.bicep | 0 .../Microsoft.Insights/metricAlerts/readme.md | 0 .../metricAlerts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../privateLinkScopes/deploy.bicep | 0 .../privateLinkScopes/readme.md | 0 .../scopedResources/deploy.bicep | 0 .../scopedResources/readme.md | 0 .../scopedResources/version.json | 0 .../privateLinkScopes/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../scheduledQueryRules/deploy.bicep | 0 .../scheduledQueryRules/readme.md | 0 .../scheduledQueryRules/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../vaults/.parameters/min.parameters.json | 0 .../vaults/.parameters/parameters.json | 0 .../vaults/accessPolicies/deploy.bicep | 0 .../vaults/accessPolicies/readme.md | 0 .../vaults/accessPolicies/version.json | 0 .../Microsoft.KeyVault/vaults/deploy.bicep | 0 .../keys/.bicep/nested_roleAssignments.bicep | 0 .../vaults/keys/deploy.bicep | 0 .../Microsoft.KeyVault/vaults/keys/readme.md | 0 .../vaults/keys/version.json | 0 .../Microsoft.KeyVault/vaults/readme.md | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../vaults/secrets/deploy.bicep | 0 .../vaults/secrets/readme.md | 0 .../vaults/secrets/version.json | 0 .../Microsoft.KeyVault/vaults/version.json | 0 .../.parameters/min.parameters.json | 0 .../extensions/.parameters/parameters.json | 0 .../extensions/deploy.bicep | 0 .../extensions/readme.md | 0 .../extensions/version.json | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../fluxConfigurations/deploy.bicep | 0 .../fluxConfigurations/readme.md | 0 .../fluxConfigurations/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../workflows/.parameters/parameters.json | 0 .../Microsoft.Logic/workflows/deploy.bicep | 0 .../Microsoft.Logic/workflows/readme.md | 0 .../Microsoft.Logic/workflows/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../workspaces/.parameters/parameters.json | 0 .../workspaces/computes/deploy.bicep | 0 .../workspaces/computes/readme.md | 0 .../workspaces/computes/version.json | 0 .../workspaces/deploy.bicep | 0 .../workspaces/readme.md | 0 .../workspaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../userAssignedIdentities/deploy.bicep | 0 .../userAssignedIdentities/readme.md | 0 .../userAssignedIdentities/version.json | 0 .../nested_registrationAssignment.bicep | 0 .../.parameters/parameters.json | 0 .../.parameters/rg.parameters.json | 0 .../registrationDefinitions/deploy.bicep | 0 .../registrationDefinitions/readme.md | 0 .../registrationDefinitions/version.json | 0 .../.parameters/parameters.json | 0 .../managementGroups/deploy.bicep | 0 .../managementGroups/readme.md | 0 .../managementGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/nfs3.parameters.json | 0 .../.parameters/nfs41.parameters.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../netAppAccounts/capacityPools/deploy.bicep | 0 .../netAppAccounts/capacityPools/readme.md | 0 .../netAppAccounts/capacityPools/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../capacityPools/volumes/deploy.bicep | 0 .../capacityPools/volumes/readme.md | 0 .../capacityPools/volumes/version.json | 0 .../netAppAccounts/deploy.bicep | 0 .../Microsoft.NetApp/netAppAccounts/readme.md | 0 .../netAppAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../applicationGateways/deploy.bicep | 0 .../applicationGateways/readme.md | 0 .../applicationGateways/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../applicationSecurityGroups/deploy.bicep | 0 .../applicationSecurityGroups/readme.md | 0 .../applicationSecurityGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/addpip.parameters.json | 0 .../.parameters/custompip.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../azureFirewalls/deploy.bicep | 0 .../azureFirewalls/readme.md | 0 .../azureFirewalls/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/addpip.parameters.json | 0 .../.parameters/custompip.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../bastionHosts/.parameters/parameters.json | 0 .../bastionHosts/deploy.bicep | 0 .../Microsoft.Network/bastionHosts/readme.md | 0 .../bastionHosts/version.json | 0 .../.parameters/vnet2vnet.parameters.json | 0 .../connections/deploy.bicep | 0 .../Microsoft.Network/connections/readme.md | 0 .../connections/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../ddosProtectionPlans/deploy.bicep | 0 .../ddosProtectionPlans/readme.md | 0 .../ddosProtectionPlans/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../expressRouteCircuits/deploy.bicep | 0 .../expressRouteCircuits/readme.md | 0 .../expressRouteCircuits/version.json | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../firewallPolicies/deploy.bicep | 0 .../firewallPolicies/readme.md | 0 .../ruleCollectionGroups/deploy.bicep | 0 .../ruleCollectionGroups/readme.md | 0 .../ruleCollectionGroups/version.json | 0 .../firewallPolicies/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../frontDoors/.parameters/parameters.json | 0 .../Microsoft.Network/frontDoors/deploy.bicep | 0 .../Microsoft.Network/frontDoors/readme.md | 0 .../Microsoft.Network/frontDoors/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../ipGroups/.parameters/parameters.json | 0 .../Microsoft.Network/ipGroups/deploy.bicep | 0 .../Microsoft.Network/ipGroups/readme.md | 0 .../Microsoft.Network/ipGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/internal.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../loadBalancers/.parameters/parameters.json | 0 .../backendAddressPools/deploy.bicep | 0 .../backendAddressPools/readme.md | 0 .../backendAddressPools/version.json | 0 .../loadBalancers/deploy.bicep | 0 .../inboundNatRules/deploy.bicep | 0 .../loadBalancers/inboundNatRules/readme.md | 0 .../inboundNatRules/version.json | 0 .../Microsoft.Network/loadBalancers/readme.md | 0 .../loadBalancers/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../localNetworkGateways/deploy.bicep | 0 .../localNetworkGateways/readme.md | 0 .../localNetworkGateways/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../natGateways/.parameters/parameters.json | 0 .../natGateways/deploy.bicep | 0 .../Microsoft.Network/natGateways/readme.md | 0 .../natGateways/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../networkInterfaces/deploy.bicep | 0 .../networkInterfaces/readme.md | 0 .../networkInterfaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../networkSecurityGroups/deploy.bicep | 0 .../networkSecurityGroups/readme.md | 0 .../securityRules/deploy.bicep | 0 .../securityRules/readme.md | 0 .../securityRules/version.json | 0 .../networkSecurityGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../connectionMonitors/deploy.bicep | 0 .../connectionMonitors/readme.md | 0 .../connectionMonitors/version.json | 0 .../networkWatchers/deploy.bicep | 0 .../networkWatchers/flowLogs/deploy.bicep | 0 .../networkWatchers/flowLogs/readme.md | 0 .../networkWatchers/flowLogs/version.json | 0 .../networkWatchers/readme.md | 0 .../networkWatchers/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../A/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/A/deploy.bicep | 0 .../privateDnsZones/A/readme.md | 0 .../privateDnsZones/A/version.json | 0 .../AAAA/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/AAAA/deploy.bicep | 0 .../privateDnsZones/AAAA/readme.md | 0 .../privateDnsZones/AAAA/version.json | 0 .../CNAME/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/CNAME/deploy.bicep | 0 .../privateDnsZones/CNAME/readme.md | 0 .../privateDnsZones/CNAME/version.json | 0 .../MX/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/MX/deploy.bicep | 0 .../privateDnsZones/MX/readme.md | 0 .../privateDnsZones/MX/version.json | 0 .../PTR/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/PTR/deploy.bicep | 0 .../privateDnsZones/PTR/readme.md | 0 .../privateDnsZones/PTR/version.json | 0 .../SOA/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/SOA/deploy.bicep | 0 .../privateDnsZones/SOA/readme.md | 0 .../privateDnsZones/SOA/version.json | 0 .../SRV/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/SRV/deploy.bicep | 0 .../privateDnsZones/SRV/readme.md | 0 .../privateDnsZones/SRV/version.json | 0 .../TXT/.bicep/nested_roleAssignments.bicep | 0 .../privateDnsZones/TXT/deploy.bicep | 0 .../privateDnsZones/TXT/readme.md | 0 .../privateDnsZones/TXT/version.json | 0 .../privateDnsZones/deploy.bicep | 0 .../privateDnsZones/readme.md | 0 .../privateDnsZones/version.json | 0 .../virtualNetworkLinks/deploy.bicep | 0 .../virtualNetworkLinks/readme.md | 0 .../virtualNetworkLinks/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../privateEndpoints/deploy.bicep | 0 .../privateDnsZoneGroups/deploy.bicep | 0 .../privateDnsZoneGroups/readme.md | 0 .../privateDnsZoneGroups/version.json | 0 .../privateEndpoints/readme.md | 0 .../privateEndpoints/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../publicIPAddresses/deploy.bicep | 0 .../publicIPAddresses/readme.md | 0 .../publicIPAddresses/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../publicIPPrefixes/deploy.bicep | 0 .../publicIPPrefixes/readme.md | 0 .../publicIPPrefixes/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../routeTables/.parameters/parameters.json | 0 .../routeTables/deploy.bicep | 0 .../Microsoft.Network/routeTables/readme.md | 0 .../routeTables/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../trafficmanagerprofiles/deploy.bicep | 0 .../trafficmanagerprofiles/readme.md | 0 .../trafficmanagerprofiles/version.json | 0 .../.parameters/min.parameters.json | 0 .../virtualHubs/.parameters/parameters.json | 0 .../virtualHubs/deploy.bicep | 0 .../virtualHubs/hubRouteTables/deploy.bicep | 0 .../virtualHubs/hubRouteTables/readme.md | 0 .../virtualHubs/hubRouteTables/version.json | 0 .../hubVirtualNetworkConnections/deploy.bicep | 0 .../hubVirtualNetworkConnections/readme.md | 0 .../hubVirtualNetworkConnections/version.json | 0 .../Microsoft.Network/virtualHubs/readme.md | 0 .../virtualHubs/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/expressRoute.parameters.json | 0 .../.parameters/vpn.parameters.json | 0 .../virtualNetworkGateways/deploy.bicep | 0 .../virtualNetworkGateways/readme.md | 0 .../virtualNetworkGateways/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../.parameters/vnetPeering.parameters.json | 0 .../virtualNetworks/deploy.bicep | 0 .../virtualNetworks/readme.md | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../virtualNetworks/subnets/deploy.bicep | 0 .../virtualNetworks/subnets/readme.md | 0 .../virtualNetworks/subnets/version.json | 0 .../virtualNetworks/version.json | 0 .../virtualNetworkPeerings/deploy.bicep | 0 .../virtualNetworkPeerings/readme.md | 0 .../virtualNetworkPeerings/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../virtualWans/.parameters/parameters.json | 0 .../virtualWans/deploy.bicep | 0 .../Microsoft.Network/virtualWans/readme.md | 0 .../virtualWans/version.json | 0 .../.parameters/min.parameters.json | 0 .../vpnGateways/.parameters/parameters.json | 0 .../vpnGateways/connections/deploy.bicep | 0 .../vpnGateways/connections/readme.md | 0 .../vpnGateways/connections/version.json | 0 .../vpnGateways/deploy.bicep | 0 .../vpnGateways/natRules/deploy.bicep | 0 .../vpnGateways/natRules/readme.md | 0 .../vpnGateways/natRules/version.json | 0 .../Microsoft.Network/vpnGateways/readme.md | 0 .../vpnGateways/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../vpnSites/.parameters/min.parameters.json | 0 .../vpnSites/.parameters/parameters.json | 0 .../Microsoft.Network/vpnSites/deploy.bicep | 0 .../Microsoft.Network/vpnSites/readme.md | 0 .../Microsoft.Network/vpnSites/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../workspaces/.parameters/parameters.json | 0 .../workspaces/dataSources/deploy.bicep | 0 .../workspaces/dataSources/readme.md | 0 .../workspaces/dataSources/version.json | 0 .../workspaces/deploy.bicep | 0 .../workspaces/linkedServices/deploy.bicep | 0 .../workspaces/linkedServices/readme.md | 0 .../workspaces/linkedServices/version.json | 0 .../workspaces/readme.md | 0 .../workspaces/savedSearches/deploy.bicep | 0 .../workspaces/savedSearches/readme.md | 0 .../workspaces/savedSearches/version.json | 0 .../storageInsightConfigs/deploy.bicep | 0 .../storageInsightConfigs/readme.md | 0 .../storageInsightConfigs/version.json | 0 .../workspaces/version.json | 0 .../solutions/.parameters/min.parameters.json | 0 .../solutions/.parameters/ms.parameters.json | 0 .../.parameters/nonms.parameters.json | 0 .../solutions/deploy.bicep | 0 .../solutions/readme.md | 0 .../solutions/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../vaults/.parameters/dr.parameters.json | 0 .../vaults/.parameters/min.parameters.json | 0 .../vaults/.parameters/parameters.json | 0 .../vaults/backupConfig/deploy.bicep | 0 .../vaults/backupConfig/readme.md | 0 .../vaults/backupConfig/version.json | 0 .../vaults/backupPolicies/deploy.bicep | 0 .../vaults/backupPolicies/readme.md | 0 .../vaults/backupPolicies/version.json | 0 .../vaults/backupStorageConfig/deploy.bicep | 0 .../vaults/backupStorageConfig/readme.md | 0 .../vaults/backupStorageConfig/version.json | 0 .../vaults/deploy.bicep | 0 .../vaults/protectionContainers/deploy.bicep | 0 .../protectedItems/deploy.bicep | 0 .../protectedItems/readme.md | 0 .../protectedItems/version.json | 0 .../vaults/protectionContainers/readme.md | 0 .../vaults/protectionContainers/version.json | 0 .../vaults/readme.md | 0 .../vaults/replicationFabrics/deploy.bicep | 0 .../vaults/replicationFabrics/readme.md | 0 .../deploy.bicep | 0 .../replicationProtectionContainers/readme.md | 0 .../deploy.bicep | 0 .../readme.md | 0 .../version.json | 0 .../version.json | 0 .../vaults/replicationFabrics/version.json | 0 .../vaults/replicationPolicies/deploy.bicep | 0 .../vaults/replicationPolicies/readme.md | 0 .../vaults/replicationPolicies/version.json | 0 .../vaults/version.json | 0 .../.parameters/cli.parameters.json | 0 .../.parameters/ps.parameters.json | 0 .../deploymentScripts/deploy.bicep | 0 .../deploymentScripts/readme.md | 0 .../deploymentScripts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../resourceGroups/deploy.bicep | 0 .../resourceGroups/readme.md | 0 .../resourceGroups/version.json | 0 .../tags/.parameters/min.parameters.json | 0 .../tags/.parameters/rg.parameters.json | 0 .../tags/.parameters/sub.parameters.json | 0 .../Microsoft.Resources/tags/deploy.bicep | 0 .../Microsoft.Resources/tags/readme.md | 0 .../tags/resourceGroups/.bicep/readTags.bicep | 0 .../tags/resourceGroups/deploy.bicep | 0 .../tags/resourceGroups/readme.md | 0 .../tags/resourceGroups/version.json | 0 .../tags/subscriptions/.bicep/readTags.bicep | 0 .../tags/subscriptions/deploy.bicep | 0 .../tags/subscriptions/readme.md | 0 .../tags/subscriptions/version.json | 0 .../Microsoft.Resources/tags/version.json | 0 .../.bicep/nested_iotSecuritySolutions.bicep | 0 .../.parameters/parameters.json | 0 .../azureSecurityCenter/deploy.bicep | 0 .../azureSecurityCenter/readme.md | 0 .../azureSecurityCenter/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../namespaces/.parameters/parameters.json | 0 .../authorizationRules/deploy.bicep | 0 .../namespaces/authorizationRules/readme.md | 0 .../authorizationRules/version.json | 0 .../namespaces/deploy.bicep | 0 .../disasterRecoveryConfigs/deploy.bicep | 0 .../disasterRecoveryConfigs/readme.md | 0 .../disasterRecoveryConfigs/version.json | 0 .../namespaces/ipFilterRules/deploy.bicep | 0 .../namespaces/ipFilterRules/readme.md | 0 .../namespaces/ipFilterRules/version.json | 0 .../migrationConfigurations/deploy.bicep | 0 .../migrationConfigurations/readme.md | 0 .../migrationConfigurations/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../queues/authorizationRules/deploy.bicep | 0 .../queues/authorizationRules/readme.md | 0 .../queues/authorizationRules/version.json | 0 .../namespaces/queues/deploy.bicep | 0 .../namespaces/queues/readme.md | 0 .../namespaces/queues/version.json | 0 .../Microsoft.ServiceBus/namespaces/readme.md | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../topics/authorizationRules/deploy.bicep | 0 .../topics/authorizationRules/readme.md | 0 .../topics/authorizationRules/version.json | 0 .../namespaces/topics/deploy.bicep | 0 .../namespaces/topics/readme.md | 0 .../namespaces/topics/version.json | 0 .../namespaces/version.json | 0 .../virtualNetworkRules/deploy.bicep | 0 .../namespaces/virtualNetworkRules/readme.md | 0 .../virtualNetworkRules/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../clusters/.parameters/cert.parameters.json | 0 .../clusters/.parameters/full.parameters.json | 0 .../clusters/.parameters/min.parameters.json | 0 .../clusters/applicationTypes/deploy.bicep | 0 .../clusters/applicationTypes/readme.md | 0 .../clusters/applicationTypes/version.json | 0 .../clusters/deploy.bicep | 0 .../clusters/readme.md | 0 .../clusters/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../administrators/deploy.bicep | 0 .../managedInstances/administrators/readme.md | 0 .../administrators/version.json | 0 .../deploy.bicep | 0 .../backupLongTermRetentionPolicies/readme.md | 0 .../version.json | 0 .../deploy.bicep | 0 .../readme.md | 0 .../version.json | 0 .../managedInstances/databases/deploy.bicep | 0 .../managedInstances/databases/readme.md | 0 .../managedInstances/databases/version.json | 0 .../managedInstances/deploy.bicep | 0 .../encryptionProtector/deploy.bicep | 0 .../encryptionProtector/readme.md | 0 .../encryptionProtector/version.json | 0 .../managedInstances/keys/deploy.bicep | 0 .../managedInstances/keys/readme.md | 0 .../managedInstances/keys/version.json | 0 .../Microsoft.Sql/managedInstances/readme.md | 0 .../securityAlertPolicies/deploy.bicep | 0 .../securityAlertPolicies/readme.md | 0 .../securityAlertPolicies/version.json | 0 .../managedInstances/version.json | 0 .../vulnerabilityAssessments/deploy.bicep | 0 .../vulnerabilityAssessments/readme.md | 0 .../vulnerabilityAssessments/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../servers/.parameters/admin.parameters.json | 0 .../servers/.parameters/parameters.json | 0 .../servers/databases/deploy.bicep | 0 .../Microsoft.Sql/servers/databases/readme.md | 0 .../servers/databases/version.json | 0 .../Microsoft.Sql/servers/deploy.bicep | 0 .../servers/firewallRules/deploy.bicep | 0 .../servers/firewallRules/readme.md | 0 .../servers/firewallRules/version.json | 0 .../Microsoft.Sql/servers/readme.md | 0 .../securityAlertPolicies/deploy.bicep | 0 .../servers/securityAlertPolicies/readme.md | 0 .../securityAlertPolicies/version.json | 0 .../Microsoft.Sql/servers/version.json | 0 .../vulnerabilityAssessments/deploy.bicep | 0 .../vulnerabilityAssessments/readme.md | 0 .../vulnerabilityAssessments/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/encr.parameters.json | 0 .../.parameters/min.parameters.json | 0 .../.parameters/nfs.parameters.json | 0 .../.parameters/parameters.json | 0 .../.parameters/v1.parameters.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../blobServices/containers/deploy.bicep | 0 .../immutabilityPolicies/deploy.bicep | 0 .../containers/immutabilityPolicies/readme.md | 0 .../immutabilityPolicies/version.json | 0 .../blobServices/containers/readme.md | 0 .../blobServices/containers/version.json | 0 .../storageAccounts/blobServices/deploy.bicep | 0 .../storageAccounts/blobServices/readme.md | 0 .../storageAccounts/blobServices/version.json | 0 .../storageAccounts/deploy.bicep | 0 .../storageAccounts/fileServices/deploy.bicep | 0 .../storageAccounts/fileServices/readme.md | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../fileServices/shares/deploy.bicep | 0 .../fileServices/shares/readme.md | 0 .../fileServices/shares/version.json | 0 .../storageAccounts/fileServices/version.json | 0 .../managementPolicies/deploy.bicep | 0 .../managementPolicies/readme.md | 0 .../managementPolicies/version.json | 0 .../queueServices/deploy.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../queueServices/queues/deploy.bicep | 0 .../queueServices/queues/readme.md | 0 .../queueServices/queues/version.json | 0 .../storageAccounts/queueServices/readme.md | 0 .../queueServices/version.json | 0 .../storageAccounts/readme.md | 0 .../tableServices/deploy.bicep | 0 .../storageAccounts/tableServices/readme.md | 0 .../tableServices/tables/deploy.bicep | 0 .../tableServices/tables/readme.md | 0 .../tableServices/tables/version.json | 0 .../tableServices/version.json | 0 .../storageAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../.parameters/parameters.json | 0 .../privateLinkHubs/deploy.bicep | 0 .../privateLinkHubs/readme.md | 0 .../privateLinkHubs/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/parameters.json | 0 .../imageTemplates/deploy.bicep | 0 .../imageTemplates/readme.md | 0 .../imageTemplates/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../connections/.parameters/parameters.json | 0 .../Microsoft.Web/connections/deploy.bicep | 0 .../Microsoft.Web/connections/readme.md | 0 .../Microsoft.Web/connections/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/asev2.parameters.json | 0 .../.parameters/asev3.parameters.json | 0 .../hostingEnvironments/deploy.bicep | 0 .../hostingEnvironments/readme.md | 0 .../hostingEnvironments/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../serverfarms/.parameters/parameters.json | 0 .../Microsoft.Web/serverfarms/deploy.bicep | 0 .../Microsoft.Web/serverfarms/readme.md | 0 .../Microsoft.Web/serverfarms/version.json | 0 .../sites/.bicep/nested_roleAssignments.bicep | 0 .../sites/.parameters/fa.min.parameters.json | 0 .../sites/.parameters/fa.parameters.json | 0 .../sites/.parameters/wa.min.parameters.json | 0 .../sites/.parameters/wa.parameters.json | 0 .../sites/config-appsettings/deploy.bicep | 0 .../sites/config-appsettings/readme.md | 0 .../sites/config-appsettings/version.json | 0 .../sites/config-authsettingsv2/deploy.bicep | 0 .../sites/config-authsettingsv2/readme.md | 0 .../sites/config-authsettingsv2/version.json | 0 .../Microsoft.Web/sites/deploy.bicep | 0 .../Microsoft.Web/sites/readme.md | 0 .../Microsoft.Web/sites/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters/min.parameters.json | 0 .../staticSites/.parameters/parameters.json | 0 .../Microsoft.Web/staticSites/deploy.bicep | 0 .../Microsoft.Web/staticSites/readme.md | 0 .../Microsoft.Web/staticSites/version.json | 0 modules/README.md | 107 ++++++++++ .../resourcePublish/Get-ModulesToPublish.ps1 | 34 +-- .../Publish-ModuleToPrivateBicepRegistry.ps1 | 8 +- .../Publish-ModuleToTemplateSpec.ps1 | 6 +- .../Publish-ModuleToUniversalArtifactFeed.ps1 | 8 +- .../Initialize-DeploymentRemoval.ps1 | 4 +- .../Get-ModuleParameterFiles.ps1 | 2 +- utilities/tools/ConvertTo-ARMTemplate.ps1 | 24 +-- utilities/tools/Get-LinkedLocalModuleList.ps1 | 8 +- utilities/tools/Get-LinkedModuleList.ps1 | 4 +- utilities/tools/Set-ModuleReadMe.ps1 | 6 +- utilities/tools/Set-ReadMeModuleTable.ps1 | 2 +- utilities/tools/Test-ModuleLocally.ps1 | 2 +- .../helper/Get-ModulesAsMarkdownTable.ps1 | 18 +- .../tests/ConvertTo-ARMTemplate.Tests.ps1 | 28 +-- 1270 files changed, 1106 insertions(+), 1143 deletions(-) delete mode 100644 arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep delete mode 100644 arm/README.md rename {arm => modules}/.global/global.module.tests.ps1 (98%) rename {arm => modules}/.global/shared/helper.psm1 (100%) rename {arm => modules}/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.AAD/DomainServices/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.AAD/DomainServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.AAD/DomainServices/readme.md (100%) rename {arm => modules}/Microsoft.AAD/DomainServices/version.json (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/deploy.bicep (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/readme.md (100%) rename {arm => modules}/Microsoft.AnalysisServices/servers/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/.parameters/max.parameters.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apiVersionSets/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apiVersionSets/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/policies/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/policies/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/policies/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/apis/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/authorizationServers/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/authorizationServers/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/backends/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/backends/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/backends/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/caches/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/caches/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/caches/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/identityProviders/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/identityProviders/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/identityProviders/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/namedValues/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/namedValues/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/namedValues/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/policies/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/policies/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/policies/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/portalsettings/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/portalsettings/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/portalsettings/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/apis/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/apis/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/apis/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/groups/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/groups/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/groups/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/products/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/subscriptions/deploy.bicep (100%) rename {arm => modules}/Microsoft.ApiManagement/service/subscriptions/readme.md (100%) rename {arm => modules}/Microsoft.ApiManagement/service/subscriptions/version.json (100%) rename {arm => modules}/Microsoft.ApiManagement/service/version.json (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/deploy.bicep (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/keyValues/version.json (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/readme.md (100%) rename {arm => modules}/Microsoft.AppConfiguration/configurationStores/version.json (100%) rename {arm => modules}/Microsoft.Authorization/locks/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/locks/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/locks/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/locks/resourceGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/locks/resourceGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/locks/resourceGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/locks/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/locks/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/locks/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/locks/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/resourceGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyAssignments/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyDefinitions/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/resourceGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policyExemptions/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/policySetDefinitions/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/resourceGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleAssignments/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/managementGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/readme.md (99%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/subscription/readme.md (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/subscription/version.json (100%) rename {arm => modules}/Microsoft.Authorization/roleDefinitions/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/jobSchedules/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/jobSchedules/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/modules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/modules/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/modules/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/runbooks/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/runbooks/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/schedules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/schedules/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/schedules/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/variables/deploy.bicep (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/variables/readme.md (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/variables/version.json (100%) rename {arm => modules}/Microsoft.Automation/automationAccounts/version.json (100%) rename {arm => modules}/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Batch/batchAccounts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Batch/batchAccounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Batch/batchAccounts/readme.md (100%) rename {arm => modules}/Microsoft.Batch/batchAccounts/version.json (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/readme.md (100%) rename {arm => modules}/Microsoft.CognitiveServices/accounts/version.json (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/readme.md (100%) rename {arm => modules}/Microsoft.Compute/availabilitySets/version.json (100%) rename {arm => modules}/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/diskEncryptionSets/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/diskEncryptionSets/readme.md (100%) rename {arm => modules}/Microsoft.Compute/diskEncryptionSets/version.json (100%) rename {arm => modules}/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/disks/.parameters/image.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/disks/.parameters/import.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/disks/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/disks/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/disks/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/disks/readme.md (100%) rename {arm => modules}/Microsoft.Compute/disks/version.json (100%) rename {arm => modules}/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/galleries/.parameters/images.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/galleries/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/galleries/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/galleries/images/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/galleries/images/readme.md (100%) rename {arm => modules}/Microsoft.Compute/galleries/images/version.json (100%) rename {arm => modules}/Microsoft.Compute/galleries/readme.md (100%) rename {arm => modules}/Microsoft.Compute/galleries/version.json (100%) rename {arm => modules}/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/images/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/images/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/images/readme.md (100%) rename {arm => modules}/Microsoft.Compute/images/version.json (100%) rename {arm => modules}/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Compute/proximityPlacementGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/proximityPlacementGroups/readme.md (100%) rename {arm => modules}/Microsoft.Compute/proximityPlacementGroups/version.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/readme.md (100%) rename {arm => modules}/Microsoft.Compute/virtualMachineScaleSets/version.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/extensions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/extensions/readme.md (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/extensions/version.json (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/readme.md (100%) rename {arm => modules}/Microsoft.Compute/virtualMachines/version.json (100%) rename {arm => modules}/Microsoft.Consumption/budgets/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Consumption/budgets/deploy.bicep (100%) rename {arm => modules}/Microsoft.Consumption/budgets/readme.md (100%) rename {arm => modules}/Microsoft.Consumption/budgets/version.json (100%) rename {arm => modules}/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ContainerInstance/containerGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerInstance/containerGroups/readme.md (100%) rename {arm => modules}/Microsoft.ContainerInstance/containerGroups/version.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/readme.md (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/replications/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/replications/readme.md (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/replications/version.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/version.json (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/webhooks/readme.md (100%) rename {arm => modules}/Microsoft.ContainerRegistry/registries/webhooks/version.json (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/agentPools/readme.md (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/agentPools/version.json (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/deploy.bicep (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/readme.md (100%) rename {arm => modules}/Microsoft.ContainerService/managedClusters/version.json (100%) rename {arm => modules}/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DataFactory/factories/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.DataFactory/factories/deploy.bicep (100%) rename {arm => modules}/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep (100%) rename {arm => modules}/Microsoft.DataFactory/factories/integrationRuntime/readme.md (100%) rename {arm => modules}/Microsoft.DataFactory/factories/integrationRuntime/version.json (100%) rename {arm => modules}/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep (100%) rename {arm => modules}/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md (100%) rename {arm => modules}/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json (100%) rename {arm => modules}/Microsoft.DataFactory/factories/readme.md (100%) rename {arm => modules}/Microsoft.DataFactory/factories/version.json (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/backupPolicies/version.json (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/deploy.bicep (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/readme.md (100%) rename {arm => modules}/Microsoft.DataProtection/backupVaults/version.json (100%) rename {arm => modules}/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Databricks/workspaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Databricks/workspaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.Databricks/workspaces/readme.md (100%) rename {arm => modules}/Microsoft.Databricks/workspaces/version.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/readme.md (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/applicationgroups/version.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/hostpools/deploy.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/hostpools/readme.md (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/hostpools/version.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/scalingplans/readme.md (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/scalingplans/version.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/workspaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/workspaces/readme.md (100%) rename {arm => modules}/Microsoft.DesktopVirtualization/workspaces/version.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/readme.md (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json (100%) rename {arm => modules}/Microsoft.DocumentDB/databaseAccounts/version.json (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/readme.md (100%) rename {arm => modules}/Microsoft.EventGrid/systemTopics/version.json (100%) rename {arm => modules}/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.EventGrid/topics/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.EventGrid/topics/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventGrid/topics/readme.md (100%) rename {arm => modules}/Microsoft.EventGrid/topics/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/authorizationRules/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/authorizationRules/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/eventhubs/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/networkRuleSets/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/networkRuleSets/version.json (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/readme.md (100%) rename {arm => modules}/Microsoft.EventHub/namespaces/version.json (100%) rename {arm => modules}/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.HealthBot/healthBots/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.HealthBot/healthBots/deploy.bicep (100%) rename {arm => modules}/Microsoft.HealthBot/healthBots/readme.md (100%) rename {arm => modules}/Microsoft.HealthBot/healthBots/version.json (100%) rename {arm => modules}/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/actionGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/actionGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/actionGroups/readme.md (100%) rename {arm => modules}/Microsoft.Insights/actionGroups/version.json (100%) rename {arm => modules}/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/activityLogAlerts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/activityLogAlerts/readme.md (100%) rename {arm => modules}/Microsoft.Insights/activityLogAlerts/version.json (100%) rename {arm => modules}/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/components/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/components/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/components/readme.md (100%) rename {arm => modules}/Microsoft.Insights/components/version.json (100%) rename {arm => modules}/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/diagnosticSettings/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/diagnosticSettings/readme.md (100%) rename {arm => modules}/Microsoft.Insights/diagnosticSettings/version.json (100%) rename {arm => modules}/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/metricAlerts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/metricAlerts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/metricAlerts/readme.md (100%) rename {arm => modules}/Microsoft.Insights/metricAlerts/version.json (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/readme.md (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/scopedResources/version.json (100%) rename {arm => modules}/Microsoft.Insights/privateLinkScopes/version.json (100%) rename {arm => modules}/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Insights/scheduledQueryRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Insights/scheduledQueryRules/readme.md (100%) rename {arm => modules}/Microsoft.Insights/scheduledQueryRules/version.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/accessPolicies/readme.md (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/accessPolicies/version.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/deploy.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/keys/deploy.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/keys/readme.md (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/keys/version.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/readme.md (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/secrets/deploy.bicep (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/secrets/readme.md (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/secrets/version.json (100%) rename {arm => modules}/Microsoft.KeyVault/vaults/version.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/extensions/deploy.bicep (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/extensions/readme.md (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/extensions/version.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md (100%) rename {arm => modules}/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json (100%) rename {arm => modules}/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Logic/workflows/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Logic/workflows/deploy.bicep (100%) rename {arm => modules}/Microsoft.Logic/workflows/readme.md (100%) rename {arm => modules}/Microsoft.Logic/workflows/version.json (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/computes/readme.md (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/computes/version.json (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/readme.md (100%) rename {arm => modules}/Microsoft.MachineLearningServices/workspaces/version.json (100%) rename {arm => modules}/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep (100%) rename {arm => modules}/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md (100%) rename {arm => modules}/Microsoft.ManagedIdentity/userAssignedIdentities/version.json (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/readme.md (100%) rename {arm => modules}/Microsoft.ManagedServices/registrationDefinitions/version.json (100%) rename {arm => modules}/Microsoft.Management/managementGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Management/managementGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Management/managementGroups/readme.md (100%) rename {arm => modules}/Microsoft.Management/managementGroups/version.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/version.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/readme.md (100%) rename {arm => modules}/Microsoft.NetApp/netAppAccounts/version.json (100%) rename {arm => modules}/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/applicationGateways/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/applicationGateways/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/applicationGateways/readme.md (100%) rename {arm => modules}/Microsoft.Network/applicationGateways/version.json (100%) rename {arm => modules}/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/applicationSecurityGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/applicationSecurityGroups/readme.md (100%) rename {arm => modules}/Microsoft.Network/applicationSecurityGroups/version.json (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/readme.md (100%) rename {arm => modules}/Microsoft.Network/azureFirewalls/version.json (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/readme.md (100%) rename {arm => modules}/Microsoft.Network/bastionHosts/version.json (100%) rename {arm => modules}/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json (100%) rename {arm => modules}/Microsoft.Network/connections/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/connections/readme.md (100%) rename {arm => modules}/Microsoft.Network/connections/version.json (100%) rename {arm => modules}/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/ddosProtectionPlans/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/ddosProtectionPlans/readme.md (100%) rename {arm => modules}/Microsoft.Network/ddosProtectionPlans/version.json (100%) rename {arm => modules}/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/expressRouteCircuits/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/expressRouteCircuits/readme.md (100%) rename {arm => modules}/Microsoft.Network/expressRouteCircuits/version.json (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json (100%) rename {arm => modules}/Microsoft.Network/firewallPolicies/version.json (100%) rename {arm => modules}/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/frontDoors/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/frontDoors/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/frontDoors/readme.md (100%) rename {arm => modules}/Microsoft.Network/frontDoors/version.json (100%) rename {arm => modules}/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/ipGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/ipGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/ipGroups/readme.md (100%) rename {arm => modules}/Microsoft.Network/ipGroups/version.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/backendAddressPools/readme.md (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/backendAddressPools/version.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/inboundNatRules/readme.md (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/inboundNatRules/version.json (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/readme.md (100%) rename {arm => modules}/Microsoft.Network/loadBalancers/version.json (100%) rename {arm => modules}/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/localNetworkGateways/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/localNetworkGateways/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/localNetworkGateways/readme.md (100%) rename {arm => modules}/Microsoft.Network/localNetworkGateways/version.json (100%) rename {arm => modules}/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/natGateways/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/natGateways/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/natGateways/readme.md (100%) rename {arm => modules}/Microsoft.Network/natGateways/version.json (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkInterfaces/version.json (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/securityRules/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/securityRules/version.json (100%) rename {arm => modules}/Microsoft.Network/networkSecurityGroups/version.json (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/connectionMonitors/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/connectionMonitors/version.json (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/flowLogs/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/flowLogs/version.json (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/readme.md (100%) rename {arm => modules}/Microsoft.Network/networkWatchers/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/A/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/A/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/A/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/AAAA/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/AAAA/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/CNAME/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/CNAME/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/MX/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/MX/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/MX/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/PTR/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/PTR/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/PTR/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SOA/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SOA/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SOA/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SRV/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SRV/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/SRV/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/TXT/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/TXT/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/TXT/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/version.json (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/readme.md (100%) rename {arm => modules}/Microsoft.Network/privateEndpoints/version.json (100%) rename {arm => modules}/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/publicIPAddresses/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/publicIPAddresses/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/publicIPAddresses/readme.md (100%) rename {arm => modules}/Microsoft.Network/publicIPAddresses/version.json (100%) rename {arm => modules}/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/publicIPPrefixes/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/publicIPPrefixes/readme.md (100%) rename {arm => modules}/Microsoft.Network/publicIPPrefixes/version.json (100%) rename {arm => modules}/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/routeTables/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/routeTables/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/routeTables/readme.md (100%) rename {arm => modules}/Microsoft.Network/routeTables/version.json (100%) rename {arm => modules}/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/trafficmanagerprofiles/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/trafficmanagerprofiles/readme.md (100%) rename {arm => modules}/Microsoft.Network/trafficmanagerprofiles/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubRouteTables/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubRouteTables/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualHubs/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualNetworkGateways/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/subnets/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/subnets/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/subnets/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json (100%) rename {arm => modules}/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualWans/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualWans/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/virtualWans/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/virtualWans/readme.md (100%) rename {arm => modules}/Microsoft.Network/virtualWans/version.json (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/connections/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/connections/readme.md (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/connections/version.json (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/natRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/natRules/readme.md (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/natRules/version.json (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/readme.md (100%) rename {arm => modules}/Microsoft.Network/vpnGateways/version.json (100%) rename {arm => modules}/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Network/vpnSites/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Network/vpnSites/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Network/vpnSites/deploy.bicep (100%) rename {arm => modules}/Microsoft.Network/vpnSites/readme.md (100%) rename {arm => modules}/Microsoft.Network/vpnSites/version.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/dataSources/readme.md (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/dataSources/version.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/linkedServices/version.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/readme.md (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/savedSearches/version.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json (100%) rename {arm => modules}/Microsoft.OperationalInsights/workspaces/version.json (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/deploy.bicep (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/readme.md (100%) rename {arm => modules}/Microsoft.OperationsManagement/solutions/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupConfig/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupConfig/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupPolicies/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/protectionContainers/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json (100%) rename {arm => modules}/Microsoft.RecoveryServices/vaults/version.json (100%) rename {arm => modules}/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json (100%) rename {arm => modules}/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json (100%) rename {arm => modules}/Microsoft.Resources/deploymentScripts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Resources/deploymentScripts/readme.md (100%) rename {arm => modules}/Microsoft.Resources/deploymentScripts/version.json (100%) rename {arm => modules}/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Resources/resourceGroups/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Resources/resourceGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Resources/resourceGroups/readme.md (100%) rename {arm => modules}/Microsoft.Resources/resourceGroups/version.json (100%) rename {arm => modules}/Microsoft.Resources/tags/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Resources/tags/.parameters/rg.parameters.json (100%) rename {arm => modules}/Microsoft.Resources/tags/.parameters/sub.parameters.json (100%) rename {arm => modules}/Microsoft.Resources/tags/deploy.bicep (100%) rename {arm => modules}/Microsoft.Resources/tags/readme.md (100%) rename {arm => modules}/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep (100%) rename {arm => modules}/Microsoft.Resources/tags/resourceGroups/deploy.bicep (100%) rename {arm => modules}/Microsoft.Resources/tags/resourceGroups/readme.md (100%) rename {arm => modules}/Microsoft.Resources/tags/resourceGroups/version.json (100%) rename {arm => modules}/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep (100%) rename {arm => modules}/Microsoft.Resources/tags/subscriptions/deploy.bicep (100%) rename {arm => modules}/Microsoft.Resources/tags/subscriptions/readme.md (100%) rename {arm => modules}/Microsoft.Resources/tags/subscriptions/version.json (100%) rename {arm => modules}/Microsoft.Resources/tags/version.json (100%) rename {arm => modules}/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep (100%) rename {arm => modules}/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Security/azureSecurityCenter/deploy.bicep (100%) rename {arm => modules}/Microsoft.Security/azureSecurityCenter/readme.md (100%) rename {arm => modules}/Microsoft.Security/azureSecurityCenter/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/authorizationRules/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/queues/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/topics/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/version.json (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md (100%) rename {arm => modules}/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/applicationTypes/version.json (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/deploy.bicep (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/readme.md (100%) rename {arm => modules}/Microsoft.ServiceFabric/clusters/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/administrators/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/administrators/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/administrators/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/databases/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/encryptionProtector/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/encryptionProtector/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/keys/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/keys/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/keys/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/version.json (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md (100%) rename {arm => modules}/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json (100%) rename {arm => modules}/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/.parameters/admin.parameters.json (100%) rename {arm => modules}/Microsoft.Sql/servers/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Sql/servers/databases/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/databases/readme.md (100%) rename {arm => modules}/Microsoft.Sql/servers/databases/version.json (100%) rename {arm => modules}/Microsoft.Sql/servers/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/firewallRules/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/firewallRules/readme.md (100%) rename {arm => modules}/Microsoft.Sql/servers/firewallRules/version.json (100%) rename {arm => modules}/Microsoft.Sql/servers/readme.md (100%) rename {arm => modules}/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/securityAlertPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Sql/servers/securityAlertPolicies/version.json (100%) rename {arm => modules}/Microsoft.Sql/servers/version.json (100%) rename {arm => modules}/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep (100%) rename {arm => modules}/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md (100%) rename {arm => modules}/Microsoft.Sql/servers/vulnerabilityAssessments/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/containers/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/blobServices/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/shares/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/fileServices/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/managementPolicies/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/managementPolicies/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/queues/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/queueServices/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/tables/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/tableServices/version.json (100%) rename {arm => modules}/Microsoft.Storage/storageAccounts/version.json (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/deploy.bicep (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/readme.md (100%) rename {arm => modules}/Microsoft.Synapse/privateLinkHubs/version.json (100%) rename {arm => modules}/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep (100%) rename {arm => modules}/Microsoft.VirtualMachineImages/imageTemplates/readme.md (100%) rename {arm => modules}/Microsoft.VirtualMachineImages/imageTemplates/version.json (100%) rename {arm => modules}/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Web/connections/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Web/connections/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/connections/readme.md (100%) rename {arm => modules}/Microsoft.Web/connections/version.json (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/readme.md (100%) rename {arm => modules}/Microsoft.Web/hostingEnvironments/version.json (100%) rename {arm => modules}/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Web/serverfarms/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Web/serverfarms/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/serverfarms/readme.md (100%) rename {arm => modules}/Microsoft.Web/serverfarms/version.json (100%) rename {arm => modules}/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Web/sites/.parameters/fa.min.parameters.json (100%) rename {arm => modules}/Microsoft.Web/sites/.parameters/fa.parameters.json (100%) rename {arm => modules}/Microsoft.Web/sites/.parameters/wa.min.parameters.json (100%) rename {arm => modules}/Microsoft.Web/sites/.parameters/wa.parameters.json (100%) rename {arm => modules}/Microsoft.Web/sites/config-appsettings/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/sites/config-appsettings/readme.md (100%) rename {arm => modules}/Microsoft.Web/sites/config-appsettings/version.json (100%) rename {arm => modules}/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/sites/config-authsettingsv2/readme.md (100%) rename {arm => modules}/Microsoft.Web/sites/config-authsettingsv2/version.json (100%) rename {arm => modules}/Microsoft.Web/sites/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/sites/readme.md (100%) rename {arm => modules}/Microsoft.Web/sites/version.json (100%) rename {arm => modules}/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep (100%) rename {arm => modules}/Microsoft.Web/staticSites/.parameters/min.parameters.json (100%) rename {arm => modules}/Microsoft.Web/staticSites/.parameters/parameters.json (100%) rename {arm => modules}/Microsoft.Web/staticSites/deploy.bicep (100%) rename {arm => modules}/Microsoft.Web/staticSites/readme.md (100%) rename {arm => modules}/Microsoft.Web/staticSites/version.json (100%) create mode 100644 modules/README.md diff --git a/.azuredevops/modulePipelines/ms.aad.domainservices.yml b/.azuredevops/modulePipelines/ms.aad.domainservices.yml index a11e9a9940..5d5aae952c 100644 --- a/.azuredevops/modulePipelines/ms.aad.domainservices.yml +++ b/.azuredevops/modulePipelines/ms.aad.domainservices.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.aad.domainservices.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.AAD/DomainServices/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.AAD/DomainServices/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.AAD/DomainServices' + value: '/modules/Microsoft.AAD/DomainServices' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml index 61c1cf2529..e2352cfa4f 100644 --- a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml +++ b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.analysisservices.servers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.AnalysisServices/servers/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.AnalysisServices/servers/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.AnalysisServices/servers' + value: '/modules/Microsoft.AnalysisServices/servers' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.apimanagement.service.yml b/.azuredevops/modulePipelines/ms.apimanagement.service.yml index c9ce3c1ec4..eb9597d02c 100644 --- a/.azuredevops/modulePipelines/ms.apimanagement.service.yml +++ b/.azuredevops/modulePipelines/ms.apimanagement.service.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.apimanagement.service.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ApiManagement/service/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ApiManagement/service/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ApiManagement/service' + value: '/modules/Microsoft.ApiManagement/service' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml index 71b9c1aaea..0feb981ff2 100644 --- a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml +++ b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.AppConfiguration/configurationStores/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.AppConfiguration/configurationStores/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.AppConfiguration/configurationStores' + value: '/modules/Microsoft.AppConfiguration/configurationStores' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.locks.yml b/.azuredevops/modulePipelines/ms.authorization.locks.yml index 796262ea91..1422b4a4c6 100644 --- a/.azuredevops/modulePipelines/ms.authorization.locks.yml +++ b/.azuredevops/modulePipelines/ms.authorization.locks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.locks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/locks/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/locks/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/locks' + value: '/modules/Microsoft.Authorization/locks' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml index 58909f70ec..c58331ead5 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/policyAssignments/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/policyAssignments/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/policyAssignments' + value: '/modules/Microsoft.Authorization/policyAssignments' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml index d72e85726e..93fd0f469f 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/policyDefinitions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/policyDefinitions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/policyDefinitions' + value: '/modules/Microsoft.Authorization/policyDefinitions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml index bf0ba49d1d..50b00a7f08 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/policyExemptions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/policyExemptions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/policyExemptions' + value: '/modules/Microsoft.Authorization/policyExemptions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml index 075a7d1e98..e4c77a27b4 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/policySetDefinitions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/policySetDefinitions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/policySetDefinitions' + value: '/modules/Microsoft.Authorization/policySetDefinitions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml index eaf576d22e..fb6bba1d74 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/roleAssignments/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/roleAssignments/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/roleAssignments' + value: '/modules/Microsoft.Authorization/roleAssignments' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml index 7d17acf846..3129650057 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Authorization/roleDefinitions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Authorization/roleDefinitions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Authorization/roleDefinitions' + value: '/modules/Microsoft.Authorization/roleDefinitions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml index 712302abd9..f4bc5e919f 100644 --- a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml +++ b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Automation/automationAccounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Automation/automationAccounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Automation/automationAccounts' + value: '/modules/Microsoft.Automation/automationAccounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml index 281f7c72c2..4013ce3b44 100644 --- a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml +++ b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Batch/batchAccounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Batch/batchAccounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Batch/batchAccounts' + value: '/modules/Microsoft.Batch/batchAccounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml index 2630458041..f14fc92495 100644 --- a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml +++ b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.CognitiveServices/accounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.CognitiveServices/accounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.CognitiveServices/accounts' + value: '/modules/Microsoft.CognitiveServices/accounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml index c824e8c9be..edd9663f84 100644 --- a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml +++ b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/availabilitySets/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/availabilitySets/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/availabilitySets' + value: '/modules/Microsoft.Compute/availabilitySets' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml index 7f75460410..414b010e09 100644 --- a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml +++ b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/diskEncryptionSets/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/diskEncryptionSets/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/diskEncryptionSets' + value: '/modules/Microsoft.Compute/diskEncryptionSets' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.disks.yml b/.azuredevops/modulePipelines/ms.compute.disks.yml index 3f9cae557f..0aec061792 100644 --- a/.azuredevops/modulePipelines/ms.compute.disks.yml +++ b/.azuredevops/modulePipelines/ms.compute.disks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.disks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/disks/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/disks/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/disks' + value: '/modules/Microsoft.Compute/disks' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.galleries.yml b/.azuredevops/modulePipelines/ms.compute.galleries.yml index cf84e0fbef..a20b15290c 100644 --- a/.azuredevops/modulePipelines/ms.compute.galleries.yml +++ b/.azuredevops/modulePipelines/ms.compute.galleries.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.galleries.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/galleries/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/galleries/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/galleries' + value: '/modules/Microsoft.Compute/galleries' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.images.yml b/.azuredevops/modulePipelines/ms.compute.images.yml index 834db0a5d7..6209ee2c2c 100644 --- a/.azuredevops/modulePipelines/ms.compute.images.yml +++ b/.azuredevops/modulePipelines/ms.compute.images.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.images.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/images/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/images/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/images' + value: '/modules/Microsoft.Compute/images' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml index c14f444ee2..d1371bccb5 100644 --- a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml +++ b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/proximityPlacementGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/proximityPlacementGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/proximityPlacementGroups' + value: '/modules/Microsoft.Compute/proximityPlacementGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml index 2fc6340f98..4358c822fc 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/virtualMachines/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/virtualMachines/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/virtualMachines' + value: '/modules/Microsoft.Compute/virtualMachines' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml index 70b43e3cc6..22028b3495 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Compute/virtualMachineScaleSets/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Compute/virtualMachineScaleSets/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Compute/virtualMachineScaleSets' + value: '/modules/Microsoft.Compute/virtualMachineScaleSets' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.consumption.budgets.yml b/.azuredevops/modulePipelines/ms.consumption.budgets.yml index ba9e462fa4..1c6a664daf 100644 --- a/.azuredevops/modulePipelines/ms.consumption.budgets.yml +++ b/.azuredevops/modulePipelines/ms.consumption.budgets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.consumption.budgets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Consumption/budgets/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Consumption/budgets/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Consumption/budgets' + value: '/modules/Microsoft.Consumption/budgets' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml index 694b57b52b..855d7dd391 100644 --- a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml +++ b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ContainerInstance/containerGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ContainerInstance/containerGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ContainerInstance/containerGroups' + value: '/modules/Microsoft.ContainerInstance/containerGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml index aca706eb23..7995ba5e46 100644 --- a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml +++ b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerregistry.registries.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ContainerRegistry/registries/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ContainerRegistry/registries/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ContainerRegistry/registries' + value: '/modules/Microsoft.ContainerRegistry/registries' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml index 68d4bc63d7..963ee36755 100644 --- a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml +++ b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ContainerService/managedClusters/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ContainerService/managedClusters/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ContainerService/managedClusters' + value: '/modules/Microsoft.ContainerService/managedClusters' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml index 7ec75b0a9b..5f4c9bf50c 100644 --- a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.databricks.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Databricks/workspaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Databricks/workspaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Databricks/workspaces' + value: '/modules/Microsoft.Databricks/workspaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.datafactory.factories.yml b/.azuredevops/modulePipelines/ms.datafactory.factories.yml index ccfabaf55b..97d4f2f0a6 100644 --- a/.azuredevops/modulePipelines/ms.datafactory.factories.yml +++ b/.azuredevops/modulePipelines/ms.datafactory.factories.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.datafactory.factories.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DataFactory/factories/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DataFactory/factories/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DataFactory/factories' + value: '/modules/Microsoft.DataFactory/factories' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml index 55ba9a7eea..82f6aa3685 100644 --- a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml +++ b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DataProtection/vaults/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DataProtection/vaults/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DataProtection/backupVaults' + value: '/modules/Microsoft.DataProtection/backupVaults' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml index 51d36df82c..7f866f9e57 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DesktopVirtualization/applicationgroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DesktopVirtualization/applicationgroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DesktopVirtualization/applicationgroups' + value: '/modules/Microsoft.DesktopVirtualization/applicationgroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml index 1d1c49a4d2..937f2f72b4 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DesktopVirtualization/hostpools/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DesktopVirtualization/hostpools/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DesktopVirtualization/hostpools' + value: '/modules/Microsoft.DesktopVirtualization/hostpools' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml index d17711a4bc..312bb14859 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DesktopVirtualization/scalingplans/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DesktopVirtualization/scalingplans/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DesktopVirtualization/scalingplans' + value: '/modules/Microsoft.DesktopVirtualization/scalingplans' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml index cfad4bfdc2..36306e9943 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DesktopVirtualization/workspaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DesktopVirtualization/workspaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DesktopVirtualization/workspaces' + value: '/modules/Microsoft.DesktopVirtualization/workspaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml index 4966965b0b..07d69002ee 100644 --- a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml +++ b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.DocumentDB/databaseAccounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.DocumentDB/databaseAccounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.DocumentDB/databaseAccounts' + value: '/modules/Microsoft.DocumentDB/databaseAccounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml index 71a74153cf..a5b5e4c51b 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.EventGrid/systemTopics/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.EventGrid/systemTopics/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.EventGrid/systemTopics' + value: '/modules/Microsoft.EventGrid/systemTopics' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml index 76fbff905a..bce5557c01 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventgrid.topics.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.EventGrid/topics/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.EventGrid/topics/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.EventGrid/topics' + value: '/modules/Microsoft.EventGrid/topics' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml index b3d86604f3..35755a6eab 100644 --- a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.EventHub/namespaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.EventHub/namespaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.EventHub/namespaces' + value: '/modules/Microsoft.EventHub/namespaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml index 8e5078a82a..86e2587c59 100644 --- a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml +++ b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.HealthBot/healthBots/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.HealthBot/healthBots/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.HealthBot/healthBots' + value: '/modules/Microsoft.HealthBot/healthBots' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml index dcecbc2b6a..1d6b367fee 100644 --- a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml +++ b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.actiongroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/actionGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/actionGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/actionGroups' + value: '/modules/Microsoft.Insights/actionGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml index e5de0671d3..0290432eeb 100644 --- a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/activityLogAlerts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/activityLogAlerts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/activityLogAlerts' + value: '/modules/Microsoft.Insights/activityLogAlerts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.components.yml b/.azuredevops/modulePipelines/ms.insights.components.yml index 129e5301e2..2ebf16d0f5 100644 --- a/.azuredevops/modulePipelines/ms.insights.components.yml +++ b/.azuredevops/modulePipelines/ms.insights.components.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.components.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/components/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/components/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/components' + value: '/modules/Microsoft.Insights/components' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml index d1407b082c..68cbcd7a8b 100644 --- a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml +++ b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/diagnosticSettings/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/diagnosticSettings/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/diagnosticSettings' + value: '/modules/Microsoft.Insights/diagnosticSettings' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml index a92a0c44aa..e2c559ed99 100644 --- a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.metricalerts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/metricAlerts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/metricAlerts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/metricAlerts' + value: '/modules/Microsoft.Insights/metricAlerts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml index f2f22672c9..15d793c90a 100644 --- a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml +++ b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/privateLinkScopes/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/privateLinkScopes/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/privateLinkScopes' + value: '/modules/Microsoft.Insights/privateLinkScopes' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml index cf0a3e7e2c..3ec1537e46 100644 --- a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml +++ b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Insights/scheduledQueryRules/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Insights/scheduledQueryRules/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Insights/scheduledQueryRules' + value: '/modules/Microsoft.Insights/scheduledQueryRules' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml index dd9f52090d..39f0e155c1 100644 --- a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml +++ b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.keyvault.vaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.KeyVault/vaults/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.KeyVault/vaults/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.KeyVault/vaults' + value: '/modules/Microsoft.KeyVault/vaults' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml index 6e4a9957b8..7f53c0e67f 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.KubernetesConfiguration/extensions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.KubernetesConfiguration/extensions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.KubernetesConfiguration/extensions' + value: '/modules/Microsoft.KubernetesConfiguration/extensions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml index cc43f6e135..75b300c5b6 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.KubernetesConfiguration/fluxConfigurations' + value: '/modules/Microsoft.KubernetesConfiguration/fluxConfigurations' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.logic.workflows.yml b/.azuredevops/modulePipelines/ms.logic.workflows.yml index 661b4d355c..0935dfc17e 100644 --- a/.azuredevops/modulePipelines/ms.logic.workflows.yml +++ b/.azuredevops/modulePipelines/ms.logic.workflows.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.logic.workflows.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Logic/workflows/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Logic/workflows/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Logic/workflows' + value: '/modules/Microsoft.Logic/workflows' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml index d309cdb975..25d3dff698 100644 --- a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.MachineLearningServices/workspaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.MachineLearningServices/workspaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.MachineLearningServices/workspaces' + value: '/modules/Microsoft.MachineLearningServices/workspaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml index 80121f67e5..1f00c7cfc7 100644 --- a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml +++ b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ManagedIdentity/userAssignedIdentities/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ManagedIdentity/userAssignedIdentities/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ManagedIdentity/userAssignedIdentities' + value: '/modules/Microsoft.ManagedIdentity/userAssignedIdentities' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml index 62fee30f9b..f32c9014d9 100644 --- a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ManagedServices/registrationDefinitions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ManagedServices/registrationDefinitions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ManagedServices/registrationDefinitions' + value: '/modules/Microsoft.ManagedServices/registrationDefinitions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.management.managementgroups.yml b/.azuredevops/modulePipelines/ms.management.managementgroups.yml index 308ff44dc5..2b6835ee2b 100644 --- a/.azuredevops/modulePipelines/ms.management.managementgroups.yml +++ b/.azuredevops/modulePipelines/ms.management.managementgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.management.managementgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Management/managementGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Management/managementGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Management/managementGroups' + value: '/modules/Microsoft.Management/managementGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml index 2b161f504d..51301ce92e 100644 --- a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml +++ b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.NetApp/netAppAccounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.NetApp/netAppAccounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.NetApp/netAppAccounts' + value: '/modules/Microsoft.NetApp/netAppAccounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml index 6225a4f68c..94f69382f6 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.applicationgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/applicationGateways/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/applicationGateways/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/applicationGateways' + value: '/modules/Microsoft.Network/applicationGateways' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml index f4e3156552..acd62eae47 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/applicationSecurityGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/applicationSecurityGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/applicationSecurityGroups' + value: '/modules/Microsoft.Network/applicationSecurityGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml index 4a55274d85..2f54d10839 100644 --- a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml +++ b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/azureFirewalls/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/azureFirewalls/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/azureFirewalls' + value: '/modules/Microsoft.Network/azureFirewalls' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml index a456581930..ffdb3bcbd4 100644 --- a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml +++ b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.bastionhosts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/bastionHosts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/bastionHosts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/bastionHosts' + value: '/modules/Microsoft.Network/bastionHosts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.connections.yml b/.azuredevops/modulePipelines/ms.network.connections.yml index 2111b74e77..fb94033d50 100644 --- a/.azuredevops/modulePipelines/ms.network.connections.yml +++ b/.azuredevops/modulePipelines/ms.network.connections.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.connections.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/connections/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/connections/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/connections' + value: '/modules/Microsoft.Network/connections' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml index 0f63e495bc..0e31c7a082 100644 --- a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml +++ b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/ddosProtectionPlans/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/ddosProtectionPlans/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/ddosProtectionPlans' + value: '/modules/Microsoft.Network/ddosProtectionPlans' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml index 1fc686d50f..8cf0e657b8 100644 --- a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml +++ b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/expressRouteCircuits/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/expressRouteCircuits/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/expressRouteCircuits' + value: '/modules/Microsoft.Network/expressRouteCircuits' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index 69a52d6e60..d0628548a1 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/firewallpolicies/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/firewallpolicies/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/firewallpolicies' + value: '/modules/Microsoft.Network/firewallpolicies' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.frontdoors.yml b/.azuredevops/modulePipelines/ms.network.frontdoors.yml index 6ef0c447e5..60ec3ae34b 100644 --- a/.azuredevops/modulePipelines/ms.network.frontdoors.yml +++ b/.azuredevops/modulePipelines/ms.network.frontdoors.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.frontdoors.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/frontDoors/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/frontDoors/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/frontDoors' + value: '/modules/Microsoft.Network/frontDoors' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.ipgroups.yml b/.azuredevops/modulePipelines/ms.network.ipgroups.yml index 2cebe6016a..68741237c9 100644 --- a/.azuredevops/modulePipelines/ms.network.ipgroups.yml +++ b/.azuredevops/modulePipelines/ms.network.ipgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.ipgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/ipGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/ipGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/ipGroups' + value: '/modules/Microsoft.Network/ipGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml index 1ab86396d9..79a642a9a2 100644 --- a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml +++ b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.loadbalancers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/loadBalancers/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/loadBalancers/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/loadBalancers' + value: '/modules/Microsoft.Network/loadBalancers' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml index 74c7f3f7bd..0ee1e4d5dc 100644 --- a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/localNetworkGateways/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/localNetworkGateways/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/localNetworkGateways' + value: '/modules/Microsoft.Network/localNetworkGateways' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.natgateways.yml b/.azuredevops/modulePipelines/ms.network.natgateways.yml index 036aebbf69..c8c54a6b23 100644 --- a/.azuredevops/modulePipelines/ms.network.natgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.natgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.natgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/natGateways/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/natGateways/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/natGateways' + value: '/modules/Microsoft.Network/natGateways' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml index ce5051d2f2..774230b786 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/networkInterfaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/networkInterfaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/networkInterfaces' + value: '/modules/Microsoft.Network/networkInterfaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml index 97508a03c9..508abc9800 100644 --- a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/networkSecurityGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/networkSecurityGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/networkSecurityGroups' + value: '/modules/Microsoft.Network/networkSecurityGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml index e18f04f34c..70dbbd7165 100644 --- a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml +++ b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networkwatchers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/networkWatchers/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/networkWatchers/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/networkWatchers' + value: '/modules/Microsoft.Network/networkWatchers' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.privatednszones.yml b/.azuredevops/modulePipelines/ms.network.privatednszones.yml index 9b152568fb..fbdae8dbbe 100644 --- a/.azuredevops/modulePipelines/ms.network.privatednszones.yml +++ b/.azuredevops/modulePipelines/ms.network.privatednszones.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.privatednszones.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/privateDnsZones/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/privateDnsZones/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/privateDnsZones' + value: '/modules/Microsoft.Network/privateDnsZones' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml index fd9b955ead..08c0110f53 100644 --- a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml +++ b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.privateendpoints.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/privateEndpoints/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/privateEndpoints/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/privateEndpoints' + value: '/modules/Microsoft.Network/privateEndpoints' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml index 2bf7ddc62e..8162834d2c 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/publicIPAddresses/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/publicIPAddresses/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/publicIPAddresses' + value: '/modules/Microsoft.Network/publicIPAddresses' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml index 4b779ece81..0f4ac763e0 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/publicIPPrefixes/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/publicIPPrefixes/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/publicIPPrefixes' + value: '/modules/Microsoft.Network/publicIPPrefixes' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.routetables.yml b/.azuredevops/modulePipelines/ms.network.routetables.yml index 1aac7ed90d..3e7285e19b 100644 --- a/.azuredevops/modulePipelines/ms.network.routetables.yml +++ b/.azuredevops/modulePipelines/ms.network.routetables.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.routetables.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/routeTables/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/routeTables/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/routeTables' + value: '/modules/Microsoft.Network/routeTables' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml index 45d8db3d5a..e3d4a02456 100644 --- a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml +++ b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/trafficmanagerprofiles/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/trafficmanagerprofiles/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/trafficmanagerprofiles' + value: '/modules/Microsoft.Network/trafficmanagerprofiles' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml index c117fae374..ff44ffc9cb 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualhubs.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/virtualHubs/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/virtualHubs/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/virtualHubs' + value: '/modules/Microsoft.Network/virtualHubs' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml index 51a9c6a5a6..f83662a85b 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/virtualNetworkGateways/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/virtualNetworkGateways/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/virtualNetworkGateways' + value: '/modules/Microsoft.Network/virtualNetworkGateways' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml index 8d1ae7e5dc..3afcc78e93 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/virtualNetworks/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/virtualNetworks/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/virtualNetworks' + value: '/modules/Microsoft.Network/virtualNetworks' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.virtualwans.yml b/.azuredevops/modulePipelines/ms.network.virtualwans.yml index b507e19983..2f2aa5d2ab 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualwans.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualwans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualwans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/virtualWans/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/virtualWans/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/virtualWans' + value: '/modules/Microsoft.Network/virtualWans' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.vpngateways.yml b/.azuredevops/modulePipelines/ms.network.vpngateways.yml index cc2d3f9c8b..5375efbf13 100644 --- a/.azuredevops/modulePipelines/ms.network.vpngateways.yml +++ b/.azuredevops/modulePipelines/ms.network.vpngateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.vpngateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/vpnGateways/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/vpnGateways/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/vpnGateways' + value: '/modules/Microsoft.Network/vpnGateways' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.network.vpnsites.yml b/.azuredevops/modulePipelines/ms.network.vpnsites.yml index 2c9be39166..1671947a58 100644 --- a/.azuredevops/modulePipelines/ms.network.vpnsites.yml +++ b/.azuredevops/modulePipelines/ms.network.vpnsites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.vpnsites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Network/vpnSites/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Network/vpnSites/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Network/vpnSites' + value: '/modules/Microsoft.Network/vpnSites' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml index daf7fc3728..8b4b67de7d 100644 --- a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.OperationalInsights/workspaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.OperationalInsights/workspaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.OperationalInsights/workspaces' + value: '/modules/Microsoft.OperationalInsights/workspaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index 483f0184d5..ba8cdae0b1 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.OperationsManagement/solutions/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.OperationsManagement/solutions/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.OperationsManagement/solutions' + value: '/modules/Microsoft.OperationsManagement/solutions' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml index bc65e9622b..cba2c234be 100644 --- a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml +++ b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.RecoveryServices/vaults/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.RecoveryServices/vaults/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.RecoveryServices/vaults' + value: '/modules/Microsoft.RecoveryServices/vaults' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml index cd826e0c27..d22921db65 100644 --- a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml +++ b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Resources/deploymentScripts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Resources/deploymentScripts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Resources/deploymentScripts' + value: '/modules/Microsoft.Resources/deploymentScripts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml index 9bde0ab4fc..d9dda35a3c 100644 --- a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml +++ b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Resources/resourceGroups/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Resources/resourceGroups/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Resources/resourceGroups' + value: '/modules/Microsoft.Resources/resourceGroups' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.resources.tags.yml b/.azuredevops/modulePipelines/ms.resources.tags.yml index d0fe3f9404..2a63417b98 100644 --- a/.azuredevops/modulePipelines/ms.resources.tags.yml +++ b/.azuredevops/modulePipelines/ms.resources.tags.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.tags.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Resources/tags/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Resources/tags/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Resources/tags' + value: '/modules/Microsoft.Resources/tags' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml index a08f557ef1..ab25a3a0d5 100644 --- a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml +++ b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Security/azureSecurityCenter/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Security/azureSecurityCenter/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Security/azureSecurityCenter' + value: '/modules/Microsoft.Security/azureSecurityCenter' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml index d555a10dde..8f7a938e6b 100644 --- a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.ServiceBus/namespaces/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ServiceBus/namespaces/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ServiceBus/namespaces' + value: '/modules/Microsoft.ServiceBus/namespaces' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml index 34031c7247..45f197e830 100644 --- a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml +++ b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/Microsoft.ServiceFabric/clusters/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.ServiceFabric/clusters/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.ServiceFabric/clusters' + value: '/modules/Microsoft.ServiceFabric/clusters' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml index 2a063183c0..8d238daff1 100644 --- a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml +++ b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.sql.managedinstances.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Sql/managedInstances/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Sql/managedInstances/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Sql/managedInstances' + value: '/modules/Microsoft.Sql/managedInstances' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.sql.servers.yml b/.azuredevops/modulePipelines/ms.sql.servers.yml index c644d3a1df..ed0125f637 100644 --- a/.azuredevops/modulePipelines/ms.sql.servers.yml +++ b/.azuredevops/modulePipelines/ms.sql.servers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.sql.servers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Sql/servers/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Sql/servers/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Sql/servers' + value: '/modules/Microsoft.Sql/servers' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml index 51f381d312..5b4e07ed3b 100644 --- a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml +++ b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Storage/storageAccounts/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Storage/storageAccounts/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Storage/storageAccounts' + value: '/modules/Microsoft.Storage/storageAccounts' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml index e34d190ed5..246865319c 100644 --- a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml +++ b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Synapse/privateLinkHubs/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Synapse/privateLinkHubs/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Synapse/privateLinkHubs' + value: '/modules/Microsoft.Synapse/privateLinkHubs' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml index 525c02e6fb..818ab369d5 100644 --- a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml +++ b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.VirtualMachineImages/imageTemplates/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.VirtualMachineImages/imageTemplates/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.VirtualMachineImages/imageTemplates' + value: '/modules/Microsoft.VirtualMachineImages/imageTemplates' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.web.connections.yml b/.azuredevops/modulePipelines/ms.web.connections.yml index 9abaa4136d..ffba362d13 100644 --- a/.azuredevops/modulePipelines/ms.web.connections.yml +++ b/.azuredevops/modulePipelines/ms.web.connections.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.connections.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Web/connections/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Web/connections/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Web/connections' + value: '/modules/Microsoft.Web/connections' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml index fc2abe59b5..1cdbca5b71 100644 --- a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml +++ b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Web/hostingEnvironments/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Web/hostingEnvironments/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Web/hostingEnvironments' + value: '/modules/Microsoft.Web/hostingEnvironments' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.web.serverfarms.yml b/.azuredevops/modulePipelines/ms.web.serverfarms.yml index 285b2ce94b..4288d2a1e3 100644 --- a/.azuredevops/modulePipelines/ms.web.serverfarms.yml +++ b/.azuredevops/modulePipelines/ms.web.serverfarms.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.serverfarms.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Web/serverfarms/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Web/serverfarms/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Web/serverfarms' + value: '/modules/Microsoft.Web/serverfarms' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.web.sites.yml b/.azuredevops/modulePipelines/ms.web.sites.yml index 2c7584cd63..28173a7c34 100644 --- a/.azuredevops/modulePipelines/ms.web.sites.yml +++ b/.azuredevops/modulePipelines/ms.web.sites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.sites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Web/sites/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Web/sites/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Web/sites' + value: '/modules/Microsoft.Web/sites' stages: - stage: Validation diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml index 7784a2ce12..23fed47790 100644 --- a/.azuredevops/modulePipelines/ms.web.staticsites.yml +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.staticsites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/arm/Microsoft.Web/staticSites/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/Microsoft.Web/staticSites/*' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Web/staticSites' + value: '/modules/Microsoft.Web/staticSites' stages: - stage: Validation diff --git a/.azuredevops/pipelineTemplates/jobs.publishModule.yml b/.azuredevops/pipelineTemplates/jobs.publishModule.yml index 622e05a8e5..f22e1761c3 100644 --- a/.azuredevops/pipelineTemplates/jobs.publishModule.yml +++ b/.azuredevops/pipelineTemplates/jobs.publishModule.yml @@ -176,7 +176,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -235,7 +235,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -295,7 +295,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ diff --git a/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml b/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml index 9e2870a142..8e36f369d8 100644 --- a/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml +++ b/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml @@ -2,7 +2,7 @@ ## VALIDATION PIPELINE ## ######################################################### ## -## This pipeline template contains the logic to validate a given module's ARM template using the provided parameter file(s) +## This pipeline template contains the logic to validate a given module using the provided parameter file(s) ## ## Enabled levels of validation ## - Resource-Group-Level @@ -30,8 +30,8 @@ ## | defaultJobTimeoutInMinutes | 120 | The timeout for the job in this pipeline | 120 | ## | checkoutRepositories | '' | An optional list of repositories to check out at the beginning of this job in addition to the source | 'Components' | ## | modulePath | '$(modulePath)' | The path to the module to deploy. E.g. [c:/KeyVault] | 'c:/KeyVault' | -## | location | '$(location)' | The location to validate with | 'France Central' | -## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to validate into. Required only for Resource-Group-Level validations | 'validation-rg' | +## | location | '$(location)' | The location to validate with | 'France Central' | +## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to validate into. Required only for Resource-Group-Level validations | 'validation-rg' | ## | subscriptionId | '$(ARM_SUBSCRIPTION_ID)' | The id of the subscription to validate with when using a Management group service connection | 'aed7c000-6387-412e-bed0-24dfddf4bbc6' | ## | managementGroupId | '$(ARM_MGMTGROUP_ID)' | The id of the management group to validate with. Required only for Management-Group-Level validations | '477c9620-cb01-454f-9ebc-fc6b1df48c14' | ## | parametersRepository | '$(Build.Repository.Name)' | The respository with the parameter files. Defaults to the triggering repository | 'Solutions' | @@ -164,14 +164,14 @@ jobs: # --------------------- # Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path (Join-Path '$(moduleRepoRoot)' 'arm' '.global' 'global.module.tests.ps1') -Data @{ + Container = New-PesterContainer -Path (Join-Path '$(moduleRepoRoot)' 'modules' '.global' 'global.module.tests.ps1') -Data @{ moduleFolderPaths = $moduleFolderPaths enforcedTokenList = $enforcedTokenList } } TestResult = @{ TestSuiteName = 'Global Module Tests' - OutputPath = 'arm/.global/global-testResults.xml' + OutputPath = 'modules/.global/global-testResults.xml' OutputFormat = 'NUnitXml' Enabled = $true } @@ -188,6 +188,6 @@ jobs: testResultsFormat: NUnit testResultsFiles: global-testResults.xml failTaskOnFailedTests: true - searchFolder: 'arm/.global' + searchFolder: 'modules/.global' continueOnError: false condition: succeededOrFailed() diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index 33013e95ea..dc97836ddc 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -30,7 +30,7 @@ variables: - name: dependencyPath value: 'utilities/pipelines/dependencies' - name: modulesPath - value: 'arm' + value: 'modules' - name: defaultResourceGroupName value: 'validation-rg' diff --git a/.azuredevops/platformPipelines/platform.updateReadMe.yml b/.azuredevops/platformPipelines/platform.updateReadMe.yml index d2eb068bf0..928e74bbd2 100644 --- a/.azuredevops/platformPipelines/platform.updateReadMe.yml +++ b/.azuredevops/platformPipelines/platform.updateReadMe.yml @@ -9,8 +9,8 @@ trigger: - main paths: include: - - 'arm/**/deploy.bicep' - - 'arm/**/deploy.json' + - 'modules/**/deploy.bicep' + - 'modules/**/deploy.json' variables: - template: '../../global.variables.yml' @@ -39,7 +39,7 @@ jobs: . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'tools' 'Set-ReadMeModuleTable.ps1') $functionInput = @{ - ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm' + ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules' FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'README.md' Organization = '$(System.CollectionUri)'.Split('/')[3] RepositoryName = '$(Build.Repository.Name)' @@ -63,8 +63,8 @@ jobs: . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'tools' 'Set-ReadMeModuleTable.ps1') $functionInput = @{ - ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm' - FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm/README.md' + ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules' + FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules/README.md' Organization = '$(System.CollectionUri)'.Split('/')[3] RepositoryName = '$(Build.Repository.Name)' ColumnsInOrder = @('Name', 'ProviderNamespace','ResourceType') diff --git a/.github/actions/templates/publishModule/action.yml b/.github/actions/templates/publishModule/action.yml index cb3a327922..c88cdfcd03 100644 --- a/.github/actions/templates/publishModule/action.yml +++ b/.github/actions/templates/publishModule/action.yml @@ -12,19 +12,19 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |=======================================================================================================================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |--------------------------|----------|---------|--------------------------------------------------------------------------------------------------|----------------------------------------------------| -## | templateFilePath | true | '' | The path to the template file to publish | 'arm/Microsoft.ApiManagement/service/deploy.bicep' | -## | templateSpecsRgName | false | '' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'artifacts-rg' | -## | templateSpecsRgLocation | false | '' | Required to publish to template spec. Location of the template spec resource group | 'WestEurope' | -## | templateSpecsDescription | false | '' | Required to publish to template spec. Description of the template spec to publish to | 'This is an API-Management service template' | -## | templateSpecsDoPublish | false | 'false' | Flag to indicate whether or not to publish to template specs | 'true' | -## | bicepRegistryName | false | '' | Required to publish to private bicep registry. Name of the container registry to publish to | 'myacr' | -## | bicepRegistryRgName | false | '' | Required to publish to private bicep registry. Name of the container registry resource group | 'artifacts-rg' | -## | bicepRegistryRgLocation | false | '' | Required to publish to private bicep registry. Location of the container registry resource group | 'WestEurope' | -## | bicepRegistryDoPublish | false | 'false' | Flag to indicate whether or not to publish to the private bicep registry | 'true' | -## |=======================================================================================================================================================================================================| +## |===========================================================================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |--------------------------|----------|---------|--------------------------------------------------------------------------------------------------|--------------------------------------------------------| +## | templateFilePath | true | '' | The path to the template file to publish | 'modules/Microsoft.ApiManagement/service/deploy.bicep' | +## | templateSpecsRgName | false | '' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'artifacts-rg' | +## | templateSpecsRgLocation | false | '' | Required to publish to template spec. Location of the template spec resource group | 'WestEurope' | +## | templateSpecsDescription | false | '' | Required to publish to template spec. Description of the template spec to publish to | 'This is an API-Management service template' | +## | templateSpecsDoPublish | false | 'false' | Flag to indicate whether or not to publish to template specs | 'true' | +## | bicepRegistryName | false | '' | Required to publish to private bicep registry. Name of the container registry to publish to | 'myacr' | +## | bicepRegistryRgName | false | '' | Required to publish to private bicep registry. Name of the container registry resource group | 'artifacts-rg' | +## | bicepRegistryRgLocation | false | '' | Required to publish to private bicep registry. Location of the container registry resource group | 'WestEurope' | +## | bicepRegistryDoPublish | false | 'false' | Flag to indicate whether or not to publish to the private bicep registry | 'true' | +## |===========================================================================================================================================================================================================| ## ##---------------------------------------------## name: 'Publishing' @@ -116,7 +116,7 @@ runs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] Write-Output "::group::$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -160,7 +160,7 @@ runs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] Write-Output "::group::$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ diff --git a/.github/actions/templates/validateModuleDeployment/action.yml b/.github/actions/templates/validateModuleDeployment/action.yml index 7d23efa771..9addde2a80 100644 --- a/.github/actions/templates/validateModuleDeployment/action.yml +++ b/.github/actions/templates/validateModuleDeployment/action.yml @@ -11,18 +11,18 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |============================================================================================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |---------------------------|----------|---------|-------------------------------------------------------|-------------------------------------------------------------------| -## | templateFilePath | true | '' | The path to the template file to use for deployment | 'arm/Microsoft.ApiManagement/service/deploy.bicep' | -## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'arm/Microsoft.ApiManagement/service/.parameters/parameters.json' | -## | location | true | '' | The location to use for deployment | 'WestEurope' | -## | resourceGroupName | false | '' | The resource group to deploy to | 'validation-rg' | -## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## | customParameterFileTokens | false | '' | Additional parameter file token pairs in json format. | '{"tokenName":"tokenValue"}' | -## | removeDeployment | false | 'true' | Set "true" to set module up for removal | 'true' | -## |============================================================================================================================================================================| +## |================================================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |---------------------------|----------|---------|-------------------------------------------------------|-----------------------------------------------------------------------| +## | templateFilePath | true | '' | The path to the template file to use for deployment | 'modules/Microsoft.ApiManagement/service/deploy.bicep' | +## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'modules/Microsoft.ApiManagement/service/.parameters/parameters.json' | +## | location | true | '' | The location to use for deployment | 'WestEurope' | +## | resourceGroupName | false | '' | The resource group to deploy to | 'validation-rg' | +## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | customParameterFileTokens | false | '' | Additional parameter file token pairs in json format. | '{"tokenName":"tokenValue"}' | +## | removeDeployment | false | 'true' | Set "true" to set module up for removal | 'true' | +## |================================================================================================================================================================================| ## ######################################################### ## diff --git a/.github/actions/templates/validateModulePester/action.yml b/.github/actions/templates/validateModulePester/action.yml index 2585707067..957b94643d 100644 --- a/.github/actions/templates/validateModulePester/action.yml +++ b/.github/actions/templates/validateModulePester/action.yml @@ -3,7 +3,7 @@ ######################################################### ## ## This composite action contains the logic to validate a module using a set of Pester tests -## The tests are implemented in file 'arm/.global/global.module.tests.ps1' +## The tests are implemented in file 'modules/.global/global.module.tests.ps1' ## ######################################################### ## @@ -11,11 +11,11 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |===========================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |------------|----------|---------|---------------------------------|---------------------------------------| -## | modulePath | true | '' | The path to the module's folder | 'arm/Microsoft.ApiManagement/service' | -## |===========================================================================================================| +## |===============================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |------------|----------|---------|---------------------------------|-------------------------------------------| +## | modulePath | true | '' | The path to the module's folder | 'modules/Microsoft.ApiManagement/service' | +## |===============================================================================================================| ## ##---------------------------------------------## @@ -95,14 +95,14 @@ runs: # --------------------- # Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path 'arm/.global/global.module.tests.ps1' -Data @{ + Container = New-PesterContainer -Path 'modules/.global/global.module.tests.ps1' -Data @{ moduleFolderPaths = $moduleFolderPaths enforcedTokenList = $enforcedTokenList } } TestResult = @{ TestSuiteName = 'Global Module Tests' - OutputPath = 'arm/.global/global-testResults.xml' + OutputPath = 'modules/.global/global-testResults.xml' OutputFormat = 'JUnitXml' Enabled = $true } @@ -115,4 +115,4 @@ runs: uses: EnricoMi/publish-unit-test-result-action@v1 if: always() with: - files: 'arm/.global/*-testResults.xml' + files: 'modules/.global/*-testResults.xml' diff --git a/.github/workflows/ms.aad.domainservices.yml b/.github/workflows/ms.aad.domainservices.yml index 229590b5e4..9c7dc030c4 100644 --- a/.github/workflows/ms.aad.domainservices.yml +++ b/.github/workflows/ms.aad.domainservices.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.aad.domainservices.yml' - - 'arm/Microsoft.AAD/DomainServices/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.AAD/DomainServices/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.AAD/DomainServices' + modulePath: 'modules/Microsoft.AAD/DomainServices' workflowPath: '.github/workflows/ms.aad.domainservices.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.analysisservices.servers.yml b/.github/workflows/ms.analysisservices.servers.yml index 4330ec663a..d89e4b0956 100644 --- a/.github/workflows/ms.analysisservices.servers.yml +++ b/.github/workflows/ms.analysisservices.servers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.analysisservices.servers.yml' - - 'arm/Microsoft.AnalysisServices/servers/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.AnalysisServices/servers/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.AnalysisServices/servers' + modulePath: 'modules/Microsoft.AnalysisServices/servers' workflowPath: '.github/workflows/ms.analysisservices.servers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.apimanagement.service.yml b/.github/workflows/ms.apimanagement.service.yml index b3078cda39..b04a8a7374 100644 --- a/.github/workflows/ms.apimanagement.service.yml +++ b/.github/workflows/ms.apimanagement.service.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.apimanagement.service.yml' - - 'arm/Microsoft.ApiManagement/service/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ApiManagement/service/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ApiManagement/service' + modulePath: 'modules/Microsoft.ApiManagement/service' workflowPath: '.github/workflows/ms.apimanagement.service.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.appconfiguration.configurationstores.yml b/.github/workflows/ms.appconfiguration.configurationstores.yml index 2a6e3997f9..73bc29e477 100644 --- a/.github/workflows/ms.appconfiguration.configurationstores.yml +++ b/.github/workflows/ms.appconfiguration.configurationstores.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.appconfiguration.configurationstores.yml' - - 'arm/Microsoft.AppConfiguration/configurationStores/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.AppConfiguration/configurationStores/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.AppConfiguration/configurationStores' + modulePath: 'modules/Microsoft.AppConfiguration/configurationStores' workflowPath: '.github/workflows/ms.appconfiguration.configurationstores.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml index 49c6070b64..53ae10acd3 100644 --- a/.github/workflows/ms.authorization.locks.yml +++ b/.github/workflows/ms.authorization.locks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.locks.yml' - - 'arm/Microsoft.Authorization/locks/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/locks/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/locks' + modulePath: 'modules/Microsoft.Authorization/locks' workflowPath: '.github/workflows/ms.authorization.locks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policyassignments.yml b/.github/workflows/ms.authorization.policyassignments.yml index ebb21af4a3..e1710d9ae2 100644 --- a/.github/workflows/ms.authorization.policyassignments.yml +++ b/.github/workflows/ms.authorization.policyassignments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policyassignments.yml' - - 'arm/Microsoft.Authorization/policyAssignments/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/policyAssignments/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/policyAssignments' + modulePath: 'modules/Microsoft.Authorization/policyAssignments' workflowPath: '.github/workflows/ms.authorization.policyassignments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policydefinitions.yml b/.github/workflows/ms.authorization.policydefinitions.yml index e02a09c206..f3f6b3eee5 100644 --- a/.github/workflows/ms.authorization.policydefinitions.yml +++ b/.github/workflows/ms.authorization.policydefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policydefinitions.yml' - - 'arm/Microsoft.Authorization/policyDefinitions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/policyDefinitions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/policyDefinitions' + modulePath: 'modules/Microsoft.Authorization/policyDefinitions' workflowPath: '.github/workflows/ms.authorization.policydefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policyexemptions.yml b/.github/workflows/ms.authorization.policyexemptions.yml index cbacdd34c7..64d0f4c63e 100644 --- a/.github/workflows/ms.authorization.policyexemptions.yml +++ b/.github/workflows/ms.authorization.policyexemptions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policyexemptions.yml' - - 'arm/Microsoft.Authorization/policyExemptions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/policyExemptions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/policyExemptions' + modulePath: 'modules/Microsoft.Authorization/policyExemptions' workflowPath: '.github/workflows/ms.authorization.policyexemptions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policysetdefinitions.yml b/.github/workflows/ms.authorization.policysetdefinitions.yml index 5fee8e7ebf..38a3a40b79 100644 --- a/.github/workflows/ms.authorization.policysetdefinitions.yml +++ b/.github/workflows/ms.authorization.policysetdefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policysetdefinitions.yml' - - 'arm/Microsoft.Authorization/policySetDefinitions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/policySetDefinitions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/policySetDefinitions' + modulePath: 'modules/Microsoft.Authorization/policySetDefinitions' workflowPath: '.github/workflows/ms.authorization.policysetdefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.roleassignments.yml b/.github/workflows/ms.authorization.roleassignments.yml index e7e8c53828..8d0f8a65c9 100644 --- a/.github/workflows/ms.authorization.roleassignments.yml +++ b/.github/workflows/ms.authorization.roleassignments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.roleassignments.yml' - - 'arm/Microsoft.Authorization/roleAssignments/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/roleAssignments/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/roleAssignments' + modulePath: 'modules/Microsoft.Authorization/roleAssignments' workflowPath: '.github/workflows/ms.authorization.roleassignments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.roledefinitions.yml b/.github/workflows/ms.authorization.roledefinitions.yml index 95a3a5cc1d..dfc4ff4114 100644 --- a/.github/workflows/ms.authorization.roledefinitions.yml +++ b/.github/workflows/ms.authorization.roledefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.roledefinitions.yml' - - 'arm/Microsoft.Authorization/roleDefinitions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Authorization/roleDefinitions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Authorization/roleDefinitions' + modulePath: 'modules/Microsoft.Authorization/roleDefinitions' workflowPath: '.github/workflows/ms.authorization.roledefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.automation.automationaccounts.yml b/.github/workflows/ms.automation.automationaccounts.yml index e2a3cc2bc9..223913b69a 100644 --- a/.github/workflows/ms.automation.automationaccounts.yml +++ b/.github/workflows/ms.automation.automationaccounts.yml @@ -20,15 +20,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.automation.automationaccounts.yml' - - 'arm/Microsoft.Automation/automationAccounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Automation/automationAccounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Automation/automationAccounts' + modulePath: 'modules/Microsoft.Automation/automationAccounts' workflowPath: '.github/workflows/ms.automation.automationaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} diff --git a/.github/workflows/ms.batch.batchaccounts.yml b/.github/workflows/ms.batch.batchaccounts.yml index bdab22a0fb..99438c8f5e 100644 --- a/.github/workflows/ms.batch.batchaccounts.yml +++ b/.github/workflows/ms.batch.batchaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.batch.batchaccounts.yml' - - 'arm/Microsoft.Batch/batchAccounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Batch/batchAccounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Batch/batchAccounts' + modulePath: 'modules/Microsoft.Batch/batchAccounts' workflowPath: '.github/workflows/ms.batch.batchaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.cognitiveservices.accounts.yml b/.github/workflows/ms.cognitiveservices.accounts.yml index f320fd876d..5ea5e69477 100644 --- a/.github/workflows/ms.cognitiveservices.accounts.yml +++ b/.github/workflows/ms.cognitiveservices.accounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.cognitiveservices.accounts.yml' - - 'arm/Microsoft.CognitiveServices/accounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.CognitiveServices/accounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.CognitiveServices/accounts' + modulePath: 'modules/Microsoft.CognitiveServices/accounts' workflowPath: '.github/workflows/ms.cognitiveservices.accounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.availabilitysets.yml b/.github/workflows/ms.compute.availabilitysets.yml index a873271346..24ee9e6810 100644 --- a/.github/workflows/ms.compute.availabilitysets.yml +++ b/.github/workflows/ms.compute.availabilitysets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.availabilitysets.yml' - - 'arm/Microsoft.Compute/availabilitySets/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/availabilitySets/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/availabilitySets' + modulePath: 'modules/Microsoft.Compute/availabilitySets' workflowPath: '.github/workflows/ms.compute.availabilitysets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.diskencryptionsets.yml b/.github/workflows/ms.compute.diskencryptionsets.yml index 4249bc2d92..2ec3d0070a 100644 --- a/.github/workflows/ms.compute.diskencryptionsets.yml +++ b/.github/workflows/ms.compute.diskencryptionsets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.diskencryptionsets.yml' - - 'arm/Microsoft.Compute/diskEncryptionSets/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/diskEncryptionSets/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/diskEncryptionSets' + modulePath: 'modules/Microsoft.Compute/diskEncryptionSets' workflowPath: '.github/workflows/ms.compute.diskencryptionsets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.disks.yml b/.github/workflows/ms.compute.disks.yml index 8495ead6ae..b7e448c3f8 100644 --- a/.github/workflows/ms.compute.disks.yml +++ b/.github/workflows/ms.compute.disks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.disks.yml' - - 'arm/Microsoft.Compute/disks/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/disks/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/disks' + modulePath: 'modules/Microsoft.Compute/disks' workflowPath: '.github/workflows/ms.compute.disks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.galleries.yml b/.github/workflows/ms.compute.galleries.yml index 3e341e0474..d1253419b2 100644 --- a/.github/workflows/ms.compute.galleries.yml +++ b/.github/workflows/ms.compute.galleries.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.galleries.yml' - - 'arm/Microsoft.Compute/galleries/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/galleries/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/galleries' + modulePath: 'modules/Microsoft.Compute/galleries' workflowPath: '.github/workflows/ms.compute.galleries.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml index 1e6aefa800..429badf603 100644 --- a/.github/workflows/ms.compute.images.yml +++ b/.github/workflows/ms.compute.images.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.images.yml' - - 'arm/Microsoft.Compute/images/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/images/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/images' + modulePath: 'modules/Microsoft.Compute/images' workflowPath: '.github/workflows/ms.compute.images.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.proximityplacementgroups.yml b/.github/workflows/ms.compute.proximityplacementgroups.yml index 8dd426e6f6..039369a56c 100644 --- a/.github/workflows/ms.compute.proximityplacementgroups.yml +++ b/.github/workflows/ms.compute.proximityplacementgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.proximityplacementgroups.yml' - - 'arm/Microsoft.Compute/proximityPlacementGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/proximityPlacementGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/proximityPlacementGroups' + modulePath: 'modules/Microsoft.Compute/proximityPlacementGroups' workflowPath: '.github/workflows/ms.compute.proximityplacementgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.virtualmachines.yml b/.github/workflows/ms.compute.virtualmachines.yml index bb336d8917..607ff5ae93 100644 --- a/.github/workflows/ms.compute.virtualmachines.yml +++ b/.github/workflows/ms.compute.virtualmachines.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.virtualmachines.yml' - - 'arm/Microsoft.Compute/virtualMachines/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/virtualMachines/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/virtualMachines' + modulePath: 'modules/Microsoft.Compute/virtualMachines' workflowPath: '.github/workflows/ms.compute.virtualmachines.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.virtualmachinescalesets.yml b/.github/workflows/ms.compute.virtualmachinescalesets.yml index 3cc180a270..7a5bfa94cd 100644 --- a/.github/workflows/ms.compute.virtualmachinescalesets.yml +++ b/.github/workflows/ms.compute.virtualmachinescalesets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.virtualmachinescalesets.yml' - - 'arm/Microsoft.Compute/virtualMachineScaleSets/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Compute/virtualMachineScaleSets/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Compute/virtualMachineScaleSets' + modulePath: 'modules/Microsoft.Compute/virtualMachineScaleSets' workflowPath: '.github/workflows/ms.compute.virtualmachinescalesets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.consumption.budgets.yml b/.github/workflows/ms.consumption.budgets.yml index 1050a427d8..0dcc0234b2 100644 --- a/.github/workflows/ms.consumption.budgets.yml +++ b/.github/workflows/ms.consumption.budgets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.consumption.budgets.yml' - - 'arm/Microsoft.Consumption/budgets/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Consumption/budgets/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Consumption/budgets' + modulePath: 'modules/Microsoft.Consumption/budgets' workflowPath: '.github/workflows/ms.consumption.budgets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerinstance.containergroups.yml b/.github/workflows/ms.containerinstance.containergroups.yml index b742a184d5..ca09181a94 100644 --- a/.github/workflows/ms.containerinstance.containergroups.yml +++ b/.github/workflows/ms.containerinstance.containergroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerinstance.containergroups.yml' - - 'arm/Microsoft.ContainerInstance/containerGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ContainerInstance/containerGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ContainerInstance/containerGroups' + modulePath: 'modules/Microsoft.ContainerInstance/containerGroups' workflowPath: '.github/workflows/ms.containerinstance.containergroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerregistry.registries.yml b/.github/workflows/ms.containerregistry.registries.yml index afbf8879e1..85bc59ab19 100644 --- a/.github/workflows/ms.containerregistry.registries.yml +++ b/.github/workflows/ms.containerregistry.registries.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerregistry.registries.yml' - - 'arm/Microsoft.ContainerRegistry/registries/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ContainerRegistry/registries/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ContainerRegistry/registries' + modulePath: 'modules/Microsoft.ContainerRegistry/registries' workflowPath: '.github/workflows/ms.containerregistry.registries.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerservice.managedclusters.yml b/.github/workflows/ms.containerservice.managedclusters.yml index 2198f54e26..a8ecaa5331 100644 --- a/.github/workflows/ms.containerservice.managedclusters.yml +++ b/.github/workflows/ms.containerservice.managedclusters.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerservice.managedclusters.yml' - - 'arm/Microsoft.ContainerService/managedClusters/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ContainerService/managedClusters/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ContainerService/managedClusters' + modulePath: 'modules/Microsoft.ContainerService/managedClusters' workflowPath: '.github/workflows/ms.containerservice.managedclusters.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.databricks.workspaces.yml b/.github/workflows/ms.databricks.workspaces.yml index b8cbfab40b..74cabd195b 100644 --- a/.github/workflows/ms.databricks.workspaces.yml +++ b/.github/workflows/ms.databricks.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.databricks.workspaces.yml' - - 'arm/Microsoft.Databricks/workspaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Databricks/workspaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Databricks/workspaces' + modulePath: 'modules/Microsoft.Databricks/workspaces' workflowPath: '.github/workflows/ms.databricks.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.datafactory.factories.yml b/.github/workflows/ms.datafactory.factories.yml index 5c29c4ee5d..1ae1fbb5ee 100644 --- a/.github/workflows/ms.datafactory.factories.yml +++ b/.github/workflows/ms.datafactory.factories.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.datafactory.factories.yml' - - 'arm/Microsoft.DataFactory/factories/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DataFactory/factories/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DataFactory/factories' + modulePath: 'modules/Microsoft.DataFactory/factories' workflowPath: '.github/workflows/ms.datafactory.factories.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.dataprotection.backupvaults.yml b/.github/workflows/ms.dataprotection.backupvaults.yml index 58e5749b5e..c56adbc3f1 100644 --- a/.github/workflows/ms.dataprotection.backupvaults.yml +++ b/.github/workflows/ms.dataprotection.backupvaults.yml @@ -1,39 +1,39 @@ -name: "DataProtection: BackupVaults" +name: 'DataProtection: BackupVaults' on: workflow_dispatch: inputs: removeDeployment: type: boolean - description: "Remove deployed module" + description: 'Remove deployed module' required: false default: true prerelease: type: boolean - description: "Publish prerelease module" + description: 'Publish prerelease module' required: false default: false push: branches: - main paths: - - ".github/actions/templates/**" - - ".github/workflows/ms.dataprotection.backupvaults.yml" - - "arm/Microsoft.DataProtection/backupVaults/**" - - "arm/.global/global.module.tests.ps1" - - "!*/**/readme.md" - - "utilities/pipelines/**" - - "!utilities/pipelines/dependencies/**" + - '.github/actions/templates/**' + - '.github/workflows/ms.dataprotection.backupvaults.yml' + - 'modules/Microsoft.DataProtection/backupVaults/**' + - 'modules/.global/global.module.tests.ps1' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' env: - variablesPath: "global.variables.yml" - modulePath: "arm/Microsoft.DataProtection/backupVaults" - workflowPath: ".github/workflows/ms.dataprotection.backupvaults.yml" + variablesPath: 'global.variables.yml' + modulePath: 'modules/Microsoft.DataProtection/backupVaults' + workflowPath: '.github/workflows/ms.dataprotection.backupvaults.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}" - ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}" - ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}" - DEPLOYMENT_SP_ID: "${{ secrets.DEPLOYMENT_SP_ID }}" + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' jobs: ########################### @@ -41,22 +41,22 @@ jobs: ########################### job_initialize_pipeline: runs-on: ubuntu-20.04 - name: "Initialize pipeline" + name: 'Initialize pipeline' steps: - - name: "Checkout" + - name: 'Checkout' uses: actions/checkout@v2 with: fetch-depth: 0 - - name: "Set input parameters to output variables" + - name: 'Set input parameters to output variables' id: get-workflow-param uses: ./.github/actions/templates/getWorkflowInput with: - workflowPath: "${{ env.workflowPath}}" - - name: "Get parameter file paths" + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' id: get-parameter-file-paths uses: ./.github/actions/templates/getParameterFiles with: - modulePath: "${{ env.modulePath }}" + modulePath: '${{ env.modulePath }}' outputs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} @@ -66,23 +66,23 @@ jobs: ######################### job_module_pester_validation: runs-on: ubuntu-20.04 - name: "Static validation" + name: 'Static validation' steps: - - name: "Checkout" + - name: 'Checkout' uses: actions/checkout@v2 with: fetch-depth: 0 - - name: "Run tests" + - name: 'Run tests' uses: ./.github/actions/templates/validateModulePester with: - modulePath: "${{ env.modulePath }}" + modulePath: '${{ env.modulePath }}' ############################# # Deployment validation # ############################# job_module_deploy_validation: runs-on: ubuntu-20.04 - name: "Deployment validation" + name: 'Deployment validation' needs: - job_initialize_pipeline - job_module_pester_validation @@ -91,7 +91,7 @@ jobs: matrix: parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} steps: - - name: "Checkout" + - name: 'Checkout' uses: actions/checkout@v2 with: fetch-depth: 0 @@ -99,28 +99,28 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: "Using parameter file [${{ matrix.parameterFilePaths }}]" + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: "${{ env.modulePath }}/deploy.bicep" - parameterFilePath: "${{ env.modulePath }}/${{ matrix.parameterFilePaths }}" - location: "${{ env.location }}" - resourceGroupName: "${{ env.resourceGroupName }}" - subscriptionId: "${{ secrets.ARM_SUBSCRIPTION_ID }}" - managementGroupId: "${{ secrets.ARM_MGMTGROUP_ID }}" - removeDeployment: "${{ needs.job_initialize_pipeline.outputs.removeDeployment }}" + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' ################## # Publishing # ################## job_publish_module: - name: "Publishing" + name: 'Publishing' if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' runs-on: ubuntu-20.04 needs: - job_module_deploy_validation steps: - - name: "Checkout" + - name: 'Checkout' uses: actions/checkout@v2 with: fetch-depth: 0 @@ -128,15 +128,15 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: "Publishing" + - name: 'Publishing' uses: ./.github/actions/templates/publishModule with: - templateFilePath: "${{ env.modulePath }}/deploy.bicep" - templateSpecsRGName: "${{ env.templateSpecsRGName }}" - templateSpecsRGLocation: "${{ env.templateSpecsRGLocation }}" - templateSpecsDescription: "${{ env.templateSpecsDescription }}" - templateSpecsDoPublish: "${{ env.templateSpecsDoPublish }}" - bicepRegistryName: "${{ env.bicepRegistryName }}" - bicepRegistryRGName: "${{ env.bicepRegistryRGName }}" - bicepRegistryRgLocation: "${{ env.bicepRegistryRgLocation }}" - bicepRegistryDoPublish: "${{ env.bicepRegistryDoPublish }}" \ No newline at end of file + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/.github/workflows/ms.desktopvirtualization.applicationgroups.yml b/.github/workflows/ms.desktopvirtualization.applicationgroups.yml index 33ce312ca1..08233297a9 100644 --- a/.github/workflows/ms.desktopvirtualization.applicationgroups.yml +++ b/.github/workflows/ms.desktopvirtualization.applicationgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.applicationgroups.yml' - - 'arm/Microsoft.DesktopVirtualization/applicationgroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DesktopVirtualization/applicationgroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DesktopVirtualization/applicationgroups' + modulePath: 'modules/Microsoft.DesktopVirtualization/applicationgroups' workflowPath: '.github/workflows/ms.desktopvirtualization.applicationgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.hostpools.yml b/.github/workflows/ms.desktopvirtualization.hostpools.yml index 32848ee2b7..e9467fc5f2 100644 --- a/.github/workflows/ms.desktopvirtualization.hostpools.yml +++ b/.github/workflows/ms.desktopvirtualization.hostpools.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.hostpools.yml' - - 'arm/Microsoft.DesktopVirtualization/hostpools/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DesktopVirtualization/hostpools/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DesktopVirtualization/hostpools' + modulePath: 'modules/Microsoft.DesktopVirtualization/hostpools' workflowPath: '.github/workflows/ms.desktopvirtualization.hostpools.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.scalingplans.yml b/.github/workflows/ms.desktopvirtualization.scalingplans.yml index fab5ecae6b..2be99b6d5c 100644 --- a/.github/workflows/ms.desktopvirtualization.scalingplans.yml +++ b/.github/workflows/ms.desktopvirtualization.scalingplans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.scalingplans.yml' - - 'arm/Microsoft.DesktopVirtualization/scalingplans/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DesktopVirtualization/scalingplans/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DesktopVirtualization/scalingplans' + modulePath: 'modules/Microsoft.DesktopVirtualization/scalingplans' workflowPath: '.github/workflows/ms.desktopvirtualization.scalingplans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.workspaces.yml b/.github/workflows/ms.desktopvirtualization.workspaces.yml index 7cfaa3e7be..c5598aa7af 100644 --- a/.github/workflows/ms.desktopvirtualization.workspaces.yml +++ b/.github/workflows/ms.desktopvirtualization.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.workspaces.yml' - - 'arm/Microsoft.DesktopVirtualization/workspaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DesktopVirtualization/workspaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DesktopVirtualization/workspaces' + modulePath: 'modules/Microsoft.DesktopVirtualization/workspaces' workflowPath: '.github/workflows/ms.desktopvirtualization.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.documentdb.databaseaccounts.yml b/.github/workflows/ms.documentdb.databaseaccounts.yml index c61a97e61d..bf98c479d8 100644 --- a/.github/workflows/ms.documentdb.databaseaccounts.yml +++ b/.github/workflows/ms.documentdb.databaseaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.documentdb.databaseaccounts.yml' - - 'arm/Microsoft.DocumentDB/databaseAccounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.DocumentDB/databaseAccounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.DocumentDB/databaseAccounts' + modulePath: 'modules/Microsoft.DocumentDB/databaseAccounts' workflowPath: '.github/workflows/ms.documentdb.databaseaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventgrid.systemtopics.yml b/.github/workflows/ms.eventgrid.systemtopics.yml index 27a694db1f..f4f5ab3a06 100644 --- a/.github/workflows/ms.eventgrid.systemtopics.yml +++ b/.github/workflows/ms.eventgrid.systemtopics.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventgrid.systemtopics.yml' - - 'arm/Microsoft.EventGrid/systemTopics/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.EventGrid/systemTopics/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.EventGrid/systemTopics' + modulePath: 'modules/Microsoft.EventGrid/systemTopics' workflowPath: '.github/workflows/ms.eventgrid.systemtopics.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventgrid.topics.yml b/.github/workflows/ms.eventgrid.topics.yml index 84cc1e4c19..16a7384c71 100644 --- a/.github/workflows/ms.eventgrid.topics.yml +++ b/.github/workflows/ms.eventgrid.topics.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventgrid.topics.yml' - - 'arm/Microsoft.EventGrid/topics/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.EventGrid/topics/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.EventGrid/topics' + modulePath: 'modules/Microsoft.EventGrid/topics' workflowPath: '.github/workflows/ms.eventgrid.topics.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventhub.namespaces.yml b/.github/workflows/ms.eventhub.namespaces.yml index a7582951bc..1a75f805fe 100644 --- a/.github/workflows/ms.eventhub.namespaces.yml +++ b/.github/workflows/ms.eventhub.namespaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventhub.namespaces.yml' - - 'arm/Microsoft.EventHub/namespaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.EventHub/namespaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.EventHub/namespaces' + modulePath: 'modules/Microsoft.EventHub/namespaces' workflowPath: '.github/workflows/ms.eventhub.namespaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.healthbot.healthbots.yml b/.github/workflows/ms.healthbot.healthbots.yml index 59e4f32200..43530361a9 100644 --- a/.github/workflows/ms.healthbot.healthbots.yml +++ b/.github/workflows/ms.healthbot.healthbots.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.healthbot.healthbots.yml' - - 'arm/Microsoft.HealthBot/healthBots/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.HealthBot/healthBots/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.HealthBot/healthBots' + modulePath: 'modules/Microsoft.HealthBot/healthBots' workflowPath: '.github/workflows/ms.healthbot.healthbots.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.actiongroups.yml b/.github/workflows/ms.insights.actiongroups.yml index b9758fd8aa..d388901c80 100644 --- a/.github/workflows/ms.insights.actiongroups.yml +++ b/.github/workflows/ms.insights.actiongroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.actiongroups.yml' - - 'arm/Microsoft.Insights/actionGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/actionGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/actionGroups' + modulePath: 'modules/Microsoft.Insights/actionGroups' workflowPath: '.github/workflows/ms.insights.actiongroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.activitylogalerts.yml b/.github/workflows/ms.insights.activitylogalerts.yml index 3f1f01f514..97e287c8fd 100644 --- a/.github/workflows/ms.insights.activitylogalerts.yml +++ b/.github/workflows/ms.insights.activitylogalerts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.activitylogalerts.yml' - - 'arm/Microsoft.Insights/activityLogAlerts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/activityLogAlerts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/activityLogAlerts' + modulePath: 'modules/Microsoft.Insights/activityLogAlerts' workflowPath: '.github/workflows/ms.insights.activitylogalerts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.components.yml b/.github/workflows/ms.insights.components.yml index ed559d1c8e..ad8569778e 100644 --- a/.github/workflows/ms.insights.components.yml +++ b/.github/workflows/ms.insights.components.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.components.yml' - - 'arm/Microsoft.Insights/components/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/components/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/components' + modulePath: 'modules/Microsoft.Insights/components' workflowPath: '.github/workflows/ms.insights.components.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.diagnosticsettings.yml b/.github/workflows/ms.insights.diagnosticsettings.yml index b49863642c..556e6d95af 100644 --- a/.github/workflows/ms.insights.diagnosticsettings.yml +++ b/.github/workflows/ms.insights.diagnosticsettings.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.diagnosticsettings.yml' - - 'arm/Microsoft.Insights/diagnosticsettings/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/diagnosticsettings/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/diagnosticSettings' + modulePath: 'modules/Microsoft.Insights/diagnosticSettings' workflowPath: '.github/workflows/ms.insights.diagnosticsettings.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.metricalerts.yml b/.github/workflows/ms.insights.metricalerts.yml index 7f4e64a2b7..c238711b06 100644 --- a/.github/workflows/ms.insights.metricalerts.yml +++ b/.github/workflows/ms.insights.metricalerts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.metricalerts.yml' - - 'arm/Microsoft.Insights/metricAlerts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/metricAlerts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/metricAlerts' + modulePath: 'modules/Microsoft.Insights/metricAlerts' workflowPath: '.github/workflows/ms.insights.metricalerts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.privatelinkscopes.yml b/.github/workflows/ms.insights.privatelinkscopes.yml index 35e362059b..c342b41a94 100644 --- a/.github/workflows/ms.insights.privatelinkscopes.yml +++ b/.github/workflows/ms.insights.privatelinkscopes.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.privatelinkscopes.yml' - - 'arm/Microsoft.Insights/privateLinkScopes/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/privateLinkScopes/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/privateLinkScopes' + modulePath: 'modules/Microsoft.Insights/privateLinkScopes' workflowPath: '.github/workflows/ms.insights.privatelinkscopes.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.scheduledqueryrules.yml b/.github/workflows/ms.insights.scheduledqueryrules.yml index 3ac293149b..f94d3e3fe9 100644 --- a/.github/workflows/ms.insights.scheduledqueryrules.yml +++ b/.github/workflows/ms.insights.scheduledqueryrules.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.scheduledqueryrules.yml' - - 'arm/Microsoft.Insights/scheduledQueryRules/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Insights/scheduledQueryRules/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Insights/scheduledQueryRules' + modulePath: 'modules/Microsoft.Insights/scheduledQueryRules' workflowPath: '.github/workflows/ms.insights.scheduledqueryrules.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index a428a0e48a..1067ceab94 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.keyvault.vaults.yml' - - 'arm/Microsoft.KeyVault/vaults/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.KeyVault/vaults/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.KeyVault/vaults' + modulePath: 'modules/Microsoft.KeyVault/vaults' workflowPath: '.github/workflows/ms.keyvault.vaults.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.kubernetesconfiguration.extensions.yml b/.github/workflows/ms.kubernetesconfiguration.extensions.yml index cb6c3b7664..03163a781c 100644 --- a/.github/workflows/ms.kubernetesconfiguration.extensions.yml +++ b/.github/workflows/ms.kubernetesconfiguration.extensions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.kubernetesconfiguration.extensions.yml' - - 'arm/Microsoft.KubernetesConfiguration/extensions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.KubernetesConfiguration/extensions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.KubernetesConfiguration/extensions' + modulePath: 'modules/Microsoft.KubernetesConfiguration/extensions' workflowPath: '.github/workflows/ms.kubernetesconfiguration.extensions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml index 47ec3b2fc6..9d6e7ae21c 100644 --- a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml' - - 'arm/Microsoft.KubernetesConfiguration/fluxConfigurations/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.KubernetesConfiguration/fluxConfigurations/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.KubernetesConfiguration/fluxConfigurations' + modulePath: 'modules/Microsoft.KubernetesConfiguration/fluxConfigurations' workflowPath: '.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.logic.workflows.yml b/.github/workflows/ms.logic.workflows.yml index 03e09b6410..19a4d65ea3 100644 --- a/.github/workflows/ms.logic.workflows.yml +++ b/.github/workflows/ms.logic.workflows.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.logic.workflows.yml' - - 'arm/Microsoft.Logic/workflows/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Logic/workflows/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Logic/workflows' + modulePath: 'modules/Microsoft.Logic/workflows' workflowPath: '.github/workflows/ms.logic.workflows.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.machinelearningservices.workspaces.yml b/.github/workflows/ms.machinelearningservices.workspaces.yml index aab2efcaeb..5df607c47b 100644 --- a/.github/workflows/ms.machinelearningservices.workspaces.yml +++ b/.github/workflows/ms.machinelearningservices.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.machinelearningservices.workspaces.yml' - - 'arm/Microsoft.MachineLearningServices/workspaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.MachineLearningServices/workspaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.MachineLearningServices/workspaces' + modulePath: 'modules/Microsoft.MachineLearningServices/workspaces' workflowPath: '.github/workflows/ms.machinelearningservices.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.managedidentity.userassignedidentities.yml b/.github/workflows/ms.managedidentity.userassignedidentities.yml index e85f71f65a..d0c233a4c4 100644 --- a/.github/workflows/ms.managedidentity.userassignedidentities.yml +++ b/.github/workflows/ms.managedidentity.userassignedidentities.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.managedidentity.userassignedidentities.yml' - - 'arm/Microsoft.ManagedIdentity/userAssignedIdentities/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ManagedIdentity/userAssignedIdentities/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ManagedIdentity/userAssignedIdentities' + modulePath: 'modules/Microsoft.ManagedIdentity/userAssignedIdentities' workflowPath: '.github/workflows/ms.managedidentity.userassignedidentities.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.managedservices.registrationdefinitions.yml b/.github/workflows/ms.managedservices.registrationdefinitions.yml index 174cdf5a4d..9825845d2a 100644 --- a/.github/workflows/ms.managedservices.registrationdefinitions.yml +++ b/.github/workflows/ms.managedservices.registrationdefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.managedservices.registrationdefinitions.yml' - - 'arm/Microsoft.ManagedServices/registrationDefinitions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ManagedServices/registrationDefinitions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ManagedServices/registrationDefinitions' + modulePath: 'modules/Microsoft.ManagedServices/registrationDefinitions' workflowPath: '.github/workflows/ms.managedservices.registrationdefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.management.managementgroups.yml b/.github/workflows/ms.management.managementgroups.yml index 00860c6205..ff7edf7a55 100644 --- a/.github/workflows/ms.management.managementgroups.yml +++ b/.github/workflows/ms.management.managementgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.management.managementgroups.yml' - - 'arm/Microsoft.Management/managementGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Management/managementGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Management/managementGroups' + modulePath: 'modules/Microsoft.Management/managementGroups' workflowPath: '.github/workflows/ms.management.managementgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.netapp.netappaccounts.yml b/.github/workflows/ms.netapp.netappaccounts.yml index 0aa8dc46b1..0c1aa8555b 100644 --- a/.github/workflows/ms.netapp.netappaccounts.yml +++ b/.github/workflows/ms.netapp.netappaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.netapp.netappaccounts.yml' - - 'arm/Microsoft.NetApp/netAppAccounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.NetApp/netAppAccounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.NetApp/netAppAccounts' + modulePath: 'modules/Microsoft.NetApp/netAppAccounts' workflowPath: '.github/workflows/ms.netapp.netappaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.applicationgateways.yml b/.github/workflows/ms.network.applicationgateways.yml index 4e8aa732e5..930f387bce 100644 --- a/.github/workflows/ms.network.applicationgateways.yml +++ b/.github/workflows/ms.network.applicationgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.applicationgateways.yml' - - 'arm/Microsoft.Network/applicationGateways/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/applicationGateways/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/applicationGateways' + modulePath: 'modules/Microsoft.Network/applicationGateways' workflowPath: '.github/workflows/ms.network.applicationgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.applicationsecuritygroups.yml b/.github/workflows/ms.network.applicationsecuritygroups.yml index a4f3df798d..49f9bb3071 100644 --- a/.github/workflows/ms.network.applicationsecuritygroups.yml +++ b/.github/workflows/ms.network.applicationsecuritygroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.applicationsecuritygroups.yml' - - 'arm/Microsoft.Network/applicationSecurityGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/applicationSecurityGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/applicationSecurityGroups' + modulePath: 'modules/Microsoft.Network/applicationSecurityGroups' workflowPath: '.github/workflows/ms.network.applicationsecuritygroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.azurefirewalls.yml b/.github/workflows/ms.network.azurefirewalls.yml index 93bffd1e5b..2de448b7af 100644 --- a/.github/workflows/ms.network.azurefirewalls.yml +++ b/.github/workflows/ms.network.azurefirewalls.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.azurefirewalls.yml' - - 'arm/Microsoft.Network/azureFirewalls/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/azureFirewalls/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/azureFirewalls' + modulePath: 'modules/Microsoft.Network/azureFirewalls' workflowPath: '.github/workflows/ms.network.azurefirewalls.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.bastionhosts.yml b/.github/workflows/ms.network.bastionhosts.yml index 4737fe021a..7bb3d48b6a 100644 --- a/.github/workflows/ms.network.bastionhosts.yml +++ b/.github/workflows/ms.network.bastionhosts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.bastionhosts.yml' - - 'arm/Microsoft.Network/bastionHosts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/bastionHosts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/bastionHosts' + modulePath: 'modules/Microsoft.Network/bastionHosts' workflowPath: '.github/workflows/ms.network.bastionhosts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.connections.yml b/.github/workflows/ms.network.connections.yml index e37af7123d..76bb4cd9bd 100644 --- a/.github/workflows/ms.network.connections.yml +++ b/.github/workflows/ms.network.connections.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.connections.yml' - - 'arm/Microsoft.Network/connections/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/connections/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/connections' + modulePath: 'modules/Microsoft.Network/connections' workflowPath: '.github/workflows/ms.network.connections.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.ddosprotectionplans.yml b/.github/workflows/ms.network.ddosprotectionplans.yml index 0f83af3940..4582c415a7 100644 --- a/.github/workflows/ms.network.ddosprotectionplans.yml +++ b/.github/workflows/ms.network.ddosprotectionplans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.ddosprotectionplans.yml' - - 'arm/Microsoft.Network/ddosProtectionPlans/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/ddosProtectionPlans/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/ddosProtectionPlans' + modulePath: 'modules/Microsoft.Network/ddosProtectionPlans' workflowPath: '.github/workflows/ms.network.ddosprotectionplans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.expressroutecircuits.yml b/.github/workflows/ms.network.expressroutecircuits.yml index a8bc58510a..4f1d1c87f1 100644 --- a/.github/workflows/ms.network.expressroutecircuits.yml +++ b/.github/workflows/ms.network.expressroutecircuits.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.expressroutecircuits.yml' - - 'arm/Microsoft.Network/expressRouteCircuits/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/expressRouteCircuits/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/expressRouteCircuits' + modulePath: 'modules/Microsoft.Network/expressRouteCircuits' workflowPath: '.github/workflows/ms.network.expressroutecircuits.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.firewallpolicies.yml b/.github/workflows/ms.network.firewallpolicies.yml index 6137b0212f..fab9e32a34 100644 --- a/.github/workflows/ms.network.firewallpolicies.yml +++ b/.github/workflows/ms.network.firewallpolicies.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.firewallpolicies.yml' - - 'arm/Microsoft.Network/firewallPolicies/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/firewallPolicies/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/firewallPolicies' + modulePath: 'modules/Microsoft.Network/firewallPolicies' workflowPath: '.github/workflows/ms.network.firewallpolicies.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.frontdoors.yml b/.github/workflows/ms.network.frontdoors.yml index 5e511cae0b..65d1960ddc 100644 --- a/.github/workflows/ms.network.frontdoors.yml +++ b/.github/workflows/ms.network.frontdoors.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.frontdoors.yml' - - 'arm/Microsoft.Network/frontDoors/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/frontDoors/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/frontDoors' + modulePath: 'modules/Microsoft.Network/frontDoors' workflowPath: '.github/workflows/ms.network.frontdoors.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.ipgroups.yml b/.github/workflows/ms.network.ipgroups.yml index 3a13b6d30b..c2e71a6c59 100644 --- a/.github/workflows/ms.network.ipgroups.yml +++ b/.github/workflows/ms.network.ipgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.ipgroups.yml' - - 'arm/Microsoft.Network/ipGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/ipGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/ipGroups' + modulePath: 'modules/Microsoft.Network/ipGroups' workflowPath: '.github/workflows/ms.network.ipgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.loadbalancers.yml b/.github/workflows/ms.network.loadbalancers.yml index 3d23e74394..6eb3b3acf4 100644 --- a/.github/workflows/ms.network.loadbalancers.yml +++ b/.github/workflows/ms.network.loadbalancers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.loadbalancers.yml' - - 'arm/Microsoft.Network/loadBalancers/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/loadBalancers/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/loadBalancers' + modulePath: 'modules/Microsoft.Network/loadBalancers' workflowPath: '.github/workflows/ms.network.loadbalancers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.localnetworkgateways.yml b/.github/workflows/ms.network.localnetworkgateways.yml index be05683a4b..704d6dc29c 100644 --- a/.github/workflows/ms.network.localnetworkgateways.yml +++ b/.github/workflows/ms.network.localnetworkgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.localnetworkgateways.yml' - - 'arm/Microsoft.Network/localNetworkGateways/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/localNetworkGateways/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/localNetworkGateways' + modulePath: 'modules/Microsoft.Network/localNetworkGateways' workflowPath: '.github/workflows/ms.network.localnetworkgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.natgateways.yml b/.github/workflows/ms.network.natgateways.yml index ebdd539815..fd3b0b0f4c 100644 --- a/.github/workflows/ms.network.natgateways.yml +++ b/.github/workflows/ms.network.natgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.natgateways.yml' - - 'arm/Microsoft.Network/natGateways/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/natGateways/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/natGateways' + modulePath: 'modules/Microsoft.Network/natGateways' workflowPath: '.github/workflows/ms.network.natgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networkinterfaces.yml b/.github/workflows/ms.network.networkinterfaces.yml index feda3575e3..3351651662 100644 --- a/.github/workflows/ms.network.networkinterfaces.yml +++ b/.github/workflows/ms.network.networkinterfaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkinterfaces.yml' - - 'arm/Microsoft.Network/networkInterfaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/networkInterfaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/networkInterfaces' + modulePath: 'modules/Microsoft.Network/networkInterfaces' workflowPath: '.github/workflows/ms.network.networkinterfaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networksecuritygroups.yml b/.github/workflows/ms.network.networksecuritygroups.yml index 186a49f9c6..ec4143097d 100644 --- a/.github/workflows/ms.network.networksecuritygroups.yml +++ b/.github/workflows/ms.network.networksecuritygroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networksecuritygroups.yml' - - 'arm/Microsoft.Network/networkSecurityGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/networkSecurityGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/networkSecurityGroups' + modulePath: 'modules/Microsoft.Network/networkSecurityGroups' workflowPath: '.github/workflows/ms.network.networksecuritygroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 3728a63e58..1f1773ba2e 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - - 'arm/Microsoft.Network/networkWatchers/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/networkWatchers/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/networkWatchers' + modulePath: 'modules/Microsoft.Network/networkWatchers' workflowPath: '.github/workflows/ms.network.networkwatchers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.privatednszones.yml b/.github/workflows/ms.network.privatednszones.yml index 3afa12980f..5186987b00 100644 --- a/.github/workflows/ms.network.privatednszones.yml +++ b/.github/workflows/ms.network.privatednszones.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.privatednszones.yml' - - 'arm/Microsoft.Network/privateDnsZones/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/privateDnsZones/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/privateDnsZones' + modulePath: 'modules/Microsoft.Network/privateDnsZones' workflowPath: '.github/workflows/ms.network.privatednszones.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.privateendpoints.yml b/.github/workflows/ms.network.privateendpoints.yml index 06132ed4a2..b7fed464dd 100644 --- a/.github/workflows/ms.network.privateendpoints.yml +++ b/.github/workflows/ms.network.privateendpoints.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.privateendpoints.yml' - - 'arm/Microsoft.Network/privateEndpoints/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/privateEndpoints/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/privateEndpoints' + modulePath: 'modules/Microsoft.Network/privateEndpoints' workflowPath: '.github/workflows/ms.network.privateendpoints.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.publicipaddresses.yml b/.github/workflows/ms.network.publicipaddresses.yml index ff2e212f7b..b1e9fbcc11 100644 --- a/.github/workflows/ms.network.publicipaddresses.yml +++ b/.github/workflows/ms.network.publicipaddresses.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.publicipaddresses.yml' - - 'arm/Microsoft.Network/publicIPAddresses/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/publicIPAddresses/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/publicIPAddresses' + modulePath: 'modules/Microsoft.Network/publicIPAddresses' workflowPath: '.github/workflows/ms.network.publicipaddresses.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.publicipprefixes.yml b/.github/workflows/ms.network.publicipprefixes.yml index 7ee726e778..714bc5bdb2 100644 --- a/.github/workflows/ms.network.publicipprefixes.yml +++ b/.github/workflows/ms.network.publicipprefixes.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.publicipprefixes.yml' - - 'arm/Microsoft.Network/publicIPPrefixes/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/publicIPPrefixes/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/publicIPPrefixes' + modulePath: 'modules/Microsoft.Network/publicIPPrefixes' workflowPath: '.github/workflows/ms.network.publicipprefixes.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.routetables.yml b/.github/workflows/ms.network.routetables.yml index c64d0c4b61..9f4bb512c4 100644 --- a/.github/workflows/ms.network.routetables.yml +++ b/.github/workflows/ms.network.routetables.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.routetables.yml' - - 'arm/Microsoft.Network/routeTables/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/routeTables/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/routeTables' + modulePath: 'modules/Microsoft.Network/routeTables' workflowPath: '.github/workflows/ms.network.routetables.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.trafficmanagerprofiles.yml b/.github/workflows/ms.network.trafficmanagerprofiles.yml index 38e8f66a8c..d1a0a6b561 100644 --- a/.github/workflows/ms.network.trafficmanagerprofiles.yml +++ b/.github/workflows/ms.network.trafficmanagerprofiles.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.trafficmanagerprofiles.yml' - - 'arm/Microsoft.Network/trafficmanagerprofiles/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/trafficmanagerprofiles/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/trafficmanagerprofiles' + modulePath: 'modules/Microsoft.Network/trafficmanagerprofiles' workflowPath: '.github/workflows/ms.network.trafficmanagerprofiles.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualhubs.yml b/.github/workflows/ms.network.virtualhubs.yml index cf5d3d8db7..9e2221dff4 100644 --- a/.github/workflows/ms.network.virtualhubs.yml +++ b/.github/workflows/ms.network.virtualhubs.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualhubs.yml' - - 'arm/Microsoft.Network/virtualHubs/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/virtualHubs/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/virtualHubs' + modulePath: 'modules/Microsoft.Network/virtualHubs' workflowPath: '.github/workflows/ms.network.virtualhubs.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualnetworkgateways.yml b/.github/workflows/ms.network.virtualnetworkgateways.yml index d0ad36a1fa..a96f19b58f 100644 --- a/.github/workflows/ms.network.virtualnetworkgateways.yml +++ b/.github/workflows/ms.network.virtualnetworkgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualnetworkgateways.yml' - - 'arm/Microsoft.Network/virtualNetworkGateways/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/virtualNetworkGateways/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/virtualNetworkGateways' + modulePath: 'modules/Microsoft.Network/virtualNetworkGateways' workflowPath: '.github/workflows/ms.network.virtualnetworkgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index b1445fc3ce..8ffde5c19e 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualnetworks.yml' - - 'arm/Microsoft.Network/virtualNetworks/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/virtualNetworks/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/virtualNetworks' + modulePath: 'modules/Microsoft.Network/virtualNetworks' workflowPath: '.github/workflows/ms.network.virtualnetworks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualwans.yml b/.github/workflows/ms.network.virtualwans.yml index af84aa61d6..911e6fe50a 100644 --- a/.github/workflows/ms.network.virtualwans.yml +++ b/.github/workflows/ms.network.virtualwans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualwans.yml' - - 'arm/Microsoft.Network/virtualWans/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/virtualWans/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/virtualWans' + modulePath: 'modules/Microsoft.Network/virtualWans' workflowPath: '.github/workflows/ms.network.virtualwans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.vpngateways.yml b/.github/workflows/ms.network.vpngateways.yml index a478903089..2fb8cc1797 100644 --- a/.github/workflows/ms.network.vpngateways.yml +++ b/.github/workflows/ms.network.vpngateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.vpngateways.yml' - - 'arm/Microsoft.Network/vpnGateways/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/vpnGateways/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/vpnGateways' + modulePath: 'modules/Microsoft.Network/vpnGateways' workflowPath: '.github/workflows/ms.network.vpngateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.vpnsites.yml b/.github/workflows/ms.network.vpnsites.yml index fb0f8c8d3f..b72ddae6e1 100644 --- a/.github/workflows/ms.network.vpnsites.yml +++ b/.github/workflows/ms.network.vpnsites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.vpnsites.yml' - - 'arm/Microsoft.Network/vpnSites/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Network/vpnSites/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Network/vpnSites' + modulePath: 'modules/Microsoft.Network/vpnSites' workflowPath: '.github/workflows/ms.network.vpnsites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.operationalinsights.workspaces.yml b/.github/workflows/ms.operationalinsights.workspaces.yml index 9ddfc177f5..fd0c3c685a 100644 --- a/.github/workflows/ms.operationalinsights.workspaces.yml +++ b/.github/workflows/ms.operationalinsights.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.operationalinsights.workspaces.yml' - - 'arm/Microsoft.OperationalInsights/workspaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.OperationalInsights/workspaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.OperationalInsights/workspaces' + modulePath: 'modules/Microsoft.OperationalInsights/workspaces' workflowPath: '.github/workflows/ms.operationalinsights.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index db74fec086..da92a74b21 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.operationsmanagement.solutions.yml' - - 'arm/Microsoft.OperationsManagement/solutions/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.OperationsManagement/solutions/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.OperationsManagement/solutions' + modulePath: 'modules/Microsoft.OperationsManagement/solutions' workflowPath: '.github/workflows/ms.operationsmanagement.solutions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.recoveryservices.vaults.yml b/.github/workflows/ms.recoveryservices.vaults.yml index 15e09441c3..275e0498de 100644 --- a/.github/workflows/ms.recoveryservices.vaults.yml +++ b/.github/workflows/ms.recoveryservices.vaults.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.recoveryservices.vaults.yml' - - 'arm/Microsoft.RecoveryServices/vaults/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.RecoveryServices/vaults/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.RecoveryServices/vaults' + modulePath: 'modules/Microsoft.RecoveryServices/vaults' workflowPath: '.github/workflows/ms.recoveryservices.vaults.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.deploymentscripts.yml b/.github/workflows/ms.resources.deploymentscripts.yml index 967b05e4b9..32b6b0f767 100644 --- a/.github/workflows/ms.resources.deploymentscripts.yml +++ b/.github/workflows/ms.resources.deploymentscripts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.deploymentscripts.yml' - - 'arm/Microsoft.Resources/deploymentScripts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Resources/deploymentScripts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Resources/deploymentScripts' + modulePath: 'modules/Microsoft.Resources/deploymentScripts' workflowPath: '.github/workflows/ms.resources.deploymentscripts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 392cd5740b..60de42f8b8 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.resourcegroups.yml' - - 'arm/Microsoft.Resources/resourceGroups/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Resources/resourceGroups/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Resources/resourceGroups' + modulePath: 'modules/Microsoft.Resources/resourceGroups' workflowPath: '.github/workflows/ms.resources.resourcegroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.tags.yml b/.github/workflows/ms.resources.tags.yml index c35776cb2d..fb54367126 100644 --- a/.github/workflows/ms.resources.tags.yml +++ b/.github/workflows/ms.resources.tags.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.tags.yml' - - 'arm/Microsoft.Resources/tags/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Resources/tags/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Resources/tags' + modulePath: 'modules/Microsoft.Resources/tags' workflowPath: '.github/workflows/ms.resources.tags.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.security.azuresecuritycenter.yml b/.github/workflows/ms.security.azuresecuritycenter.yml index 0eab54dc73..bca0ebedff 100644 --- a/.github/workflows/ms.security.azuresecuritycenter.yml +++ b/.github/workflows/ms.security.azuresecuritycenter.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.security.azuresecuritycenter.yml' - - 'arm/Microsoft.Security/azureSecurityCenter/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Security/azureSecurityCenter/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Security/azureSecurityCenter' + modulePath: 'modules/Microsoft.Security/azureSecurityCenter' workflowPath: '.github/workflows/ms.security.azuresecuritycenter.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.servicebus.namespaces.yml b/.github/workflows/ms.servicebus.namespaces.yml index e290a78302..fb84ab7ccd 100644 --- a/.github/workflows/ms.servicebus.namespaces.yml +++ b/.github/workflows/ms.servicebus.namespaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.servicebus.namespaces.yml' - - 'arm/Microsoft.ServiceBus/namespaces/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ServiceBus/namespaces/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ServiceBus/namespaces' + modulePath: 'modules/Microsoft.ServiceBus/namespaces' workflowPath: '.github/workflows/ms.servicebus.namespaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.servicefabric.clusters.yml b/.github/workflows/ms.servicefabric.clusters.yml index d53258695c..9895c4f192 100644 --- a/.github/workflows/ms.servicefabric.clusters.yml +++ b/.github/workflows/ms.servicefabric.clusters.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.servicefabric.clusters.yml' - - 'arm/Microsoft.ServiceFabric/clusters/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.ServiceFabric/clusters/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.ServiceFabric/clusters' + modulePath: 'modules/Microsoft.ServiceFabric/clusters' workflowPath: '.github/workflows/ms.servicefabric.clusters.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.sql.managedinstances.yml b/.github/workflows/ms.sql.managedinstances.yml index 70cacaaaaf..e3c6df7041 100644 --- a/.github/workflows/ms.sql.managedinstances.yml +++ b/.github/workflows/ms.sql.managedinstances.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.sql.managedinstances.yml' - - 'arm/Microsoft.Sql/managedInstances/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Sql/managedInstances/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Sql/managedInstances' + modulePath: 'modules/Microsoft.Sql/managedInstances' workflowPath: '.github/workflows/ms.sql.managedinstances.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.sql.servers.yml b/.github/workflows/ms.sql.servers.yml index c2b15642ee..61623e9bfb 100644 --- a/.github/workflows/ms.sql.servers.yml +++ b/.github/workflows/ms.sql.servers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.sql.servers.yml' - - 'arm/Microsoft.Sql/servers/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Sql/servers/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Sql/servers' + modulePath: 'modules/Microsoft.Sql/servers' workflowPath: '.github/workflows/ms.sql.servers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.storage.storageaccounts.yml b/.github/workflows/ms.storage.storageaccounts.yml index 25ca93d427..dfd7c811fc 100644 --- a/.github/workflows/ms.storage.storageaccounts.yml +++ b/.github/workflows/ms.storage.storageaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.storage.storageaccounts.yml' - - 'arm/Microsoft.Storage/storageAccounts/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Storage/storageAccounts/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Storage/storageAccounts' + modulePath: 'modules/Microsoft.Storage/storageAccounts' workflowPath: '.github/workflows/ms.storage.storageaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.synapse.privatelinkhubs.yml b/.github/workflows/ms.synapse.privatelinkhubs.yml index 7c70983ae5..d0287ac8d3 100644 --- a/.github/workflows/ms.synapse.privatelinkhubs.yml +++ b/.github/workflows/ms.synapse.privatelinkhubs.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.synapse.privatelinkhubs.yml' - - 'arm/Microsoft.Synapse/privateLinkHubs/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Synapse/privateLinkHubs/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Synapse/privateLinkHubs' + modulePath: 'modules/Microsoft.Synapse/privateLinkHubs' workflowPath: '.github/workflows/ms.synapse.privatelinkhubs.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.virtualmachineimages.imagetemplates.yml b/.github/workflows/ms.virtualmachineimages.imagetemplates.yml index 1a586bcf64..7d1c122891 100644 --- a/.github/workflows/ms.virtualmachineimages.imagetemplates.yml +++ b/.github/workflows/ms.virtualmachineimages.imagetemplates.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.virtualmachineimages.imagetemplates.yml' - - 'arm/Microsoft.VirtualMachineImages/imageTemplates/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.VirtualMachineImages/imageTemplates/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.VirtualMachineImages/imageTemplates' + modulePath: 'modules/Microsoft.VirtualMachineImages/imageTemplates' workflowPath: '.github/workflows/ms.virtualmachineimages.imagetemplates.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.connections.yml b/.github/workflows/ms.web.connections.yml index e32df8e3c9..24a5452946 100644 --- a/.github/workflows/ms.web.connections.yml +++ b/.github/workflows/ms.web.connections.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.connections.yml' - - 'arm/Microsoft.Web/connections/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Web/connections/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Web/connections' + modulePath: 'modules/Microsoft.Web/connections' workflowPath: '.github/workflows/ms.web.connections.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.hostingenvironments.yml b/.github/workflows/ms.web.hostingenvironments.yml index 0d926983ec..cc7f884c27 100644 --- a/.github/workflows/ms.web.hostingenvironments.yml +++ b/.github/workflows/ms.web.hostingenvironments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.hostingenvironments.yml' - - 'arm/Microsoft.Web/hostingEnvironments/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Web/hostingEnvironments/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Web/hostingEnvironments' + modulePath: 'modules/Microsoft.Web/hostingEnvironments' workflowPath: '.github/workflows/ms.web.hostingenvironments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.serverfarms.yml b/.github/workflows/ms.web.serverfarms.yml index 1ba700cf21..d0d6a3a41d 100644 --- a/.github/workflows/ms.web.serverfarms.yml +++ b/.github/workflows/ms.web.serverfarms.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.serverfarms.yml' - - 'arm/Microsoft.Web/serverfarms/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Web/serverfarms/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Web/serverfarms' + modulePath: 'modules/Microsoft.Web/serverfarms' workflowPath: '.github/workflows/ms.web.serverfarms.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.sites.yml b/.github/workflows/ms.web.sites.yml index a83b5659d2..5f69a15df6 100644 --- a/.github/workflows/ms.web.sites.yml +++ b/.github/workflows/ms.web.sites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.sites.yml' - - 'arm/Microsoft.Web/sites/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Web/sites/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Web/sites' + modulePath: 'modules/Microsoft.Web/sites' workflowPath: '.github/workflows/ms.web.sites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index bc0920919b..b387de58ae 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.staticsites.yml' - - 'arm/Microsoft.Web/staticSites/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Web/staticSites/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Web/staticSites' + modulePath: 'modules/Microsoft.Web/staticSites' workflowPath: '.github/workflows/ms.web.staticsites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index 1754c3c32c..a1addb1653 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -43,7 +43,8 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: ['validation.parameters.json', 'locks.parameters.json'] + parameterFilePaths: + ['validation.parameters.json', 'locks.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -52,7 +53,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -80,7 +81,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -111,7 +112,7 @@ jobs: id: deploy_msi uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -150,7 +151,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -178,7 +179,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -206,7 +207,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -234,7 +235,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -253,7 +254,12 @@ jobs: fail-fast: false matrix: parameterFilePaths: - ['appi.parameters.json', 'aut.parameters.json', 'sol.parameters.json', 'parameters.json'] + [ + 'appi.parameters.json', + 'aut.parameters.json', + 'sol.parameters.json', + 'parameters.json', + ] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -263,7 +269,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -292,7 +298,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -400,7 +406,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -434,7 +440,7 @@ jobs: id: deploy_imgt uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -597,7 +603,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -625,7 +631,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -653,7 +659,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -682,7 +688,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -719,7 +725,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -750,7 +756,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -778,7 +784,7 @@ jobs: 'lb.parameters.json', 'lb.min.parameters.json', 'fw.parameters.json', - 'fw.additional.parameters.json' + 'fw.additional.parameters.json', ] steps: - name: 'Checkout' @@ -789,7 +795,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -819,7 +825,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -849,7 +855,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -879,7 +885,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -910,7 +916,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -943,7 +949,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1123,7 +1129,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1245,7 +1251,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1273,7 +1279,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/subscription/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/subscription/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1306,7 +1312,7 @@ jobs: '11.azfw.parameters.json', '12.bastion.parameters.json', '13.bastion.parameters.json', - 'parameters.json' + 'parameters.json', ] steps: - name: 'Checkout' @@ -1317,7 +1323,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1347,7 +1353,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1375,7 +1381,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1405,7 +1411,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1433,7 +1439,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' diff --git a/.github/workflows/platform.updateReadMe.yml b/.github/workflows/platform.updateReadMe.yml index 829dd17ae6..9e3d0dfcf2 100644 --- a/.github/workflows/platform.updateReadMe.yml +++ b/.github/workflows/platform.updateReadMe.yml @@ -10,8 +10,8 @@ on: branches: - main paths: - - 'arm/**/deploy.bicep' - - 'arm/**/deploy.json' + - 'modules/**/deploy.bicep' + - 'modules/**/deploy.json' env: pipelinePrincipalGitUserName: 'CARMLPipelinePrincipal' @@ -34,7 +34,7 @@ jobs: . "$env:GITHUB_WORKSPACE/utilities/tools/Set-ReadMeModuleTable.ps1" $functionInput = @{ - ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'arm' + ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'modules' FilePath = Join-Path $env:GITHUB_WORKSPACE 'README.md' Organization = ($env:GITHUB_REPOSITORY).split('/')[0] RepositoryName = ($env:GITHUB_REPOSITORY).split('/')[1] @@ -55,8 +55,8 @@ jobs: . "$env:GITHUB_WORKSPACE/utilities/tools/Set-ReadMeModuleTable.ps1" $functionInput = @{ - ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'arm' - FilePath = Join-Path $env:GITHUB_WORKSPACE 'arm/README.md' + ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'modules' + FilePath = Join-Path $env:GITHUB_WORKSPACE 'modules/README.md' Organization = ($env:GITHUB_REPOSITORY).split('/')[0] RepositoryName = ($env:GITHUB_REPOSITORY).split('/')[1] ColumnsInOrder = @('Name', 'ProviderNamespace','ResourceType') diff --git a/README.md b/README.md index 7d4e4a6241..2f4ae8107d 100644 --- a/README.md +++ b/README.md @@ -29,107 +29,107 @@ The CI environment supports both ARM and Bicep and can be leveraged using GitHub | Name | Status | | - | - | -| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/actionGroups) | [!['Insights: ActionGroups'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActionGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.actiongroups.yml) | -| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/activityLogAlerts) | [!['Insights: ActivityLogAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActivityLogAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.activitylogalerts.yml) | -| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/diagnosticSettings) | [!['Insights: DiagnosticSettings'](https://github.com/Azure/ResourceModules/workflows/Insights:%20DiagnosticSettings/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.diagnosticsettings.yml) | -| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AnalysisServices/servers) | [!['AnalysisServices: Servers'](https://github.com/Azure/ResourceModules/workflows/AnalysisServices:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.analysisservices.servers.yml) | -| [API Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/connections) | [!['Web: Connections'](https://github.com/Azure/ResourceModules/workflows/Web:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.connections.yml) | -| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ApiManagement/service) | [!['ApiManagement: Service'](https://github.com/Azure/ResourceModules/workflows/ApiManagement:%20Service/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.apimanagement.service.yml) | -| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AppConfiguration/configurationStores) | [!['AppConfiguration: ConfigurationStores'](https://github.com/Azure/ResourceModules/workflows/AppConfiguration:%20ConfigurationStores/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.appconfiguration.configurationstores.yml) | -| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/hostingEnvironments) | [!['Web: HostingEnvironments'](https://github.com/Azure/ResourceModules/workflows/Web:%20HostingEnvironments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.hostingenvironments.yml) | -| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/serverfarms) | [!['Web: Serverfarms'](https://github.com/Azure/ResourceModules/workflows/Web:%20Serverfarms/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.serverfarms.yml) | -| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/components) | [!['Insights: Components'](https://github.com/Azure/ResourceModules/workflows/Insights:%20Components/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.components.yml) | -| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationSecurityGroups) | [!['Network: ApplicationSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationsecuritygroups.yml) | -| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/locks) | [!['Authorization: Locks'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20Locks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.locks.yml) | -| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Automation/automationAccounts) | [!['Automation: AutomationAccounts'](https://github.com/Azure/ResourceModules/workflows/Automation:%20AutomationAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.automation.automationaccounts.yml) | -| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/availabilitySets) | [!['Compute: AvailabilitySets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20AvailabilitySets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.availabilitysets.yml) | -| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/applicationgroups) | [!['DesktopVirtualization: ApplicationGroups'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20ApplicationGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.applicationgroups.yml) | -| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/hostpools) | [!['DesktopVirtualization: HostPools'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20HostPools/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.hostpools.yml) | -| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/scalingplans) | [!['DesktopVirtualization: Scalingplans'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Scalingplans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.scalingplans.yml) | -| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/workspaces) | [!['DesktopVirtualization: Workspaces'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.workspaces.yml) | -| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AAD/DomainServices) | [!['AAD: DomainServices'](https://github.com/Azure/ResourceModules/workflows/AAD:%20DomainServices/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.aad.domainservices.yml) | -| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/galleries) | [!['Compute: Galleries'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Galleries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.galleries.yml) | -| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Databricks/workspaces) | [!['Databricks: Workspaces'](https://github.com/Azure/ResourceModules/workflows/Databricks:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.databricks.workspaces.yml) | -| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/azureFirewalls) | [!['Network: AzureFirewalls'](https://github.com/Azure/ResourceModules/workflows/Network:%20AzureFirewalls/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.azurefirewalls.yml) | -| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.HealthBot/healthBots) | [!['HealthBot: HealthBots'](https://github.com/Azure/ResourceModules/workflows/HealthBot:%20HealthBots/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.healthbot.healthbots.yml) | -| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerService/managedClusters) | [!['ContainerService: ManagedClusters'](https://github.com/Azure/ResourceModules/workflows/ContainerService:%20ManagedClusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerservice.managedclusters.yml) | -| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/privateLinkScopes) | [!['Insights: PrivateLinkScopes'](https://github.com/Azure/ResourceModules/workflows/Insights:%20PrivateLinkScopes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.privatelinkscopes.yml) | -| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.NetApp/netAppAccounts) | [!['NetApp: NetAppAccounts'](https://github.com/Azure/ResourceModules/workflows/NetApp:%20NetAppAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.netapp.netappaccounts.yml) | -| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Security/azureSecurityCenter) | [!['Security: AzureSecurityCenter'](https://github.com/Azure/ResourceModules/workflows/Security:%20AzureSecurityCenter/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.security.azuresecuritycenter.yml) | -| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Synapse/privateLinkHubs) | [!['Synapse: PrivateLinkHubs'](https://github.com/Azure/ResourceModules/workflows/Synapse:%20PrivateLinkHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.synapse.privatelinkhubs.yml) | -| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/bastionHosts) | [!['Network: BastionHosts'](https://github.com/Azure/ResourceModules/workflows/Network:%20BastionHosts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.bastionhosts.yml) | -| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Batch/batchAccounts) | [!['Batch: BatchAccounts'](https://github.com/Azure/ResourceModules/workflows/Batch:%20BatchAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.batch.batchaccounts.yml) | -| [Budgets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Consumption/budgets) | [!['Consumption: Budgets'](https://github.com/Azure/ResourceModules/workflows/Consumption:%20Budgets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.consumption.budgets.yml) | -| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.CognitiveServices/accounts) | [!['CognitiveServices: Accounts'](https://github.com/Azure/ResourceModules/workflows/CognitiveServices:%20Accounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.cognitiveservices.accounts.yml) | -| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/disks) | [!['Compute: Disks'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Disks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.disks.yml) | -| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerInstance/containerGroups) | [!['ContainerInstance: ContainerGroups'](https://github.com/Azure/ResourceModules/workflows/ContainerInstance:%20ContainerGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerinstance.containergroups.yml) | -| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerRegistry/registries) | [!['ContainerRegistry: Registries'](https://github.com/Azure/ResourceModules/workflows/ContainerRegistry:%20Registries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerregistry.registries.yml) | -| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataFactory/factories) | [!['DataFactory: Factories'](https://github.com/Azure/ResourceModules/workflows/DataFactory:%20Factories/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.datafactory.factories.yml) | -| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataProtection/backupVaults) | [![DataProtection: BackupVaults](https://github.com/Azure/ResourceModules/workflows/DataProtection:%20BackupVaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.dataprotection.backupvaults.yml) | -| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ddosProtectionPlans) | [!['Network: DdosProtectionPlans'](https://github.com/Azure/ResourceModules/workflows/Network:%20DdosProtectionPlans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ddosprotectionplans.yml) | -| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/deploymentScripts) | [!['Resources: DeploymentScripts'](https://github.com/Azure/ResourceModules/workflows/Resources:%20DeploymentScripts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.deploymentscripts.yml) | -| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/diskEncryptionSets) | [!['Compute: DiskEncryptionSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20DiskEncryptionSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.diskencryptionsets.yml) | -| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DocumentDB/databaseAccounts) | [!['DocumentDB: DatabaseAccounts'](https://github.com/Azure/ResourceModules/workflows/DocumentDB:%20DatabaseAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.documentdb.databaseaccounts.yml) | -| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/systemTopics) | [!['EventGrid: System Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20System%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.systemtopics.yml) | -| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/topics) | [!['EventGrid: Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.topics.yml) | -| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventHub/namespaces) | [!['EventHub: Namespaces'](https://github.com/Azure/ResourceModules/workflows/EventHub:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventhub.namespaces.yml) | -| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/expressRouteCircuits) | [!['Network: ExpressRouteCircuits'](https://github.com/Azure/ResourceModules/workflows/Network:%20ExpressRouteCircuits/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.expressroutecircuits.yml) | -| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/firewallPolicies) | [!['Network: FirewallPolicies'](https://github.com/Azure/ResourceModules/workflows/Network:%20FirewallPolicies/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.firewallpolicies.yml) | -| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/frontDoors) | [!['Network: Frontdoors'](https://github.com/Azure/ResourceModules/workflows/Network:%20Frontdoors/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.frontdoors.yml) | -| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.VirtualMachineImages/imageTemplates) | [!['VirtualMachineImages: ImageTemplates'](https://github.com/Azure/ResourceModules/workflows/VirtualMachineImages:%20ImageTemplates/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.virtualmachineimages.imagetemplates.yml) | -| [Images](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/images) | [!['Compute: Images'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Images/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.images.yml) | -| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ipGroups) | [!['Network: IpGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20IpGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ipgroups.yml) | -| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KeyVault/vaults) | [!['KeyVault: Vaults'](https://github.com/Azure/ResourceModules/workflows/KeyVault:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.keyvault.vaults.yml) | -| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/extensions) | [!['KubernetesConfiguration: Extensions'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20Extensions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.extensions.yml) | -| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/fluxConfigurations) | [!['KubernetesConfiguration: FluxConfigurations'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20FluxConfigurations/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml) | -| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/loadBalancers) | [!['Network: LoadBalancers'](https://github.com/Azure/ResourceModules/workflows/Network:%20LoadBalancers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.loadbalancers.yml) | -| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/localNetworkGateways) | [!['Network: LocalNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20LocalNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.localnetworkgateways.yml) | -| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationalInsights/workspaces) | [!['OperationalInsights: Workspaces'](https://github.com/Azure/ResourceModules/workflows/OperationalInsights:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationalinsights.workspaces.yml) | -| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Logic/workflows) | [!['Logic: Workflows'](https://github.com/Azure/ResourceModules/workflows/Logic:%20Workflows/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.logic.workflows.yml) | -| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.MachineLearningServices/workspaces) | [!['MachineLearningServices: Workspaces'](https://github.com/Azure/ResourceModules/workflows/MachineLearningServices:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.machinelearningservices.workspaces.yml) | -| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Management/managementGroups) | [!['Management: ManagementGroups'](https://github.com/Azure/ResourceModules/workflows/Management:%20ManagementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.management.managementgroups.yml) | -| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/metricAlerts) | [!['Insights: MetricAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20MetricAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.metricalerts.yml) | -| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/natGateways) | [!['Network: NatGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20NatGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.natgateways.yml) | -| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationGateways) | [!['Network: ApplicationGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationgateways.yml) | -| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkInterfaces) | [!['Network: NetworkInterfaces'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkInterfaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkinterfaces.yml) | -| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkSecurityGroups) | [!['Network: NetworkSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networksecuritygroups.yml) | -| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkWatchers) | [!['Network: NetworkWatchers'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkWatchers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkwatchers.yml) | -| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationsManagement/solutions) | [!['OperationsManagement: Solutions'](https://github.com/Azure/ResourceModules/workflows/OperationsManagement:%20Solutions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationsmanagement.solutions.yml) | -| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyAssignments) | [!['Authorization: PolicyAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyassignments.yml) | -| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyDefinitions) | [!['Authorization: PolicyDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policydefinitions.yml) | -| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyExemptions) | [!['Authorization: PolicyExemptions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyExemptions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyexemptions.yml) | -| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policySetDefinitions) | [!['Authorization: PolicySetDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicySetDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policysetdefinitions.yml) | -| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateDnsZones) | [!['Network: PrivateDnsZones'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateDnsZones/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privatednszones.yml) | -| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateEndpoints) | [!['Network: PrivateEndpoints'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateEndpoints/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privateendpoints.yml) | -| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/proximityPlacementGroups) | [!['Compute: ProximityPlacementGroups'](https://github.com/Azure/ResourceModules/workflows/Compute:%20ProximityPlacementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.proximityplacementgroups.yml) | -| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | [!['Network: PublicIpAddresses'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpAddresses/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipaddresses.yml) | -| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | [!['Network: PublicIpPrefixes'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpPrefixes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipprefixes.yml) | -| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.RecoveryServices/vaults) | [!['RecoveryServices: Vaults'](https://github.com/Azure/ResourceModules/workflows/RecoveryServices:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.recoveryservices.vaults.yml) | -| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedServices/registrationDefinitions) | [!['ManagedServices: RegistrationDefinitions'](https://github.com/Azure/ResourceModules/workflows/ManagedServices:%20RegistrationDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedservices.registrationdefinitions.yml) | -| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/resourceGroups) | [!['Resources: ResourceGroups'](https://github.com/Azure/ResourceModules/workflows/Resources:%20ResourceGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.resourcegroups.yml) | -| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/tags) | [!['Resources: Tags'](https://github.com/Azure/ResourceModules/workflows/Resources:%20Tags/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.tags.yml) | -| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleAssignments) | [!['Authorization: RoleAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roleassignments.yml) | -| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleDefinitions) | [!['Authorization: RoleDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roledefinitions.yml) | -| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | [!['Network: RouteTables'](https://github.com/Azure/ResourceModules/workflows/Network:%20RouteTables/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.routetables.yml) | -| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/scheduledQueryRules) | [!['Insights: ScheduledQueryRules'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ScheduledQueryRules/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.scheduledqueryrules.yml) | -| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceBus/namespaces) | [!['ServiceBus: Namespaces'](https://github.com/Azure/ResourceModules/workflows/ServiceBus:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicebus.namespaces.yml) | -| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceFabric/clusters) | [!['Service Fabric: Clusters'](https://github.com/Azure/ResourceModules/workflows/Service%20Fabric:%20Clusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicefabric.clusters.yml) | -| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/managedInstances) | [!['Sql: ManagedInstances'](https://github.com/Azure/ResourceModules/workflows/Sql:%20ManagedInstances/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml) | -| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/servers) | [!['Sql: Servers'](https://github.com/Azure/ResourceModules/workflows/Sql:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.servers.yml) | -| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/staticSites) | [!['Web: StaticSites'](https://github.com/Azure/ResourceModules/workflows/Web:%20StaticSites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.staticsites.yml) | -| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Storage/storageAccounts) | [!['Storage: StorageAccounts'](https://github.com/Azure/ResourceModules/workflows/Storage:%20StorageAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml) | -| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | [!['Network: TrafficManagerProfiles'](https://github.com/Azure/ResourceModules/workflows/Network:%20TrafficManagerProfiles/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | -| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedIdentity/userAssignedIdentities) | [!['ManagedIdentity: UserAssignedIdentities'](https://github.com/Azure/ResourceModules/workflows/ManagedIdentity:%20UserAssignedIdentities/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml) | -| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualHubs) | [!['Network: VirtualHubs'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualhubs.yml) | -| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachineScaleSets) | [!['Compute: VirtualMachineScaleSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachineScaleSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml) | -| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachines) | [!['Compute: VirtualMachines'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachines/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml) | -| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/connections) | [!['Network: Connections'](https://github.com/Azure/ResourceModules/workflows/Network:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.connections.yml) | -| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | [!['Network: VirtualNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworkgateways.yml) | -| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | [!['Network: VirtualNetworks'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworks.yml) | -| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualWans) | [!['Network: VirtualWans'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualWans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualwans.yml) | -| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnGateways) | [!['Network: VPNGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPNGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpngateways.yml) | -| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnSites) | [!['Network: VPN Sites'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPN%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpnsites.yml) | -| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/sites) | [!['Web: Sites'](https://github.com/Azure/ResourceModules/workflows/Web:%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.sites.yml) | +| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | [!['Insights: ActionGroups'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActionGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.actiongroups.yml) | +| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | [!['Insights: ActivityLogAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActivityLogAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.activitylogalerts.yml) | +| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | [!['Insights: DiagnosticSettings'](https://github.com/Azure/ResourceModules/workflows/Insights:%20DiagnosticSettings/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.diagnosticsettings.yml) | +| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | [!['AnalysisServices: Servers'](https://github.com/Azure/ResourceModules/workflows/AnalysisServices:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.analysisservices.servers.yml) | +| [API Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | [!['Web: Connections'](https://github.com/Azure/ResourceModules/workflows/Web:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.connections.yml) | +| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | [!['ApiManagement: Service'](https://github.com/Azure/ResourceModules/workflows/ApiManagement:%20Service/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.apimanagement.service.yml) | +| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | [!['AppConfiguration: ConfigurationStores'](https://github.com/Azure/ResourceModules/workflows/AppConfiguration:%20ConfigurationStores/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.appconfiguration.configurationstores.yml) | +| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | [!['Web: HostingEnvironments'](https://github.com/Azure/ResourceModules/workflows/Web:%20HostingEnvironments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.hostingenvironments.yml) | +| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | [!['Web: Serverfarms'](https://github.com/Azure/ResourceModules/workflows/Web:%20Serverfarms/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.serverfarms.yml) | +| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | [!['Insights: Components'](https://github.com/Azure/ResourceModules/workflows/Insights:%20Components/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.components.yml) | +| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | [!['Network: ApplicationSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationsecuritygroups.yml) | +| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | [!['Authorization: Locks'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20Locks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.locks.yml) | +| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | [!['Automation: AutomationAccounts'](https://github.com/Azure/ResourceModules/workflows/Automation:%20AutomationAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.automation.automationaccounts.yml) | +| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | [!['Compute: AvailabilitySets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20AvailabilitySets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.availabilitysets.yml) | +| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | [!['DesktopVirtualization: ApplicationGroups'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20ApplicationGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.applicationgroups.yml) | +| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | [!['DesktopVirtualization: HostPools'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20HostPools/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.hostpools.yml) | +| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | [!['DesktopVirtualization: Scalingplans'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Scalingplans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.scalingplans.yml) | +| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | [!['DesktopVirtualization: Workspaces'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.workspaces.yml) | +| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | [!['AAD: DomainServices'](https://github.com/Azure/ResourceModules/workflows/AAD:%20DomainServices/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.aad.domainservices.yml) | +| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | [!['Compute: Galleries'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Galleries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.galleries.yml) | +| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | [!['Databricks: Workspaces'](https://github.com/Azure/ResourceModules/workflows/Databricks:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.databricks.workspaces.yml) | +| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | [!['Network: AzureFirewalls'](https://github.com/Azure/ResourceModules/workflows/Network:%20AzureFirewalls/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.azurefirewalls.yml) | +| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | [!['HealthBot: HealthBots'](https://github.com/Azure/ResourceModules/workflows/HealthBot:%20HealthBots/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.healthbot.healthbots.yml) | +| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | [!['ContainerService: ManagedClusters'](https://github.com/Azure/ResourceModules/workflows/ContainerService:%20ManagedClusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerservice.managedclusters.yml) | +| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | [!['Insights: PrivateLinkScopes'](https://github.com/Azure/ResourceModules/workflows/Insights:%20PrivateLinkScopes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.privatelinkscopes.yml) | +| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | [!['NetApp: NetAppAccounts'](https://github.com/Azure/ResourceModules/workflows/NetApp:%20NetAppAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.netapp.netappaccounts.yml) | +| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | [!['Security: AzureSecurityCenter'](https://github.com/Azure/ResourceModules/workflows/Security:%20AzureSecurityCenter/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.security.azuresecuritycenter.yml) | +| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | [!['Synapse: PrivateLinkHubs'](https://github.com/Azure/ResourceModules/workflows/Synapse:%20PrivateLinkHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.synapse.privatelinkhubs.yml) | +| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | [!['Network: BastionHosts'](https://github.com/Azure/ResourceModules/workflows/Network:%20BastionHosts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.bastionhosts.yml) | +| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | [!['Batch: BatchAccounts'](https://github.com/Azure/ResourceModules/workflows/Batch:%20BatchAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.batch.batchaccounts.yml) | +| [Budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | [!['Consumption: Budgets'](https://github.com/Azure/ResourceModules/workflows/Consumption:%20Budgets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.consumption.budgets.yml) | +| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | [!['CognitiveServices: Accounts'](https://github.com/Azure/ResourceModules/workflows/CognitiveServices:%20Accounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.cognitiveservices.accounts.yml) | +| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | [!['Compute: Disks'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Disks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.disks.yml) | +| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | [!['ContainerInstance: ContainerGroups'](https://github.com/Azure/ResourceModules/workflows/ContainerInstance:%20ContainerGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerinstance.containergroups.yml) | +| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | [!['ContainerRegistry: Registries'](https://github.com/Azure/ResourceModules/workflows/ContainerRegistry:%20Registries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerregistry.registries.yml) | +| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | [!['DataFactory: Factories'](https://github.com/Azure/ResourceModules/workflows/DataFactory:%20Factories/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.datafactory.factories.yml) | +| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | [![DataProtection: BackupVaults](https://github.com/Azure/ResourceModules/workflows/DataProtection:%20BackupVaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.dataprotection.backupvaults.yml) | +| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | [!['Network: DdosProtectionPlans'](https://github.com/Azure/ResourceModules/workflows/Network:%20DdosProtectionPlans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ddosprotectionplans.yml) | +| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | [!['Resources: DeploymentScripts'](https://github.com/Azure/ResourceModules/workflows/Resources:%20DeploymentScripts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.deploymentscripts.yml) | +| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | [!['Compute: DiskEncryptionSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20DiskEncryptionSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.diskencryptionsets.yml) | +| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | [!['DocumentDB: DatabaseAccounts'](https://github.com/Azure/ResourceModules/workflows/DocumentDB:%20DatabaseAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.documentdb.databaseaccounts.yml) | +| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | [!['EventGrid: System Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20System%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.systemtopics.yml) | +| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | [!['EventGrid: Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.topics.yml) | +| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | [!['EventHub: Namespaces'](https://github.com/Azure/ResourceModules/workflows/EventHub:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventhub.namespaces.yml) | +| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | [!['Network: ExpressRouteCircuits'](https://github.com/Azure/ResourceModules/workflows/Network:%20ExpressRouteCircuits/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.expressroutecircuits.yml) | +| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | [!['Network: FirewallPolicies'](https://github.com/Azure/ResourceModules/workflows/Network:%20FirewallPolicies/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.firewallpolicies.yml) | +| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | [!['Network: Frontdoors'](https://github.com/Azure/ResourceModules/workflows/Network:%20Frontdoors/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.frontdoors.yml) | +| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | [!['VirtualMachineImages: ImageTemplates'](https://github.com/Azure/ResourceModules/workflows/VirtualMachineImages:%20ImageTemplates/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.virtualmachineimages.imagetemplates.yml) | +| [Images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | [!['Compute: Images'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Images/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.images.yml) | +| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | [!['Network: IpGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20IpGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ipgroups.yml) | +| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | [!['KeyVault: Vaults'](https://github.com/Azure/ResourceModules/workflows/KeyVault:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.keyvault.vaults.yml) | +| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | [!['KubernetesConfiguration: Extensions'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20Extensions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.extensions.yml) | +| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | [!['KubernetesConfiguration: FluxConfigurations'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20FluxConfigurations/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml) | +| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | [!['Network: LoadBalancers'](https://github.com/Azure/ResourceModules/workflows/Network:%20LoadBalancers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.loadbalancers.yml) | +| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | [!['Network: LocalNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20LocalNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.localnetworkgateways.yml) | +| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | [!['OperationalInsights: Workspaces'](https://github.com/Azure/ResourceModules/workflows/OperationalInsights:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationalinsights.workspaces.yml) | +| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | [!['Logic: Workflows'](https://github.com/Azure/ResourceModules/workflows/Logic:%20Workflows/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.logic.workflows.yml) | +| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | [!['MachineLearningServices: Workspaces'](https://github.com/Azure/ResourceModules/workflows/MachineLearningServices:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.machinelearningservices.workspaces.yml) | +| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | [!['Management: ManagementGroups'](https://github.com/Azure/ResourceModules/workflows/Management:%20ManagementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.management.managementgroups.yml) | +| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | [!['Insights: MetricAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20MetricAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.metricalerts.yml) | +| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | [!['Network: NatGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20NatGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.natgateways.yml) | +| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | [!['Network: ApplicationGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationgateways.yml) | +| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | [!['Network: NetworkInterfaces'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkInterfaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkinterfaces.yml) | +| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | [!['Network: NetworkSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networksecuritygroups.yml) | +| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | [!['Network: NetworkWatchers'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkWatchers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkwatchers.yml) | +| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | [!['OperationsManagement: Solutions'](https://github.com/Azure/ResourceModules/workflows/OperationsManagement:%20Solutions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationsmanagement.solutions.yml) | +| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | [!['Authorization: PolicyAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyassignments.yml) | +| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | [!['Authorization: PolicyDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policydefinitions.yml) | +| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | [!['Authorization: PolicyExemptions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyExemptions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyexemptions.yml) | +| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | [!['Authorization: PolicySetDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicySetDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policysetdefinitions.yml) | +| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | [!['Network: PrivateDnsZones'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateDnsZones/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privatednszones.yml) | +| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | [!['Network: PrivateEndpoints'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateEndpoints/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privateendpoints.yml) | +| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | [!['Compute: ProximityPlacementGroups'](https://github.com/Azure/ResourceModules/workflows/Compute:%20ProximityPlacementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.proximityplacementgroups.yml) | +| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | [!['Network: PublicIpAddresses'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpAddresses/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipaddresses.yml) | +| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | [!['Network: PublicIpPrefixes'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpPrefixes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipprefixes.yml) | +| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | [!['RecoveryServices: Vaults'](https://github.com/Azure/ResourceModules/workflows/RecoveryServices:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.recoveryservices.vaults.yml) | +| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | [!['ManagedServices: RegistrationDefinitions'](https://github.com/Azure/ResourceModules/workflows/ManagedServices:%20RegistrationDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedservices.registrationdefinitions.yml) | +| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | [!['Resources: ResourceGroups'](https://github.com/Azure/ResourceModules/workflows/Resources:%20ResourceGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.resourcegroups.yml) | +| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | [!['Resources: Tags'](https://github.com/Azure/ResourceModules/workflows/Resources:%20Tags/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.tags.yml) | +| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | [!['Authorization: RoleAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roleassignments.yml) | +| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | [!['Authorization: RoleDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roledefinitions.yml) | +| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | [!['Network: RouteTables'](https://github.com/Azure/ResourceModules/workflows/Network:%20RouteTables/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.routetables.yml) | +| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | [!['Insights: ScheduledQueryRules'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ScheduledQueryRules/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.scheduledqueryrules.yml) | +| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | [!['ServiceBus: Namespaces'](https://github.com/Azure/ResourceModules/workflows/ServiceBus:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicebus.namespaces.yml) | +| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | [!['Service Fabric: Clusters'](https://github.com/Azure/ResourceModules/workflows/Service%20Fabric:%20Clusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicefabric.clusters.yml) | +| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | [!['Sql: ManagedInstances'](https://github.com/Azure/ResourceModules/workflows/Sql:%20ManagedInstances/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml) | +| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | [!['Sql: Servers'](https://github.com/Azure/ResourceModules/workflows/Sql:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.servers.yml) | +| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | [!['Web: StaticSites'](https://github.com/Azure/ResourceModules/workflows/Web:%20StaticSites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.staticsites.yml) | +| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | [!['Storage: StorageAccounts'](https://github.com/Azure/ResourceModules/workflows/Storage:%20StorageAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml) | +| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | [!['Network: TrafficManagerProfiles'](https://github.com/Azure/ResourceModules/workflows/Network:%20TrafficManagerProfiles/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | +| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | [!['ManagedIdentity: UserAssignedIdentities'](https://github.com/Azure/ResourceModules/workflows/ManagedIdentity:%20UserAssignedIdentities/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml) | +| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | [!['Network: VirtualHubs'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualhubs.yml) | +| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | [!['Compute: VirtualMachineScaleSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachineScaleSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml) | +| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | [!['Compute: VirtualMachines'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachines/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml) | +| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | [!['Network: Connections'](https://github.com/Azure/ResourceModules/workflows/Network:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.connections.yml) | +| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | [!['Network: VirtualNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworkgateways.yml) | +| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | [!['Network: VirtualNetworks'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworks.yml) | +| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | [!['Network: VirtualWans'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualWans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualwans.yml) | +| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | [!['Network: VPNGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPNGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpngateways.yml) | +| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | [!['Network: VPN Sites'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPN%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpnsites.yml) | +| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | [!['Web: Sites'](https://github.com/Azure/ResourceModules/workflows/Web:%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.sites.yml) | ## Tooling diff --git a/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 2f52129333..0000000000 --- a/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,43 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') -} - -resource bv 'Microsoft.DataProtection/backupVaults@2022-03-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(bv.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: bv -}] diff --git a/arm/README.md b/arm/README.md deleted file mode 100644 index cf3cb3aa21..0000000000 --- a/arm/README.md +++ /dev/null @@ -1,107 +0,0 @@ -In this section you can find useful information regarding the Modules that are contained in this repository. - -## Available Resource Modules - -| Name | Provider namespace | Resource Type | -| - | - | - | -| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AAD/DomainServices) | `MS.AAD` | [DomainServices](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AAD/DomainServices) | -| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AnalysisServices/servers) | `MS.AnalysisServices` | [servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AnalysisServices/servers) | -| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ApiManagement/service) | `MS.ApiManagement` | [service](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ApiManagement/service) | -| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AppConfiguration/configurationStores) | `MS.AppConfiguration` | [configurationStores](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AppConfiguration/configurationStores) | -| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/locks) | `MS.Authorization` | [locks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/locks) | -| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyAssignments) | | [policyAssignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyAssignments) | -| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyDefinitions) | | [policyDefinitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyDefinitions) | -| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyExemptions) | | [policyExemptions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyExemptions) | -| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policySetDefinitions) | | [policySetDefinitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policySetDefinitions) | -| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleAssignments) | | [roleAssignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleAssignments) | -| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleDefinitions) | | [roleDefinitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleDefinitions) | -| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Automation/automationAccounts) | `MS.Automation` | [automationAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Automation/automationAccounts) | -| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Batch/batchAccounts) | `MS.Batch` | [batchAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Batch/batchAccounts) | -| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.CognitiveServices/accounts) | `MS.CognitiveServices` | [accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.CognitiveServices/accounts) | -| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/availabilitySets) | `MS.Compute` | [availabilitySets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/availabilitySets) | -| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/diskEncryptionSets) | | [diskEncryptionSets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/diskEncryptionSets) | -| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/disks) | | [disks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/disks) | -| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/galleries) | | [galleries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/galleries) | -| [Images](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/images) | | [images](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/images) | -| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/proximityPlacementGroups) | | [proximityPlacementGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/proximityPlacementGroups) | -| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachines) | | [virtualMachines](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachines) | -| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachineScaleSets) | | [virtualMachineScaleSets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachineScaleSets) | -| [Budgets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Consumption/budgets) | `MS.Consumption` | [budgets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Consumption/budgets) | -| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerInstance/containerGroups) | `MS.ContainerInstance` | [containerGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerInstance/containerGroups) | -| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerRegistry/registries) | `MS.ContainerRegistry` | [registries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerRegistry/registries) | -| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerService/managedClusters) | `MS.ContainerService` | [managedClusters](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerService/managedClusters) | -| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Databricks/workspaces) | `MS.Databricks` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Databricks/workspaces) | -| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataFactory/factories) | `MS.DataFactory` | [factories](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataFactory/factories) | -| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataProtection/backupVaults) | `MS.DataProtection` | [backupVaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataProtection/backupVaults) | -| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/applicationgroups) | `MS.DesktopVirtualization` | [applicationgroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/applicationgroups) | -| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/hostpools) | | [hostpools](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/hostpools) | -| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/scalingplans) | | [scalingplans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/scalingplans) | -| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/workspaces) | | [workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/workspaces) | -| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DocumentDB/databaseAccounts) | `MS.DocumentDB` | [databaseAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DocumentDB/databaseAccounts) | -| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/systemTopics) | `MS.EventGrid` | [systemTopics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/systemTopics) | -| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/topics) | | [topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/topics) | -| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventHub/namespaces) | `MS.EventHub` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventHub/namespaces) | -| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.HealthBot/healthBots) | `MS.HealthBot` | [healthBots](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.HealthBot/healthBots) | -| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/actionGroups) | `MS.Insights` | [actionGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/actionGroups) | -| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/activityLogAlerts) | | [activityLogAlerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/activityLogAlerts) | -| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/components) | | [components](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/components) | -| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/diagnosticSettings) | | [diagnosticSettings](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/diagnosticSettings) | -| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/metricAlerts) | | [metricAlerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/metricAlerts) | -| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/privateLinkScopes) | | [privateLinkScopes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/privateLinkScopes) | -| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/scheduledQueryRules) | | [scheduledQueryRules](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/scheduledQueryRules) | -| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KeyVault/vaults) | `MS.KeyVault` | [vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KeyVault/vaults) | -| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/extensions) | `MS.KubernetesConfiguration` | [extensions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/extensions) | -| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/fluxConfigurations) | | [fluxConfigurations](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/fluxConfigurations) | -| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Logic/workflows) | `MS.Logic` | [workflows](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Logic/workflows) | -| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.MachineLearningServices/workspaces) | `MS.achineLearningServices` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.MachineLearningServices/workspaces) | -| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedIdentity/userAssignedIdentities) | `MS.anagedIdentity` | [userAssignedIdentities](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedIdentity/userAssignedIdentities) | -| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedServices/registrationDefinitions) | `MS.anagedServices` | [registrationDefinitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedServices/registrationDefinitions) | -| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Management/managementGroups) | `MS.anagement` | [managementGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Management/managementGroups) | -| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.NetApp/netAppAccounts) | `MS.NetApp` | [netAppAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.NetApp/netAppAccounts) | -| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationGateways) | `MS.Network` | [applicationGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationGateways) | -| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationSecurityGroups) | | [applicationSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationSecurityGroups) | -| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/azureFirewalls) | | [azureFirewalls](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/azureFirewalls) | -| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/bastionHosts) | | [bastionHosts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/bastionHosts) | -| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/connections) | | [connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/connections) | -| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ddosProtectionPlans) | | [ddosProtectionPlans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ddosProtectionPlans) | -| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/expressRouteCircuits) | | [expressRouteCircuits](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/expressRouteCircuits) | -| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/firewallPolicies) | | [firewallPolicies](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/firewallPolicies) | -| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/frontDoors) | | [frontDoors](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/frontDoors) | -| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ipGroups) | | [ipGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ipGroups) | -| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/loadBalancers) | | [loadBalancers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/loadBalancers) | -| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/localNetworkGateways) | | [localNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/localNetworkGateways) | -| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/natGateways) | | [natGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/natGateways) | -| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkInterfaces) | | [networkInterfaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkInterfaces) | -| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkSecurityGroups) | | [networkSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkSecurityGroups) | -| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkWatchers) | | [networkWatchers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkWatchers) | -| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateDnsZones) | | [privateDnsZones](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateDnsZones) | -| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateEndpoints) | | [privateEndpoints](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateEndpoints) | -| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | | [publicIPAddresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | -| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | | [publicIPPrefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | -| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | | [routeTables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | -| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | | [trafficmanagerprofiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | -| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualHubs) | | [virtualHubs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualHubs) | -| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | | [virtualNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | -| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | | [virtualNetworks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | -| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualWans) | | [virtualWans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualWans) | -| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnGateways) | | [vpnGateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnGateways) | -| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnSites) | | [vpnSites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnSites) | -| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationalInsights/workspaces) | `MS.OperationalInsights` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationalInsights/workspaces) | -| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationsManagement/solutions) | `MS.OperationsManagement` | [solutions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationsManagement/solutions) | -| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.RecoveryServices/vaults) | `MS.RecoveryServices` | [vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.RecoveryServices/vaults) | -| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/deploymentScripts) | `MS.Resources` | [deploymentScripts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/deploymentScripts) | -| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/resourceGroups) | | [resourceGroups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/resourceGroups) | -| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/tags) | | [tags](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/tags) | -| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Security/azureSecurityCenter) | `MS.Security` | [azureSecurityCenter](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Security/azureSecurityCenter) | -| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceBus/namespaces) | `MS.ServiceBus` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceBus/namespaces) | -| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceFabric/clusters) | `MS.ServiceFabric` | [clusters](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceFabric/clusters) | -| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/managedInstances) | `MS.Sql` | [managedInstances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/managedInstances) | -| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/servers) | | [servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/servers) | -| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Storage/storageAccounts) | `MS.Storage` | [storageAccounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Storage/storageAccounts) | -| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Synapse/privateLinkHubs) | `MS.Synapse` | [privateLinkHubs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Synapse/privateLinkHubs) | -| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.VirtualMachineImages/imageTemplates) | `MS.VirtualMachineImages` | [imageTemplates](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.VirtualMachineImages/imageTemplates) | -| [API Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/connections) | `MS.Web` | [connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/connections) | -| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/hostingEnvironments) | | [hostingEnvironments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/hostingEnvironments) | -| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/serverfarms) | | [serverfarms](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/serverfarms) | -| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/sites) | | [sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/sites) | -| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/staticSites) | | [staticSites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/staticSites) | diff --git a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/.bicep/nested_roleAssignments.bicep b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/.bicep/nested_roleAssignments.bicep index e9139f12a1..eab4087e91 100644 --- a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/.bicep/nested_roleAssignments.bicep +++ b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/.bicep/nested_roleAssignments.bicep @@ -291,7 +291,7 @@ var builtInRoleNames = { 'Azure Maps Contributor': '/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb' } -module roleAssignments_mg '../../../../arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep' = [for principalId in principalIds: if (!empty(managementGroupId) && empty(subscriptionId) && empty(resourceGroupName)) { +module roleAssignments_mg '../../../../modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep' = [for principalId in principalIds: if (!empty(managementGroupId) && empty(subscriptionId) && empty(resourceGroupName)) { name: 'roleAssignments_mg-${guid(deployment().name, location, principalId)}' scope: managementGroup(managementGroupId) params: { @@ -301,7 +301,7 @@ module roleAssignments_mg '../../../../arm/Microsoft.Authorization/roleAssignmen } }] -module roleAssignments_sub '../../../../arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep' = [for principalId in principalIds: if (empty(managementGroupId) && !empty(subscriptionId) && empty(resourceGroupName)) { +module roleAssignments_sub '../../../../modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep' = [for principalId in principalIds: if (empty(managementGroupId) && !empty(subscriptionId) && empty(resourceGroupName)) { name: 'roleAssignments_sub-${guid(deployment().name, location, principalId)}' scope: subscription(subscriptionId) params: { @@ -311,7 +311,7 @@ module roleAssignments_sub '../../../../arm/Microsoft.Authorization/roleAssignme } }] -module roleAssignments_rg '../../../../arm/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for principalId in principalIds: if (empty(managementGroupId) && !empty(resourceGroupName) && !empty(subscriptionId)) { +module roleAssignments_rg '../../../../modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for principalId in principalIds: if (empty(managementGroupId) && !empty(resourceGroupName) && !empty(subscriptionId)) { name: 'roleAssignments_rg-${guid(deployment().name, location, principalId)}' scope: resourceGroup(subscriptionId, resourceGroupName) params: { diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep b/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep index f35a53e0c0..5e79b624eb 100644 --- a/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep +++ b/constructs/Microsoft.Compute/virtualMachinesMultiple/deploy.bicep @@ -300,7 +300,7 @@ var vmNamesToApply = !empty(vmNames) ? vmNames : vmGeneratedNames var enableReferencedModulesTelemetry = false -module virtualMachine '../../../arm/Microsoft.Compute/virtualMachines/deploy.bicep' = [for (vmName, index) in vmNamesToApply: { +module virtualMachine '../../../modules/Microsoft.Compute/virtualMachines/deploy.bicep' = [for (vmName, index) in vmNamesToApply: { name: '${deployment().name}-vm-${index}' params: { name: vmName diff --git a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep index 80971b71eb..353f473ba7 100644 --- a/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep +++ b/constructs/Microsoft.Network/virtualNetwork/virtualNetworkPeerings-multiRemoteVnets/deploy.bicep @@ -19,7 +19,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -module virtualNetworkPeering '../../../../arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep' = [for peeringConfiguration in peeringConfigurations: { +module virtualNetworkPeering '../../../../modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep' = [for peeringConfiguration in peeringConfigurations: { name: 'virtualNetworkPeering-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}' params: { name: contains(peeringConfiguration, 'peeringName') ? '${peeringConfiguration.peeringName}' : '${localVnetName}-${last(split(peeringConfiguration.remoteVirtualNetworkId, '/'))}' diff --git a/docs/wiki/Getting started - Get module cross-references.md b/docs/wiki/Getting started - Get module cross-references.md index abe10e5097..a81d551dd4 100644 --- a/docs/wiki/Getting started - Get module cross-references.md +++ b/docs/wiki/Getting started - Get module cross-references.md @@ -32,7 +32,7 @@ For details on how to use the function, please refer to the script's local docum ## Example output ```PowerShell -VERBOSE: The modules in path [ResourceModules\arm] have the following local folder dependencies: +VERBOSE: The modules in path [ResourceModules\modules] have the following local folder dependencies: VERBOSE: VERBOSE: Resource: Microsoft.ApiManagement/service VERBOSE: - Microsoft.ApiManagement/authorizationServers diff --git a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md index 15c4437991..52a5377a93 100644 --- a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md +++ b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md @@ -88,7 +88,7 @@ To configure the CI environment you have to perform several steps: To lower the barrier to entry and allow users to easily define their own naming conventions, we introduced a default `'name prefix'` for all deployed resources. -> **Note:** This prefix is only used by the CI environment you validate your modules in, and doesn't affect the naming of any resources you deploy as part of any multi-module solutions (applications/workloads) based on the modules. +> **Note:** This prefix is only used by the CI environment you validate your modules in, and doesn't affect the naming of any resources you deploy as part of any multi-module solutions (applications/workloads) based on the modules. Each pipeline in CARML deploying resources uses a logic that automatically replaces "tokens" (i.e., placeholders) in any parameter file. Tokens are stored in only a few central locations to facilitate maintenance (e.g., local `settings.json`, repository secrets or variable groups). @@ -231,7 +231,7 @@ To let the worflow engine publish their results into your repository, you have t 1. Make sure to enable `Read and write permissions` Workflow Permissions - +

@@ -379,16 +379,16 @@ For this reason, make sure to update the references in the following modules onc | File | Parameter | Notes | | - | - | - | -| `arm\Microsoft.Compute\diskEncryptionSets\.parameters\parameters.json` |`keyUrl.value` | | -| `arm\Microsoft.Compute\virtualMachines\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `arm\Microsoft.Compute\virtualMachines\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `arm\Microsoft.Compute\virtualMachineScaleSets\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `arm\Microsoft.Compute\virtualMachineScaleSets\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `arm\Microsoft.Sql\managedInstances\.parameters\parameters.json` | `keys.value.uri` | | -| `arm\Microsoft.Network\applicationGateways\.parameters\parameters.json` | `sslCertificates.value.properties.keyVaultSecretId` | | -| `arm\Microsoft.Web\sites\.parameters\fa.parameters.json` | `appSettingsKeyValuePairs.value.EASYAUTH_SECRET` | Key Vault secret URI without version | -| `arm\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App | -| `arm\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app | +| `modules\Microsoft.Compute\diskEncryptionSets\.parameters\parameters.json` |`keyUrl.value` | | +| `modules\Microsoft.Compute\virtualMachines\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachines\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachineScaleSets\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachineScaleSets\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Sql\managedInstances\.parameters\parameters.json` | `keys.value.uri` | | +| `modules\Microsoft.Network\applicationGateways\.parameters\parameters.json` | `sslCertificates.value.properties.keyVaultSecretId` | | +| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `appSettingsKeyValuePairs.value.EASYAUTH_SECRET` | Key Vault secret URI without version | +| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App | +| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app | diff --git a/docs/wiki/Solution creation.md b/docs/wiki/Solution creation.md index 8d3a037343..21437dd74f 100644 --- a/docs/wiki/Solution creation.md +++ b/docs/wiki/Solution creation.md @@ -57,8 +57,8 @@ Once you start building a solution using this library, you may wonder how best t - Use the [VS-Code extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep) for Bicep to enable DSL-native features such as auto-complete. Metadata implemented in the modules are automatically loaded through the extension. - Use the readme - - If you don't know how to use an object/array parameter, you can check if the module's ReadMe file specifies any 'Parameter Usage' block for the given parameter ([example](https://github.com/Azure/ResourceModules/blob/main/arm/Microsoft.AnalysisServices/servers/readme.md#parameter-usage-tags)) - or - check the module's `Deployment Examples` ([example](https://github.com/Azure/ResourceModules/blob/main/arm/Microsoft.AnalysisServices/servers/readme.md#deployment-examples)). - - In general, take note of the `Deployment Examples` specified in each module's ReadMe file, as they provide you with rich & tested examples of how a given module can be deployed ([example](https://github.com/Azure/ResourceModules/blob/main/arm/Microsoft.AnalysisServices/servers/readme.md#deployment-examples)). An easy way to get started is to copy one of the examples and then adjust it to your needs. + - If you don't know how to use an object/array parameter you can check if the module's ReadMe file specifies any 'Parameter Usage' block for set parameter ([example](https://github.com/Azure/ResourceModules/blob/main/modules/Microsoft.AnalysisServices/servers/readme.md#parameter-usage-tags)) - or - check the module's `Deployment Examples` ([example](https://github.com/Azure/ResourceModules/blob/main/modules/Microsoft.AnalysisServices/servers/readme.md#deployment-examples)). + - In general, take note of the `Deployment Examples` specified in each module's ReadMe file as they provide you with rich & tested examples of how set module can be deployed ([example](https://github.com/Azure/ResourceModules/blob/main/modules/Microsoft.AnalysisServices/servers/readme.md#deployment-examples)). An easy way to get started is to copy one of the examples and then adjust to it your needs. - Note the outputs that are returned by each module. - If an output you need isn't available, you have 2 choices: 1. Add the missing output to the module @@ -117,7 +117,7 @@ param subnets array = [ // =========== // // Resource Group -module rg '../arm/Microsoft.Resources/resourceGroups/deploy.bicep' = { +module rg '../modules/Microsoft.Resources/resourceGroups/deploy.bicep' = { name: 'registry-rg' params: { name: resourceGroupName @@ -126,7 +126,7 @@ module rg '../arm/Microsoft.Resources/resourceGroups/deploy.bicep' = { } // Network Security Group -module nsg '../arm/Microsoft.Network/networkSecurityGroups/deploy.bicep' = { +module nsg '../modules/Microsoft.Network/networkSecurityGroups/deploy.bicep' = { name: 'registry-nsg' scope: resourceGroup(resourceGroupName) params: { @@ -138,7 +138,7 @@ module nsg '../arm/Microsoft.Network/networkSecurityGroups/deploy.bicep' = { } // Virtual Network -module vnet '../arm/Microsoft.Network/virtualNetworks/deploy.bicep' = { +module vnet '../modules/Microsoft.Network/virtualNetworks/deploy.bicep' = { name: 'registry-vnet' scope: resourceGroup(resourceGroupName) params: { @@ -436,7 +436,7 @@ jobs: - name: 'Deploy resource group' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: './arm/Microsoft.Resources/resourceGroups/deploy.bicep' + templateFilePath: './modules/Microsoft.Resources/resourceGroups/deploy.bicep' parameterFilePath: './MultiRepoTestParentFolder/network-hub-rg/Parameters/ResourceGroup/parameters.json' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' @@ -447,7 +447,7 @@ jobs: - name: 'Deploy network security group' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: './arm/Microsoft.Network/networkSecurityGroups/deploy.bicep' + templateFilePath: './modules/Microsoft.Network/networkSecurityGroups/deploy.bicep' parameterFilePath: './MultiRepoTestParentFolder/network-hub-rg/Parameters/NetworkSecurityGroups/parameters.json' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' @@ -458,7 +458,7 @@ jobs: - name: 'Deploy virtual network A' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: './arm/Microsoft.Network/virtualNetworks/deploy.bicep' + templateFilePath: './modules/Microsoft.Network/virtualNetworks/deploy.bicep' parameterFilePath: './MultiRepoTestParentFolder/network-hub-rg/Parameters/VirtualNetwork/vnet-A.parameters.json' location: '${{ env.defaultLocation }}' resourceGroupName: '${{ env.resourceGroupName }}' diff --git a/docs/wiki/The CI environment - GitHub ReadMe module table update.md b/docs/wiki/The CI environment - GitHub ReadMe module table update.md index e7540f6ae3..a280f5bbd8 100644 --- a/docs/wiki/The CI environment - GitHub ReadMe module table update.md +++ b/docs/wiki/The CI environment - GitHub ReadMe module table update.md @@ -1,5 +1,5 @@ Use this script to update a given ReadMe's module table in its 'Available Resource Modules' section. -In the platform's pipeline `platform.updateReadMe.yml`, this script is invoked each time anything in the `arm` path changes to keep the table in sync. It updates both the root ReadMe ([`/readme.md`](https://github.com/Azure/ResourceModules/blob/main/README)) and `arm` folder ReadMe ([`/arm/readme.md`](https://github.com/Azure/ResourceModules/blob/main/arm/readme)) with a different set of required columns +In the platform's pipeline `platform.updateReadMe.yml`, this script is invoked each time anything in the `modules` path changes to keep the table in sync. It updates both the root ReadMe (`/readme.md`) and `modules` folder ReadMe (`/modules/readme.md`) with a different set of required columns --- diff --git a/docs/wiki/The CI environment - Pipeline design.md b/docs/wiki/The CI environment - Pipeline design.md index e48f49b75a..baa6bd150c 100644 --- a/docs/wiki/The CI environment - Pipeline design.md +++ b/docs/wiki/The CI environment - Pipeline design.md @@ -256,9 +256,9 @@ In addition to the above resources, the following secrets, keys and certificates The repository includes two major ReadMe files that should stay in sync with the available modules. -The first can be found in the repository root (`README.md`) and the second in the modules folder (`arm/README.md`). +The first can be found in the repository root (`README.md`) and the second in the modules folder (`modules/README.md`). -The ReadMe pipeline is triggered each time changes are pushed to the `main` branch and only if a template in the `arm` folder is being altered. The pipeline leverages the script documented on the [GitHub ReadMe module table update](./The%20CI%20environment%20-%20GitHub%20ReadMe%20module%20table%20update) page. +The ReadMe pipeline is triggered each time changes are pushed to the `main` branch and only if a template in the `modules` folder is being altered. The pipeline leverages the script documented in the [GitHub ReadMe module table update](./The%20CI%20environment%20-%20GitHub%20ReadMe%20module%20table%20update) page. Once triggered, the pipeline crawls through the library and updates the tables in each corresponding ReadMe file, creating links to the corresponding pipeline runs and updating the list of entries. diff --git a/docs/wiki/The CI environment - Static validation.md b/docs/wiki/The CI environment - Static validation.md index 0396ce7f4c..b4595ccabc 100644 --- a/docs/wiki/The CI environment - Static validation.md +++ b/docs/wiki/The CI environment - Static validation.md @@ -14,7 +14,7 @@ This section provides an overview of the principles the static validation is bui All module Unit tests are performed with the help of [Pester](https://github.com/pester/Pester) to ensure that the modules are configured correctly, documentation is up to date, and modules don't turn stale. -The following activities are performed by the [`arm/.global/global.module.tests.ps1`](https://github.com/Azure/ResourceModules/blob/main/arm/.global/global.module.tests.ps1) script. +The following activities are performed by the [`modules/.global/global.module.tests.ps1`](https://github.com/Azure/ResourceModules/blob/main/modules/.global/global.module.tests.ps1) script. - **File & folder tests** validate that the module folder structure is set up in the intended way, e.g.: - readme.md file exists @@ -50,7 +50,7 @@ In this phase, Pester analyzes the API version of each resource type deployed by In particular, each resource's API version is compared with those currently available on Azure. This test has a certain level of tolerance (does not enforce the latest version): the API version in use should be one of the 5 latest versions available (including preview versions) or one of the the 5 latest non-preview versions. -This test also leverages the [`arm/.global/global.module.tests.ps1`](https://github.com/Azure/ResourceModules/blob/main/arm/.global/global.module.tests.ps1) script. +This test also leverages the [`modules/.global/global.module.tests.ps1`](https://github.com/Azure/ResourceModules/blob/main/modules/.global/global.module.tests.ps1) script. # Verify the static validation of your module locally @@ -65,7 +65,7 @@ $pathToRepository = '' # REQUIRED INPUT FOR TESTING $TestModuleLocallyInput = @{ - templateFilePath = "$pathToRepository\arm\Microsoft.Authorization\roleDefinitions\deploy.bicep" + templateFilePath = "$pathToRepository\modules\Microsoft.Authorization\roleDefinitions\deploy.bicep" PesterTest = $true DeploymentTest = $false ValidationTest = $false diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 4871057553..714282abff 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -38,9 +38,9 @@ They can be deployed in different configurations just by changing the input para # General guidelines -- All resource modules in the 'arm' folder should not allow deployment loops on the top-level resource but may optionally allow deployment loops on their child resources. +- All resource modules in the 'modules' folder should not allow deployment loops on the top-level resource but may optionally allow deployment loops on their child resources. > **Example:** The storage account module allows the deployment of a single storage account with, optionally, multiple blob containers, multiple file shares, multiple queues and/or multiple tables. -- The 'constructs' folder contains examples of deployment logic built on top of resource modules included in the 'arm' folder, allowing for example, deployment loops on top-level resources. +- The 'constructs' folder contains examples of deployment logic built on top of resource modules included in the 'modules' folder, allowing for example, deployment loops on top-level resources. > **Example:** The VirtualNetworkPeering construct leverages the VirtualNetworkPeering module to deploy multiple virtual network peering connections at once. - Where the resource type in question supports it, the module should have support for: 1. **Diagnostic logs** and **metrics** (you can have them sent to one ore more of the following destination types: storage account, log analytics and event hub). @@ -63,7 +63,7 @@ A **CARML module** consists of - One or multiple template parameters files (`*parameters.json`) that will be used for testing, located in the `.parameters` subfolder. - A `readme.md` file which describes the module itself. -A module usually represents a single resource or a set of closely related resources. For example, a storage account and the associated lock or virtual machine and network interfaces. Modules are located in the `arm` folder. +A module usually represents a single resource or a set of closely related resources. For example, a storage account and the associated lock or virtual machine and network interfaces. Modules are located in the `modules` folder. Also, each module should be implemented with all capabilities it and its children support. This includes - `Locks` diff --git a/docs/wiki/The library - Module usage.md b/docs/wiki/The library - Module usage.md index d6e6c423d8..ed03ba247d 100644 --- a/docs/wiki/The library - Module usage.md +++ b/docs/wiki/The library - Module usage.md @@ -33,9 +33,9 @@ $inputObject = @{ ResourceGroupName = 'ExampleGroup' TemplateParameterFile = 'parameters.json' # Using a local reference - TemplateFile = "$home\ResourceModules\arm\Microsoft.KeyVault\vault\deploy.bicep" + TemplateFile = "$home\ResourceModules\modules\Microsoft.KeyVault\vault\deploy.bicep" # Using a remote reference - # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.KeyVault/vaults/deploy.bicep' + # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.KeyVault/vaults/deploy.bicep' } New-AzResourceGroupDeployment @inputObject ``` @@ -57,9 +57,9 @@ $inputObject = @{ TemplateParameterFile = 'parameters.json' Location = 'EastUS2' # Using a local reference - TemplateFile = "$home\ResourceModules\arm\Microsoft.Resources\resourceGroups\deploy.bicep" + TemplateFile = "$home\ResourceModules\modules\Microsoft.Resources\resourceGroups\deploy.bicep" # Using a remote reference - # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Resources/resourceGroups/deploy.bicep' + # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Resources/resourceGroups/deploy.bicep' } New-AzDeployment @inputObject ``` @@ -82,9 +82,9 @@ $inputObject = @{ Location = 'EastUS2' TemplateParameterFile = 'parameters.json' # Using a local reference - TemplateFile = "$home\ResourceModules\arm\Microsoft.Authorization\policyAssignments\managementGroup\deploy.bicep" + TemplateFile = "$home\ResourceModules\modules\Microsoft.Authorization\policyAssignments\managementGroup\deploy.bicep" # Using a remote reference - # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep' + # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep' } New-AzManagementGroupDeployment @inputObject ``` @@ -106,9 +106,9 @@ $inputObject = @{ TemplateParameterFile = 'parameters.json' Location = 'EastUS2' # Using a local reference - TemplateFile = "$home\ResourceModules\arm\Microsoft.Subscription\aliases\deploy.bicep" + TemplateFile = "$home\ResourceModules\modules\Microsoft.Subscription\aliases\deploy.bicep" # Using a remote reference - # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Subscription/aliases/deploy.bicep' + # TemplateUri = 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Subscription/aliases/deploy.bicep' } New-AzTenantDeployment @inputObject ``` @@ -133,9 +133,9 @@ $inputObject = @( '--resource-group', 'ExampleGroup', '--parameters', '@parameters.json', # Using a local reference - '--template-file', "$home\ResourceModules\arm\Microsoft.Storage\storageAccounts\deploy.bicep", + '--template-file', "$home\ResourceModules\modules\Microsoft.Storage\storageAccounts\deploy.bicep", # Using a remote reference - # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Storage/storageAccounts/deploy.bicep' + # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Storage/storageAccounts/deploy.bicep' ) az deployment group create @inputObject ``` @@ -157,9 +157,9 @@ $inputObject = @( '--parameters', '@parameters.json', '--location', 'EastUS2', # Using a local reference - '--template-file', "$home\ResourceModules\arm\Microsoft.Resources\resourceGroups\deploy.bicep" + '--template-file', "$home\ResourceModules\modules\Microsoft.Resources\resourceGroups\deploy.bicep" # Using a remote reference - # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Resources/resourceGroups/deploy.bicep' + # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Resources/resourceGroups/deploy.bicep' ) az deployment sub create @inputObject ``` @@ -182,9 +182,9 @@ $inputObject = @( '--location', 'EastUS2', '--management-group-id', 'myManagementGroup', # Using a local reference - '--template-file', "$home\ResourceModules\arm\Microsoft.Authorization\policyAssignments\managementGroup\deploy.bicep" + '--template-file', "$home\ResourceModules\modules\Microsoft.Authorization\policyAssignments\managementGroup\deploy.bicep" # Using a remote reference - # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep' + # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep' ) az deployment mg create @inputObject ``` @@ -206,9 +206,9 @@ $inputObject = @( '--parameters', '@parameters.json', '--location', 'EastUS2', # Using a local reference - '--template-file', "$home\ResourceModules\arm\Microsoft.Subscription\aliases\deploy.bicep" + '--template-file', "$home\ResourceModules\modules\Microsoft.Subscription\aliases\deploy.bicep" # Using a remote reference - # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/arm/Microsoft.Subscription/aliases/deploy.bicep' + # '--template-uri', 'https://raw.githubusercontent.com/Azure/ResourceModules/main/modules/Microsoft.Subscription/aliases/deploy.bicep' ) az deployment tenant create @inputObject ``` diff --git a/arm/.global/global.module.tests.ps1 b/modules/.global/global.module.tests.ps1 similarity index 98% rename from arm/.global/global.module.tests.ps1 rename to modules/.global/global.module.tests.ps1 index 049c61f1fa..3233d33690 100644 --- a/arm/.global/global.module.tests.ps1 +++ b/modules/.global/global.module.tests.ps1 @@ -38,9 +38,9 @@ Describe 'File/folder tests' -Tag Modules { $moduleFolderTestCases = [System.Collections.ArrayList] @() foreach ($moduleFolderPath in $moduleFolderPaths) { $moduleFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] moduleFolderPath = $moduleFolderPath - isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1].Split('/').Count -eq 2 # / + isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Split('/').Count -eq 2 # / } } @@ -108,7 +108,7 @@ Describe 'File/folder tests' -Tag Modules { foreach ($moduleFolderPath in $moduleFolderPaths) { if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { $folderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] moduleFolderPath = $moduleFolderPath } } @@ -130,7 +130,7 @@ Describe 'File/folder tests' -Tag Modules { if (Test-Path $parameterFolderPath) { foreach ($parameterFile in (Get-ChildItem $parameterFolderPath -Filter '*parameters.json' -Force)) { $parameterFolderFilesTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] parameterFilePath = $parameterFile.FullName } } @@ -156,7 +156,7 @@ Describe 'Readme tests' -Tag Readme { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -185,13 +185,13 @@ Describe 'Readme tests' -Tag Readme { } $readmeFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] moduleFolderPath = $moduleFolderPath templateContent = $templateContent templateFilePath = $templateFilePath readMeFilePath = Join-Path -Path $moduleFolderPath 'readme.md' readMeContent = Get-Content (Join-Path -Path $moduleFolderPath 'readme.md') - isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1].Split('/').Count -eq 2 # / + isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Split('/').Count -eq 2 # / } } @@ -471,7 +471,7 @@ Describe 'Deployment template tests' -Tag Template { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -522,7 +522,7 @@ Describe 'Deployment template tests' -Tag Template { # Test file setup $deploymentFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] templateContent = $templateContent templateFilePath = $templateFilePath parameterFileTestCases = $parameterFileTestCases @@ -740,7 +740,7 @@ Describe 'Deployment template tests' -Tag Template { $outputs = $templateContent.outputs - $primaryResourceType = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/arm/')[1] + $primaryResourceType = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/modules/')[1] $primaryResourceTypeResource = $templateContent.resources | Where-Object { $_.type -eq $primaryResourceType } if ($primaryResourceTypeResource.keys -contains 'location' -and $primaryResourceTypeResource.location -ne 'global') { @@ -777,7 +777,7 @@ Describe 'Deployment template tests' -Tag Template { ) # check if module contains a 'primary' resource we could draw a name from - $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/arm/')[1] -Parent) -replace '\\', '/' + $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/modules/')[1] -Parent) -replace '\\', '/' if ($templateContent.resources.type -notcontains $moduleResourceType) { Set-ItResult -Skipped -Because 'the module template has no primary resource to fetch a name from.' return @@ -797,7 +797,7 @@ Describe 'Deployment template tests' -Tag Template { ) # check if module contains a 'primary' resource we could draw a name from - $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/arm/')[1] -Parent) -replace '\\', '/' + $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/modules/')[1] -Parent) -replace '\\', '/' if ($templateContent.resources.type -notcontains $moduleResourceType) { Set-ItResult -Skipped -Because 'the module template has no primary resource to fetch a resource ID from.' return @@ -927,7 +927,7 @@ Describe 'Deployment template tests' -Tag Template { tokenSettings = $Settings.parameterFileTokens tokenName = $token tokenValue = $enforcedTokenList[$token] - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] } } } @@ -960,10 +960,10 @@ Describe "API version tests [All apiVersions in the template should be 'recent'] $ApiVersions = Get-AzResourceProvider -ListAvailable foreach ($moduleFolderPath in $moduleFolderPaths) { - $moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] + $moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' diff --git a/arm/.global/shared/helper.psm1 b/modules/.global/shared/helper.psm1 similarity index 100% rename from arm/.global/shared/helper.psm1 rename to modules/.global/shared/helper.psm1 diff --git a/arm/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.AAD/DomainServices/.parameters/parameters.json b/modules/Microsoft.AAD/DomainServices/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.AAD/DomainServices/.parameters/parameters.json rename to modules/Microsoft.AAD/DomainServices/.parameters/parameters.json diff --git a/arm/Microsoft.AAD/DomainServices/deploy.bicep b/modules/Microsoft.AAD/DomainServices/deploy.bicep similarity index 100% rename from arm/Microsoft.AAD/DomainServices/deploy.bicep rename to modules/Microsoft.AAD/DomainServices/deploy.bicep diff --git a/arm/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md similarity index 100% rename from arm/Microsoft.AAD/DomainServices/readme.md rename to modules/Microsoft.AAD/DomainServices/readme.md diff --git a/arm/Microsoft.AAD/DomainServices/version.json b/modules/Microsoft.AAD/DomainServices/version.json similarity index 100% rename from arm/Microsoft.AAD/DomainServices/version.json rename to modules/Microsoft.AAD/DomainServices/version.json diff --git a/arm/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json b/modules/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json rename to modules/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json diff --git a/arm/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json b/modules/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json rename to modules/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json diff --git a/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json b/modules/Microsoft.AnalysisServices/servers/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json rename to modules/Microsoft.AnalysisServices/servers/.parameters/parameters.json diff --git a/arm/Microsoft.AnalysisServices/servers/deploy.bicep b/modules/Microsoft.AnalysisServices/servers/deploy.bicep similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/deploy.bicep rename to modules/Microsoft.AnalysisServices/servers/deploy.bicep diff --git a/arm/Microsoft.AnalysisServices/servers/readme.md b/modules/Microsoft.AnalysisServices/servers/readme.md similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/readme.md rename to modules/Microsoft.AnalysisServices/servers/readme.md diff --git a/arm/Microsoft.AnalysisServices/servers/version.json b/modules/Microsoft.AnalysisServices/servers/version.json similarity index 100% rename from arm/Microsoft.AnalysisServices/servers/version.json rename to modules/Microsoft.AnalysisServices/servers/version.json diff --git a/arm/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep b/modules/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep rename to modules/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep diff --git a/arm/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json b/modules/Microsoft.ApiManagement/service/.parameters/max.parameters.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json rename to modules/Microsoft.ApiManagement/service/.parameters/max.parameters.json diff --git a/arm/Microsoft.ApiManagement/service/.parameters/min.parameters.json b/modules/Microsoft.ApiManagement/service/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/.parameters/min.parameters.json rename to modules/Microsoft.ApiManagement/service/.parameters/min.parameters.json diff --git a/arm/Microsoft.ApiManagement/service/.parameters/parameters.json b/modules/Microsoft.ApiManagement/service/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/.parameters/parameters.json rename to modules/Microsoft.ApiManagement/service/.parameters/parameters.json diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep b/modules/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep rename to modules/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md b/modules/Microsoft.ApiManagement/service/apiVersionSets/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md rename to modules/Microsoft.ApiManagement/service/apiVersionSets/readme.md diff --git a/arm/Microsoft.ApiManagement/service/apiVersionSets/version.json b/modules/Microsoft.ApiManagement/service/apiVersionSets/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/apiVersionSets/version.json rename to modules/Microsoft.ApiManagement/service/apiVersionSets/version.json diff --git a/arm/Microsoft.ApiManagement/service/apis/deploy.bicep b/modules/Microsoft.ApiManagement/service/apis/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/deploy.bicep rename to modules/Microsoft.ApiManagement/service/apis/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep b/modules/Microsoft.ApiManagement/service/apis/policies/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep rename to modules/Microsoft.ApiManagement/service/apis/policies/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/readme.md b/modules/Microsoft.ApiManagement/service/apis/policies/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/policies/readme.md rename to modules/Microsoft.ApiManagement/service/apis/policies/readme.md diff --git a/arm/Microsoft.ApiManagement/service/apis/policies/version.json b/modules/Microsoft.ApiManagement/service/apis/policies/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/policies/version.json rename to modules/Microsoft.ApiManagement/service/apis/policies/version.json diff --git a/arm/Microsoft.ApiManagement/service/apis/readme.md b/modules/Microsoft.ApiManagement/service/apis/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/readme.md rename to modules/Microsoft.ApiManagement/service/apis/readme.md diff --git a/arm/Microsoft.ApiManagement/service/apis/version.json b/modules/Microsoft.ApiManagement/service/apis/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/apis/version.json rename to modules/Microsoft.ApiManagement/service/apis/version.json diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep b/modules/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep rename to modules/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md b/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/authorizationServers/readme.md rename to modules/Microsoft.ApiManagement/service/authorizationServers/readme.md diff --git a/arm/Microsoft.ApiManagement/service/authorizationServers/version.json b/modules/Microsoft.ApiManagement/service/authorizationServers/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/authorizationServers/version.json rename to modules/Microsoft.ApiManagement/service/authorizationServers/version.json diff --git a/arm/Microsoft.ApiManagement/service/backends/deploy.bicep b/modules/Microsoft.ApiManagement/service/backends/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/backends/deploy.bicep rename to modules/Microsoft.ApiManagement/service/backends/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/backends/readme.md b/modules/Microsoft.ApiManagement/service/backends/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/backends/readme.md rename to modules/Microsoft.ApiManagement/service/backends/readme.md diff --git a/arm/Microsoft.ApiManagement/service/backends/version.json b/modules/Microsoft.ApiManagement/service/backends/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/backends/version.json rename to modules/Microsoft.ApiManagement/service/backends/version.json diff --git a/arm/Microsoft.ApiManagement/service/caches/deploy.bicep b/modules/Microsoft.ApiManagement/service/caches/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/caches/deploy.bicep rename to modules/Microsoft.ApiManagement/service/caches/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/caches/readme.md b/modules/Microsoft.ApiManagement/service/caches/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/caches/readme.md rename to modules/Microsoft.ApiManagement/service/caches/readme.md diff --git a/arm/Microsoft.ApiManagement/service/caches/version.json b/modules/Microsoft.ApiManagement/service/caches/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/caches/version.json rename to modules/Microsoft.ApiManagement/service/caches/version.json diff --git a/arm/Microsoft.ApiManagement/service/deploy.bicep b/modules/Microsoft.ApiManagement/service/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/deploy.bicep rename to modules/Microsoft.ApiManagement/service/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep b/modules/Microsoft.ApiManagement/service/identityProviders/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep rename to modules/Microsoft.ApiManagement/service/identityProviders/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/readme.md b/modules/Microsoft.ApiManagement/service/identityProviders/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/identityProviders/readme.md rename to modules/Microsoft.ApiManagement/service/identityProviders/readme.md diff --git a/arm/Microsoft.ApiManagement/service/identityProviders/version.json b/modules/Microsoft.ApiManagement/service/identityProviders/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/identityProviders/version.json rename to modules/Microsoft.ApiManagement/service/identityProviders/version.json diff --git a/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep b/modules/Microsoft.ApiManagement/service/namedValues/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep rename to modules/Microsoft.ApiManagement/service/namedValues/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/namedValues/readme.md b/modules/Microsoft.ApiManagement/service/namedValues/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/namedValues/readme.md rename to modules/Microsoft.ApiManagement/service/namedValues/readme.md diff --git a/arm/Microsoft.ApiManagement/service/namedValues/version.json b/modules/Microsoft.ApiManagement/service/namedValues/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/namedValues/version.json rename to modules/Microsoft.ApiManagement/service/namedValues/version.json diff --git a/arm/Microsoft.ApiManagement/service/policies/deploy.bicep b/modules/Microsoft.ApiManagement/service/policies/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/policies/deploy.bicep rename to modules/Microsoft.ApiManagement/service/policies/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/policies/readme.md b/modules/Microsoft.ApiManagement/service/policies/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/policies/readme.md rename to modules/Microsoft.ApiManagement/service/policies/readme.md diff --git a/arm/Microsoft.ApiManagement/service/policies/version.json b/modules/Microsoft.ApiManagement/service/policies/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/policies/version.json rename to modules/Microsoft.ApiManagement/service/policies/version.json diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep b/modules/Microsoft.ApiManagement/service/portalsettings/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep rename to modules/Microsoft.ApiManagement/service/portalsettings/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/readme.md b/modules/Microsoft.ApiManagement/service/portalsettings/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/portalsettings/readme.md rename to modules/Microsoft.ApiManagement/service/portalsettings/readme.md diff --git a/arm/Microsoft.ApiManagement/service/portalsettings/version.json b/modules/Microsoft.ApiManagement/service/portalsettings/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/portalsettings/version.json rename to modules/Microsoft.ApiManagement/service/portalsettings/version.json diff --git a/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep b/modules/Microsoft.ApiManagement/service/products/apis/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep rename to modules/Microsoft.ApiManagement/service/products/apis/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/products/apis/readme.md b/modules/Microsoft.ApiManagement/service/products/apis/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/apis/readme.md rename to modules/Microsoft.ApiManagement/service/products/apis/readme.md diff --git a/arm/Microsoft.ApiManagement/service/products/apis/version.json b/modules/Microsoft.ApiManagement/service/products/apis/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/apis/version.json rename to modules/Microsoft.ApiManagement/service/products/apis/version.json diff --git a/arm/Microsoft.ApiManagement/service/products/deploy.bicep b/modules/Microsoft.ApiManagement/service/products/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/deploy.bicep rename to modules/Microsoft.ApiManagement/service/products/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep b/modules/Microsoft.ApiManagement/service/products/groups/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep rename to modules/Microsoft.ApiManagement/service/products/groups/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/products/groups/readme.md b/modules/Microsoft.ApiManagement/service/products/groups/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/groups/readme.md rename to modules/Microsoft.ApiManagement/service/products/groups/readme.md diff --git a/arm/Microsoft.ApiManagement/service/products/groups/version.json b/modules/Microsoft.ApiManagement/service/products/groups/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/groups/version.json rename to modules/Microsoft.ApiManagement/service/products/groups/version.json diff --git a/arm/Microsoft.ApiManagement/service/products/readme.md b/modules/Microsoft.ApiManagement/service/products/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/readme.md rename to modules/Microsoft.ApiManagement/service/products/readme.md diff --git a/arm/Microsoft.ApiManagement/service/products/version.json b/modules/Microsoft.ApiManagement/service/products/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/products/version.json rename to modules/Microsoft.ApiManagement/service/products/version.json diff --git a/arm/Microsoft.ApiManagement/service/readme.md b/modules/Microsoft.ApiManagement/service/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/readme.md rename to modules/Microsoft.ApiManagement/service/readme.md diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep b/modules/Microsoft.ApiManagement/service/subscriptions/deploy.bicep similarity index 100% rename from arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep rename to modules/Microsoft.ApiManagement/service/subscriptions/deploy.bicep diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/readme.md b/modules/Microsoft.ApiManagement/service/subscriptions/readme.md similarity index 100% rename from arm/Microsoft.ApiManagement/service/subscriptions/readme.md rename to modules/Microsoft.ApiManagement/service/subscriptions/readme.md diff --git a/arm/Microsoft.ApiManagement/service/subscriptions/version.json b/modules/Microsoft.ApiManagement/service/subscriptions/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/subscriptions/version.json rename to modules/Microsoft.ApiManagement/service/subscriptions/version.json diff --git a/arm/Microsoft.ApiManagement/service/version.json b/modules/Microsoft.ApiManagement/service/version.json similarity index 100% rename from arm/Microsoft.ApiManagement/service/version.json rename to modules/Microsoft.ApiManagement/service/version.json diff --git a/arm/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json rename to modules/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json diff --git a/arm/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json rename to modules/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json diff --git a/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep rename to modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep diff --git a/arm/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep rename to modules/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep diff --git a/arm/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md rename to modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md diff --git a/arm/Microsoft.AppConfiguration/configurationStores/keyValues/version.json b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/version.json similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/keyValues/version.json rename to modules/Microsoft.AppConfiguration/configurationStores/keyValues/version.json diff --git a/arm/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/readme.md rename to modules/Microsoft.AppConfiguration/configurationStores/readme.md diff --git a/arm/Microsoft.AppConfiguration/configurationStores/version.json b/modules/Microsoft.AppConfiguration/configurationStores/version.json similarity index 100% rename from arm/Microsoft.AppConfiguration/configurationStores/version.json rename to modules/Microsoft.AppConfiguration/configurationStores/version.json diff --git a/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/locks/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/locks/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Authorization/locks/deploy.bicep b/modules/Microsoft.Authorization/locks/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/locks/deploy.bicep rename to modules/Microsoft.Authorization/locks/deploy.bicep diff --git a/arm/Microsoft.Authorization/locks/readme.md b/modules/Microsoft.Authorization/locks/readme.md similarity index 100% rename from arm/Microsoft.Authorization/locks/readme.md rename to modules/Microsoft.Authorization/locks/readme.md diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/locks/resourceGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep rename to modules/Microsoft.Authorization/locks/resourceGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/readme.md b/modules/Microsoft.Authorization/locks/resourceGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/locks/resourceGroup/readme.md rename to modules/Microsoft.Authorization/locks/resourceGroup/readme.md diff --git a/arm/Microsoft.Authorization/locks/resourceGroup/version.json b/modules/Microsoft.Authorization/locks/resourceGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/locks/resourceGroup/version.json rename to modules/Microsoft.Authorization/locks/resourceGroup/version.json diff --git a/arm/Microsoft.Authorization/locks/subscription/deploy.bicep b/modules/Microsoft.Authorization/locks/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/locks/subscription/deploy.bicep rename to modules/Microsoft.Authorization/locks/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/locks/subscription/readme.md b/modules/Microsoft.Authorization/locks/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/locks/subscription/readme.md rename to modules/Microsoft.Authorization/locks/subscription/readme.md diff --git a/arm/Microsoft.Authorization/locks/subscription/version.json b/modules/Microsoft.Authorization/locks/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/locks/subscription/version.json rename to modules/Microsoft.Authorization/locks/subscription/version.json diff --git a/arm/Microsoft.Authorization/locks/version.json b/modules/Microsoft.Authorization/locks/version.json similarity index 100% rename from arm/Microsoft.Authorization/locks/version.json rename to modules/Microsoft.Authorization/locks/version.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/policyAssignments/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/deploy.bicep rename to modules/Microsoft.Authorization/policyAssignments/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md rename to modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/policyAssignments/managementGroup/version.json b/modules/Microsoft.Authorization/policyAssignments/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/managementGroup/version.json rename to modules/Microsoft.Authorization/policyAssignments/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/policyAssignments/readme.md b/modules/Microsoft.Authorization/policyAssignments/readme.md similarity index 99% rename from arm/Microsoft.Authorization/policyAssignments/readme.md rename to modules/Microsoft.Authorization/policyAssignments/readme.md index 258fa3d2a6..9ee3780a3d 100644 --- a/arm/Microsoft.Authorization/policyAssignments/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/readme.md @@ -154,7 +154,7 @@ module policyassignment 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.aut ``` **Local Path Reference** ```bicep -module policyassignment 'yourpath/arm/Microsoft.Authorization.policyAssignments/subscription/deploy.bicep' = {} +module policyassignment 'yourpath/modules/Microsoft.Authorization.policyAssignments/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep rename to modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md rename to modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md diff --git a/arm/Microsoft.Authorization/policyAssignments/resourceGroup/version.json b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/resourceGroup/version.json rename to modules/Microsoft.Authorization/policyAssignments/resourceGroup/version.json diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep rename to modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/subscription/readme.md rename to modules/Microsoft.Authorization/policyAssignments/subscription/readme.md diff --git a/arm/Microsoft.Authorization/policyAssignments/subscription/version.json b/modules/Microsoft.Authorization/policyAssignments/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/subscription/version.json rename to modules/Microsoft.Authorization/policyAssignments/subscription/version.json diff --git a/arm/Microsoft.Authorization/policyAssignments/version.json b/modules/Microsoft.Authorization/policyAssignments/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyAssignments/version.json rename to modules/Microsoft.Authorization/policyAssignments/version.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep b/modules/Microsoft.Authorization/policyDefinitions/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/deploy.bicep rename to modules/Microsoft.Authorization/policyDefinitions/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md b/modules/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md rename to modules/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/policyDefinitions/managementGroup/version.json b/modules/Microsoft.Authorization/policyDefinitions/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/managementGroup/version.json rename to modules/Microsoft.Authorization/policyDefinitions/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/readme.md b/modules/Microsoft.Authorization/policyDefinitions/readme.md similarity index 99% rename from arm/Microsoft.Authorization/policyDefinitions/readme.md rename to modules/Microsoft.Authorization/policyDefinitions/readme.md index 62b291946a..c35c3d5ed4 100644 --- a/arm/Microsoft.Authorization/policyDefinitions/readme.md +++ b/modules/Microsoft.Authorization/policyDefinitions/readme.md @@ -113,7 +113,7 @@ module policydefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.aut ``` **Local Path Reference** ```bicep -module policydefinition 'yourpath/arm/Microsoft.Authorization.policyDefinitions/subscription/deploy.bicep' = {} +module policydefinition 'yourpath/modules/Microsoft.Authorization.policyDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep rename to modules/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md b/modules/Microsoft.Authorization/policyDefinitions/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md rename to modules/Microsoft.Authorization/policyDefinitions/subscription/readme.md diff --git a/arm/Microsoft.Authorization/policyDefinitions/subscription/version.json b/modules/Microsoft.Authorization/policyDefinitions/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/subscription/version.json rename to modules/Microsoft.Authorization/policyDefinitions/subscription/version.json diff --git a/arm/Microsoft.Authorization/policyDefinitions/version.json b/modules/Microsoft.Authorization/policyDefinitions/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyDefinitions/version.json rename to modules/Microsoft.Authorization/policyDefinitions/version.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/policyExemptions/deploy.bicep b/modules/Microsoft.Authorization/policyExemptions/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/deploy.bicep rename to modules/Microsoft.Authorization/policyExemptions/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md b/modules/Microsoft.Authorization/policyExemptions/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md rename to modules/Microsoft.Authorization/policyExemptions/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/policyExemptions/managementGroup/version.json b/modules/Microsoft.Authorization/policyExemptions/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/managementGroup/version.json rename to modules/Microsoft.Authorization/policyExemptions/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/policyExemptions/readme.md b/modules/Microsoft.Authorization/policyExemptions/readme.md similarity index 99% rename from arm/Microsoft.Authorization/policyExemptions/readme.md rename to modules/Microsoft.Authorization/policyExemptions/readme.md index f97ba36da0..77204717f5 100644 --- a/arm/Microsoft.Authorization/policyExemptions/readme.md +++ b/modules/Microsoft.Authorization/policyExemptions/readme.md @@ -132,7 +132,7 @@ module policyexemption 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.auth ``` **Local Path Reference** ```bicep -module policyexemption 'yourpath/arm/Microsoft.Authorization.policyExemptions/subscription/deploy.bicep' = {} +module policyexemption 'yourpath/modules/Microsoft.Authorization.policyExemptions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep rename to modules/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md b/modules/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md rename to modules/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md diff --git a/arm/Microsoft.Authorization/policyExemptions/resourceGroup/version.json b/modules/Microsoft.Authorization/policyExemptions/resourceGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/resourceGroup/version.json rename to modules/Microsoft.Authorization/policyExemptions/resourceGroup/version.json diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep rename to modules/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md b/modules/Microsoft.Authorization/policyExemptions/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/subscription/readme.md rename to modules/Microsoft.Authorization/policyExemptions/subscription/readme.md diff --git a/arm/Microsoft.Authorization/policyExemptions/subscription/version.json b/modules/Microsoft.Authorization/policyExemptions/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/subscription/version.json rename to modules/Microsoft.Authorization/policyExemptions/subscription/version.json diff --git a/arm/Microsoft.Authorization/policyExemptions/version.json b/modules/Microsoft.Authorization/policyExemptions/version.json similarity index 100% rename from arm/Microsoft.Authorization/policyExemptions/version.json rename to modules/Microsoft.Authorization/policyExemptions/version.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep b/modules/Microsoft.Authorization/policySetDefinitions/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep rename to modules/Microsoft.Authorization/policySetDefinitions/deploy.bicep diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md b/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md rename to modules/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json b/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json rename to modules/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/readme.md b/modules/Microsoft.Authorization/policySetDefinitions/readme.md similarity index 99% rename from arm/Microsoft.Authorization/policySetDefinitions/readme.md rename to modules/Microsoft.Authorization/policySetDefinitions/readme.md index 8a47a3172e..ca6fba54e6 100644 --- a/arm/Microsoft.Authorization/policySetDefinitions/readme.md +++ b/modules/Microsoft.Authorization/policySetDefinitions/readme.md @@ -116,7 +116,7 @@ module policysetdefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft. ``` **Local Path Reference** ```bicep -module policysetdefinition 'yourpath/arm/Microsoft.Authorization.policySetDefinitions/subscription/deploy.bicep' = {} +module policysetdefinition 'yourpath/modules/Microsoft.Authorization.policySetDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep b/modules/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep rename to modules/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md b/modules/Microsoft.Authorization/policySetDefinitions/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md rename to modules/Microsoft.Authorization/policySetDefinitions/subscription/readme.md diff --git a/arm/Microsoft.Authorization/policySetDefinitions/subscription/version.json b/modules/Microsoft.Authorization/policySetDefinitions/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/subscription/version.json rename to modules/Microsoft.Authorization/policySetDefinitions/subscription/version.json diff --git a/arm/Microsoft.Authorization/policySetDefinitions/version.json b/modules/Microsoft.Authorization/policySetDefinitions/version.json similarity index 100% rename from arm/Microsoft.Authorization/policySetDefinitions/version.json rename to modules/Microsoft.Authorization/policySetDefinitions/version.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/roleAssignments/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/deploy.bicep rename to modules/Microsoft.Authorization/roleAssignments/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md rename to modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/roleAssignments/managementGroup/version.json b/modules/Microsoft.Authorization/roleAssignments/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/managementGroup/version.json rename to modules/Microsoft.Authorization/roleAssignments/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/roleAssignments/readme.md b/modules/Microsoft.Authorization/roleAssignments/readme.md similarity index 99% rename from arm/Microsoft.Authorization/roleAssignments/readme.md rename to modules/Microsoft.Authorization/roleAssignments/readme.md index c78f67fac0..b1f3aa4d16 100644 --- a/arm/Microsoft.Authorization/roleAssignments/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/readme.md @@ -150,7 +150,7 @@ module roleassignment 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.autho ``` **Local Path Reference** ```bicep -module roleassignment 'yourpath/arm/Microsoft.Authorization.roleAssignments/subscription/deploy.bicep' = {} +module roleassignment 'yourpath/modules/Microsoft.Authorization.roleAssignments/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep rename to modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md rename to modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md diff --git a/arm/Microsoft.Authorization/roleAssignments/resourceGroup/version.json b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/resourceGroup/version.json rename to modules/Microsoft.Authorization/roleAssignments/resourceGroup/version.json diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep rename to modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md b/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/subscription/readme.md rename to modules/Microsoft.Authorization/roleAssignments/subscription/readme.md diff --git a/arm/Microsoft.Authorization/roleAssignments/subscription/version.json b/modules/Microsoft.Authorization/roleAssignments/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/subscription/version.json rename to modules/Microsoft.Authorization/roleAssignments/subscription/version.json diff --git a/arm/Microsoft.Authorization/roleAssignments/version.json b/modules/Microsoft.Authorization/roleAssignments/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleAssignments/version.json rename to modules/Microsoft.Authorization/roleAssignments/version.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep b/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/deploy.bicep rename to modules/Microsoft.Authorization/roleDefinitions/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep rename to modules/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md b/modules/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md rename to modules/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md diff --git a/arm/Microsoft.Authorization/roleDefinitions/managementGroup/version.json b/modules/Microsoft.Authorization/roleDefinitions/managementGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/managementGroup/version.json rename to modules/Microsoft.Authorization/roleDefinitions/managementGroup/version.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/readme.md b/modules/Microsoft.Authorization/roleDefinitions/readme.md similarity index 99% rename from arm/Microsoft.Authorization/roleDefinitions/readme.md rename to modules/Microsoft.Authorization/roleDefinitions/readme.md index fdc02fd430..6d74ed6ac8 100644 --- a/arm/Microsoft.Authorization/roleDefinitions/readme.md +++ b/modules/Microsoft.Authorization/roleDefinitions/readme.md @@ -150,7 +150,7 @@ module roledefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.autho ``` **Local Path Reference** ```bicep -module roledefinition 'yourpath/arm/Microsoft.Authorization.roleDefinitions/subscription/deploy.bicep' = {} +module roledefinition 'yourpath/modules/Microsoft.Authorization.roleDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep rename to modules/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md b/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md rename to modules/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md diff --git a/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json b/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json rename to modules/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep b/modules/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep rename to modules/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md b/modules/Microsoft.Authorization/roleDefinitions/subscription/readme.md similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md rename to modules/Microsoft.Authorization/roleDefinitions/subscription/readme.md diff --git a/arm/Microsoft.Authorization/roleDefinitions/subscription/version.json b/modules/Microsoft.Authorization/roleDefinitions/subscription/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/subscription/version.json rename to modules/Microsoft.Authorization/roleDefinitions/subscription/version.json diff --git a/arm/Microsoft.Authorization/roleDefinitions/version.json b/modules/Microsoft.Authorization/roleDefinitions/version.json similarity index 100% rename from arm/Microsoft.Authorization/roleDefinitions/version.json rename to modules/Microsoft.Authorization/roleDefinitions/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json b/modules/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json rename to modules/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json b/modules/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json diff --git a/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json b/modules/Microsoft.Automation/automationAccounts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json rename to modules/Microsoft.Automation/automationAccounts/.parameters/parameters.json diff --git a/arm/Microsoft.Automation/automationAccounts/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/jobSchedules/readme.md b/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/jobSchedules/readme.md rename to modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/jobSchedules/version.json b/modules/Microsoft.Automation/automationAccounts/jobSchedules/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/jobSchedules/version.json rename to modules/Microsoft.Automation/automationAccounts/jobSchedules/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/modules/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/modules/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/modules/readme.md b/modules/Microsoft.Automation/automationAccounts/modules/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/modules/readme.md rename to modules/Microsoft.Automation/automationAccounts/modules/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/modules/version.json b/modules/Microsoft.Automation/automationAccounts/modules/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/modules/version.json rename to modules/Microsoft.Automation/automationAccounts/modules/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/readme.md rename to modules/Microsoft.Automation/automationAccounts/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/runbooks/readme.md b/modules/Microsoft.Automation/automationAccounts/runbooks/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/runbooks/readme.md rename to modules/Microsoft.Automation/automationAccounts/runbooks/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/runbooks/version.json b/modules/Microsoft.Automation/automationAccounts/runbooks/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/runbooks/version.json rename to modules/Microsoft.Automation/automationAccounts/runbooks/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/schedules/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/schedules/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/schedules/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/schedules/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/schedules/readme.md b/modules/Microsoft.Automation/automationAccounts/schedules/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/schedules/readme.md rename to modules/Microsoft.Automation/automationAccounts/schedules/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/schedules/version.json b/modules/Microsoft.Automation/automationAccounts/schedules/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/schedules/version.json rename to modules/Microsoft.Automation/automationAccounts/schedules/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md b/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md rename to modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json b/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json rename to modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/variables/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/variables/deploy.bicep similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/variables/deploy.bicep rename to modules/Microsoft.Automation/automationAccounts/variables/deploy.bicep diff --git a/arm/Microsoft.Automation/automationAccounts/variables/readme.md b/modules/Microsoft.Automation/automationAccounts/variables/readme.md similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/variables/readme.md rename to modules/Microsoft.Automation/automationAccounts/variables/readme.md diff --git a/arm/Microsoft.Automation/automationAccounts/variables/version.json b/modules/Microsoft.Automation/automationAccounts/variables/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/variables/version.json rename to modules/Microsoft.Automation/automationAccounts/variables/version.json diff --git a/arm/Microsoft.Automation/automationAccounts/version.json b/modules/Microsoft.Automation/automationAccounts/version.json similarity index 100% rename from arm/Microsoft.Automation/automationAccounts/version.json rename to modules/Microsoft.Automation/automationAccounts/version.json diff --git a/arm/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json b/modules/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json diff --git a/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json b/modules/Microsoft.Batch/batchAccounts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json rename to modules/Microsoft.Batch/batchAccounts/.parameters/parameters.json diff --git a/arm/Microsoft.Batch/batchAccounts/deploy.bicep b/modules/Microsoft.Batch/batchAccounts/deploy.bicep similarity index 100% rename from arm/Microsoft.Batch/batchAccounts/deploy.bicep rename to modules/Microsoft.Batch/batchAccounts/deploy.bicep diff --git a/arm/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md similarity index 100% rename from arm/Microsoft.Batch/batchAccounts/readme.md rename to modules/Microsoft.Batch/batchAccounts/readme.md diff --git a/arm/Microsoft.Batch/batchAccounts/version.json b/modules/Microsoft.Batch/batchAccounts/version.json similarity index 100% rename from arm/Microsoft.Batch/batchAccounts/version.json rename to modules/Microsoft.Batch/batchAccounts/version.json diff --git a/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json b/modules/Microsoft.CognitiveServices/accounts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.parameters/parameters.json diff --git a/arm/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json diff --git a/arm/Microsoft.CognitiveServices/accounts/deploy.bicep b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/deploy.bicep rename to modules/Microsoft.CognitiveServices/accounts/deploy.bicep diff --git a/arm/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/readme.md rename to modules/Microsoft.CognitiveServices/accounts/readme.md diff --git a/arm/Microsoft.CognitiveServices/accounts/version.json b/modules/Microsoft.CognitiveServices/accounts/version.json similarity index 100% rename from arm/Microsoft.CognitiveServices/accounts/version.json rename to modules/Microsoft.CognitiveServices/accounts/version.json diff --git a/arm/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json b/modules/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json rename to modules/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json diff --git a/arm/Microsoft.Compute/availabilitySets/.parameters/parameters.json b/modules/Microsoft.Compute/availabilitySets/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/.parameters/parameters.json rename to modules/Microsoft.Compute/availabilitySets/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/availabilitySets/deploy.bicep b/modules/Microsoft.Compute/availabilitySets/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/deploy.bicep rename to modules/Microsoft.Compute/availabilitySets/deploy.bicep diff --git a/arm/Microsoft.Compute/availabilitySets/readme.md b/modules/Microsoft.Compute/availabilitySets/readme.md similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/readme.md rename to modules/Microsoft.Compute/availabilitySets/readme.md diff --git a/arm/Microsoft.Compute/availabilitySets/version.json b/modules/Microsoft.Compute/availabilitySets/version.json similarity index 100% rename from arm/Microsoft.Compute/availabilitySets/version.json rename to modules/Microsoft.Compute/availabilitySets/version.json diff --git a/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json b/modules/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json rename to modules/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep rename to modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep diff --git a/arm/Microsoft.Compute/diskEncryptionSets/readme.md b/modules/Microsoft.Compute/diskEncryptionSets/readme.md similarity index 100% rename from arm/Microsoft.Compute/diskEncryptionSets/readme.md rename to modules/Microsoft.Compute/diskEncryptionSets/readme.md diff --git a/arm/Microsoft.Compute/diskEncryptionSets/version.json b/modules/Microsoft.Compute/diskEncryptionSets/version.json similarity index 100% rename from arm/Microsoft.Compute/diskEncryptionSets/version.json rename to modules/Microsoft.Compute/diskEncryptionSets/version.json diff --git a/arm/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/disks/.parameters/image.parameters.json b/modules/Microsoft.Compute/disks/.parameters/image.parameters.json similarity index 100% rename from arm/Microsoft.Compute/disks/.parameters/image.parameters.json rename to modules/Microsoft.Compute/disks/.parameters/image.parameters.json diff --git a/arm/Microsoft.Compute/disks/.parameters/import.parameters.json b/modules/Microsoft.Compute/disks/.parameters/import.parameters.json similarity index 100% rename from arm/Microsoft.Compute/disks/.parameters/import.parameters.json rename to modules/Microsoft.Compute/disks/.parameters/import.parameters.json diff --git a/arm/Microsoft.Compute/disks/.parameters/min.parameters.json b/modules/Microsoft.Compute/disks/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/disks/.parameters/min.parameters.json rename to modules/Microsoft.Compute/disks/.parameters/min.parameters.json diff --git a/arm/Microsoft.Compute/disks/.parameters/parameters.json b/modules/Microsoft.Compute/disks/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/disks/.parameters/parameters.json rename to modules/Microsoft.Compute/disks/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/disks/deploy.bicep b/modules/Microsoft.Compute/disks/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/disks/deploy.bicep rename to modules/Microsoft.Compute/disks/deploy.bicep diff --git a/arm/Microsoft.Compute/disks/readme.md b/modules/Microsoft.Compute/disks/readme.md similarity index 100% rename from arm/Microsoft.Compute/disks/readme.md rename to modules/Microsoft.Compute/disks/readme.md diff --git a/arm/Microsoft.Compute/disks/version.json b/modules/Microsoft.Compute/disks/version.json similarity index 100% rename from arm/Microsoft.Compute/disks/version.json rename to modules/Microsoft.Compute/disks/version.json diff --git a/arm/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/galleries/.parameters/images.parameters.json b/modules/Microsoft.Compute/galleries/.parameters/images.parameters.json similarity index 100% rename from arm/Microsoft.Compute/galleries/.parameters/images.parameters.json rename to modules/Microsoft.Compute/galleries/.parameters/images.parameters.json diff --git a/arm/Microsoft.Compute/galleries/.parameters/parameters.json b/modules/Microsoft.Compute/galleries/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/galleries/.parameters/parameters.json rename to modules/Microsoft.Compute/galleries/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/galleries/deploy.bicep b/modules/Microsoft.Compute/galleries/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/galleries/deploy.bicep rename to modules/Microsoft.Compute/galleries/deploy.bicep diff --git a/arm/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/galleries/images/deploy.bicep b/modules/Microsoft.Compute/galleries/images/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/galleries/images/deploy.bicep rename to modules/Microsoft.Compute/galleries/images/deploy.bicep diff --git a/arm/Microsoft.Compute/galleries/images/readme.md b/modules/Microsoft.Compute/galleries/images/readme.md similarity index 100% rename from arm/Microsoft.Compute/galleries/images/readme.md rename to modules/Microsoft.Compute/galleries/images/readme.md diff --git a/arm/Microsoft.Compute/galleries/images/version.json b/modules/Microsoft.Compute/galleries/images/version.json similarity index 100% rename from arm/Microsoft.Compute/galleries/images/version.json rename to modules/Microsoft.Compute/galleries/images/version.json diff --git a/arm/Microsoft.Compute/galleries/readme.md b/modules/Microsoft.Compute/galleries/readme.md similarity index 100% rename from arm/Microsoft.Compute/galleries/readme.md rename to modules/Microsoft.Compute/galleries/readme.md diff --git a/arm/Microsoft.Compute/galleries/version.json b/modules/Microsoft.Compute/galleries/version.json similarity index 100% rename from arm/Microsoft.Compute/galleries/version.json rename to modules/Microsoft.Compute/galleries/version.json diff --git a/arm/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/images/.parameters/parameters.json b/modules/Microsoft.Compute/images/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/images/.parameters/parameters.json rename to modules/Microsoft.Compute/images/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/images/deploy.bicep b/modules/Microsoft.Compute/images/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/images/deploy.bicep rename to modules/Microsoft.Compute/images/deploy.bicep diff --git a/arm/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md similarity index 100% rename from arm/Microsoft.Compute/images/readme.md rename to modules/Microsoft.Compute/images/readme.md diff --git a/arm/Microsoft.Compute/images/version.json b/modules/Microsoft.Compute/images/version.json similarity index 100% rename from arm/Microsoft.Compute/images/version.json rename to modules/Microsoft.Compute/images/version.json diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json b/modules/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json rename to modules/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep rename to modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/readme.md b/modules/Microsoft.Compute/proximityPlacementGroups/readme.md similarity index 100% rename from arm/Microsoft.Compute/proximityPlacementGroups/readme.md rename to modules/Microsoft.Compute/proximityPlacementGroups/readme.md diff --git a/arm/Microsoft.Compute/proximityPlacementGroups/version.json b/modules/Microsoft.Compute/proximityPlacementGroups/version.json similarity index 100% rename from arm/Microsoft.Compute/proximityPlacementGroups/version.json rename to modules/Microsoft.Compute/proximityPlacementGroups/version.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep rename to modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep rename to modules/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md rename to modules/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json b/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/readme.md rename to modules/Microsoft.Compute/virtualMachineScaleSets/readme.md diff --git a/arm/Microsoft.Compute/virtualMachineScaleSets/version.json b/modules/Microsoft.Compute/virtualMachineScaleSets/version.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachineScaleSets/version.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/version.json diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep rename to modules/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep diff --git a/arm/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/modules/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json diff --git a/arm/Microsoft.Compute/virtualMachines/deploy.bicep b/modules/Microsoft.Compute/virtualMachines/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/deploy.bicep rename to modules/Microsoft.Compute/virtualMachines/deploy.bicep diff --git a/arm/Microsoft.Compute/virtualMachines/extensions/deploy.bicep b/modules/Microsoft.Compute/virtualMachines/extensions/deploy.bicep similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/extensions/deploy.bicep rename to modules/Microsoft.Compute/virtualMachines/extensions/deploy.bicep diff --git a/arm/Microsoft.Compute/virtualMachines/extensions/readme.md b/modules/Microsoft.Compute/virtualMachines/extensions/readme.md similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/extensions/readme.md rename to modules/Microsoft.Compute/virtualMachines/extensions/readme.md diff --git a/arm/Microsoft.Compute/virtualMachines/extensions/version.json b/modules/Microsoft.Compute/virtualMachines/extensions/version.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/extensions/version.json rename to modules/Microsoft.Compute/virtualMachines/extensions/version.json diff --git a/arm/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/readme.md rename to modules/Microsoft.Compute/virtualMachines/readme.md diff --git a/arm/Microsoft.Compute/virtualMachines/version.json b/modules/Microsoft.Compute/virtualMachines/version.json similarity index 100% rename from arm/Microsoft.Compute/virtualMachines/version.json rename to modules/Microsoft.Compute/virtualMachines/version.json diff --git a/arm/Microsoft.Consumption/budgets/.parameters/parameters.json b/modules/Microsoft.Consumption/budgets/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Consumption/budgets/.parameters/parameters.json rename to modules/Microsoft.Consumption/budgets/.parameters/parameters.json diff --git a/arm/Microsoft.Consumption/budgets/deploy.bicep b/modules/Microsoft.Consumption/budgets/deploy.bicep similarity index 100% rename from arm/Microsoft.Consumption/budgets/deploy.bicep rename to modules/Microsoft.Consumption/budgets/deploy.bicep diff --git a/arm/Microsoft.Consumption/budgets/readme.md b/modules/Microsoft.Consumption/budgets/readme.md similarity index 100% rename from arm/Microsoft.Consumption/budgets/readme.md rename to modules/Microsoft.Consumption/budgets/readme.md diff --git a/arm/Microsoft.Consumption/budgets/version.json b/modules/Microsoft.Consumption/budgets/version.json similarity index 100% rename from arm/Microsoft.Consumption/budgets/version.json rename to modules/Microsoft.Consumption/budgets/version.json diff --git a/arm/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json rename to modules/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json diff --git a/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep rename to modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep diff --git a/arm/Microsoft.ContainerInstance/containerGroups/readme.md b/modules/Microsoft.ContainerInstance/containerGroups/readme.md similarity index 100% rename from arm/Microsoft.ContainerInstance/containerGroups/readme.md rename to modules/Microsoft.ContainerInstance/containerGroups/readme.md diff --git a/arm/Microsoft.ContainerInstance/containerGroups/version.json b/modules/Microsoft.ContainerInstance/containerGroups/version.json similarity index 100% rename from arm/Microsoft.ContainerInstance/containerGroups/version.json rename to modules/Microsoft.ContainerInstance/containerGroups/version.json diff --git a/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json diff --git a/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/modules/Microsoft.ContainerRegistry/registries/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.parameters/parameters.json diff --git a/arm/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/deploy.bicep rename to modules/Microsoft.ContainerRegistry/registries/deploy.bicep diff --git a/arm/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/readme.md rename to modules/Microsoft.ContainerRegistry/registries/readme.md diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep rename to modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/readme.md b/modules/Microsoft.ContainerRegistry/registries/replications/readme.md similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/replications/readme.md rename to modules/Microsoft.ContainerRegistry/registries/replications/readme.md diff --git a/arm/Microsoft.ContainerRegistry/registries/replications/version.json b/modules/Microsoft.ContainerRegistry/registries/replications/version.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/replications/version.json rename to modules/Microsoft.ContainerRegistry/registries/replications/version.json diff --git a/arm/Microsoft.ContainerRegistry/registries/version.json b/modules/Microsoft.ContainerRegistry/registries/version.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/version.json rename to modules/Microsoft.ContainerRegistry/registries/version.json diff --git a/arm/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep rename to modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep diff --git a/arm/Microsoft.ContainerRegistry/registries/webhooks/readme.md b/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/webhooks/readme.md rename to modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md diff --git a/arm/Microsoft.ContainerRegistry/registries/webhooks/version.json b/modules/Microsoft.ContainerRegistry/registries/webhooks/version.json similarity index 100% rename from arm/Microsoft.ContainerRegistry/registries/webhooks/version.json rename to modules/Microsoft.ContainerRegistry/registries/webhooks/version.json diff --git a/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json rename to modules/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json diff --git a/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json rename to modules/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json diff --git a/arm/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep rename to modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep diff --git a/arm/Microsoft.ContainerService/managedClusters/agentPools/readme.md b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/agentPools/readme.md rename to modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md diff --git a/arm/Microsoft.ContainerService/managedClusters/agentPools/version.json b/modules/Microsoft.ContainerService/managedClusters/agentPools/version.json similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/agentPools/version.json rename to modules/Microsoft.ContainerService/managedClusters/agentPools/version.json diff --git a/arm/Microsoft.ContainerService/managedClusters/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/deploy.bicep rename to modules/Microsoft.ContainerService/managedClusters/deploy.bicep diff --git a/arm/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/readme.md rename to modules/Microsoft.ContainerService/managedClusters/readme.md diff --git a/arm/Microsoft.ContainerService/managedClusters/version.json b/modules/Microsoft.ContainerService/managedClusters/version.json similarity index 100% rename from arm/Microsoft.ContainerService/managedClusters/version.json rename to modules/Microsoft.ContainerService/managedClusters/version.json diff --git a/arm/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DataFactory/factories/.parameters/parameters.json b/modules/Microsoft.DataFactory/factories/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.DataFactory/factories/.parameters/parameters.json rename to modules/Microsoft.DataFactory/factories/.parameters/parameters.json diff --git a/arm/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep similarity index 100% rename from arm/Microsoft.DataFactory/factories/deploy.bicep rename to modules/Microsoft.DataFactory/factories/deploy.bicep diff --git a/arm/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep b/modules/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep similarity index 100% rename from arm/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep rename to modules/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep diff --git a/arm/Microsoft.DataFactory/factories/integrationRuntime/readme.md b/modules/Microsoft.DataFactory/factories/integrationRuntime/readme.md similarity index 100% rename from arm/Microsoft.DataFactory/factories/integrationRuntime/readme.md rename to modules/Microsoft.DataFactory/factories/integrationRuntime/readme.md diff --git a/arm/Microsoft.DataFactory/factories/integrationRuntime/version.json b/modules/Microsoft.DataFactory/factories/integrationRuntime/version.json similarity index 100% rename from arm/Microsoft.DataFactory/factories/integrationRuntime/version.json rename to modules/Microsoft.DataFactory/factories/integrationRuntime/version.json diff --git a/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep similarity index 100% rename from arm/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep rename to modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep diff --git a/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md similarity index 100% rename from arm/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md rename to modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md diff --git a/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json similarity index 100% rename from arm/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json rename to modules/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json diff --git a/arm/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md similarity index 100% rename from arm/Microsoft.DataFactory/factories/readme.md rename to modules/Microsoft.DataFactory/factories/readme.md diff --git a/arm/Microsoft.DataFactory/factories/version.json b/modules/Microsoft.DataFactory/factories/version.json similarity index 100% rename from arm/Microsoft.DataFactory/factories/version.json rename to modules/Microsoft.DataFactory/factories/version.json diff --git a/arm/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json b/modules/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json rename to modules/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json diff --git a/arm/Microsoft.DataProtection/backupVaults/.parameters/parameters.json b/modules/Microsoft.DataProtection/backupVaults/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/.parameters/parameters.json rename to modules/Microsoft.DataProtection/backupVaults/.parameters/parameters.json diff --git a/arm/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep b/modules/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep rename to modules/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep diff --git a/arm/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md b/modules/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md rename to modules/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md diff --git a/arm/Microsoft.DataProtection/backupVaults/backupPolicies/version.json b/modules/Microsoft.DataProtection/backupVaults/backupPolicies/version.json similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/backupPolicies/version.json rename to modules/Microsoft.DataProtection/backupVaults/backupPolicies/version.json diff --git a/arm/Microsoft.DataProtection/backupVaults/deploy.bicep b/modules/Microsoft.DataProtection/backupVaults/deploy.bicep similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/deploy.bicep rename to modules/Microsoft.DataProtection/backupVaults/deploy.bicep diff --git a/arm/Microsoft.DataProtection/backupVaults/readme.md b/modules/Microsoft.DataProtection/backupVaults/readme.md similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/readme.md rename to modules/Microsoft.DataProtection/backupVaults/readme.md diff --git a/arm/Microsoft.DataProtection/backupVaults/version.json b/modules/Microsoft.DataProtection/backupVaults/version.json similarity index 100% rename from arm/Microsoft.DataProtection/backupVaults/version.json rename to modules/Microsoft.DataProtection/backupVaults/version.json diff --git a/arm/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json b/modules/Microsoft.Databricks/workspaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Databricks/workspaces/.parameters/parameters.json rename to modules/Microsoft.Databricks/workspaces/.parameters/parameters.json diff --git a/arm/Microsoft.Databricks/workspaces/deploy.bicep b/modules/Microsoft.Databricks/workspaces/deploy.bicep similarity index 100% rename from arm/Microsoft.Databricks/workspaces/deploy.bicep rename to modules/Microsoft.Databricks/workspaces/deploy.bicep diff --git a/arm/Microsoft.Databricks/workspaces/readme.md b/modules/Microsoft.Databricks/workspaces/readme.md similarity index 100% rename from arm/Microsoft.Databricks/workspaces/readme.md rename to modules/Microsoft.Databricks/workspaces/readme.md diff --git a/arm/Microsoft.Databricks/workspaces/version.json b/modules/Microsoft.Databricks/workspaces/version.json similarity index 100% rename from arm/Microsoft.Databricks/workspaces/version.json rename to modules/Microsoft.Databricks/workspaces/version.json diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep rename to modules/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md b/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md rename to modules/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep rename to modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md rename to modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md diff --git a/arm/Microsoft.DesktopVirtualization/applicationgroups/version.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/version.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/applicationgroups/version.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/version.json diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep rename to modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/readme.md b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md similarity index 100% rename from arm/Microsoft.DesktopVirtualization/hostpools/readme.md rename to modules/Microsoft.DesktopVirtualization/hostpools/readme.md diff --git a/arm/Microsoft.DesktopVirtualization/hostpools/version.json b/modules/Microsoft.DesktopVirtualization/hostpools/version.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/hostpools/version.json rename to modules/Microsoft.DesktopVirtualization/hostpools/version.json diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json b/modules/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json rename to modules/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep rename to modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/readme.md b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md similarity index 100% rename from arm/Microsoft.DesktopVirtualization/scalingplans/readme.md rename to modules/Microsoft.DesktopVirtualization/scalingplans/readme.md diff --git a/arm/Microsoft.DesktopVirtualization/scalingplans/version.json b/modules/Microsoft.DesktopVirtualization/scalingplans/version.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/scalingplans/version.json rename to modules/Microsoft.DesktopVirtualization/scalingplans/version.json diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep similarity index 100% rename from arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep rename to modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/readme.md b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md similarity index 100% rename from arm/Microsoft.DesktopVirtualization/workspaces/readme.md rename to modules/Microsoft.DesktopVirtualization/workspaces/readme.md diff --git a/arm/Microsoft.DesktopVirtualization/workspaces/version.json b/modules/Microsoft.DesktopVirtualization/workspaces/version.json similarity index 100% rename from arm/Microsoft.DesktopVirtualization/workspaces/version.json rename to modules/Microsoft.DesktopVirtualization/workspaces/version.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json b/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json rename to modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/readme.md rename to modules/Microsoft.DocumentDB/databaseAccounts/readme.md diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json b/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json rename to modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json diff --git a/arm/Microsoft.DocumentDB/databaseAccounts/version.json b/modules/Microsoft.DocumentDB/databaseAccounts/version.json similarity index 100% rename from arm/Microsoft.DocumentDB/databaseAccounts/version.json rename to modules/Microsoft.DocumentDB/databaseAccounts/version.json diff --git a/arm/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json b/modules/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json rename to modules/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json diff --git a/arm/Microsoft.EventGrid/systemTopics/.parameters/parameters.json b/modules/Microsoft.EventGrid/systemTopics/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/.parameters/parameters.json rename to modules/Microsoft.EventGrid/systemTopics/.parameters/parameters.json diff --git a/arm/Microsoft.EventGrid/systemTopics/deploy.bicep b/modules/Microsoft.EventGrid/systemTopics/deploy.bicep similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/deploy.bicep rename to modules/Microsoft.EventGrid/systemTopics/deploy.bicep diff --git a/arm/Microsoft.EventGrid/systemTopics/readme.md b/modules/Microsoft.EventGrid/systemTopics/readme.md similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/readme.md rename to modules/Microsoft.EventGrid/systemTopics/readme.md diff --git a/arm/Microsoft.EventGrid/systemTopics/version.json b/modules/Microsoft.EventGrid/systemTopics/version.json similarity index 100% rename from arm/Microsoft.EventGrid/systemTopics/version.json rename to modules/Microsoft.EventGrid/systemTopics/version.json diff --git a/arm/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.EventGrid/topics/.parameters/parameters.json b/modules/Microsoft.EventGrid/topics/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.EventGrid/topics/.parameters/parameters.json rename to modules/Microsoft.EventGrid/topics/.parameters/parameters.json diff --git a/arm/Microsoft.EventGrid/topics/deploy.bicep b/modules/Microsoft.EventGrid/topics/deploy.bicep similarity index 100% rename from arm/Microsoft.EventGrid/topics/deploy.bicep rename to modules/Microsoft.EventGrid/topics/deploy.bicep diff --git a/arm/Microsoft.EventGrid/topics/readme.md b/modules/Microsoft.EventGrid/topics/readme.md similarity index 100% rename from arm/Microsoft.EventGrid/topics/readme.md rename to modules/Microsoft.EventGrid/topics/readme.md diff --git a/arm/Microsoft.EventGrid/topics/version.json b/modules/Microsoft.EventGrid/topics/version.json similarity index 100% rename from arm/Microsoft.EventGrid/topics/version.json rename to modules/Microsoft.EventGrid/topics/version.json diff --git a/arm/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.EventHub/namespaces/.parameters/min.parameters.json b/modules/Microsoft.EventHub/namespaces/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/.parameters/min.parameters.json rename to modules/Microsoft.EventHub/namespaces/.parameters/min.parameters.json diff --git a/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json b/modules/Microsoft.EventHub/namespaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/.parameters/parameters.json rename to modules/Microsoft.EventHub/namespaces/.parameters/parameters.json diff --git a/arm/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep b/modules/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/authorizationRules/readme.md b/modules/Microsoft.EventHub/namespaces/authorizationRules/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/authorizationRules/readme.md rename to modules/Microsoft.EventHub/namespaces/authorizationRules/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/authorizationRules/version.json b/modules/Microsoft.EventHub/namespaces/authorizationRules/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/authorizationRules/version.json rename to modules/Microsoft.EventHub/namespaces/authorizationRules/version.json diff --git a/arm/Microsoft.EventHub/namespaces/deploy.bicep b/modules/Microsoft.EventHub/namespaces/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep b/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md b/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md rename to modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json b/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json rename to modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md b/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md rename to modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json b/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json rename to modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md b/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md rename to modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json b/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json rename to modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md b/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/readme.md rename to modules/Microsoft.EventHub/namespaces/eventhubs/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/eventhubs/version.json b/modules/Microsoft.EventHub/namespaces/eventhubs/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/eventhubs/version.json rename to modules/Microsoft.EventHub/namespaces/eventhubs/version.json diff --git a/arm/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep b/modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep similarity index 100% rename from arm/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep rename to modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep diff --git a/arm/Microsoft.EventHub/namespaces/networkRuleSets/readme.md b/modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/networkRuleSets/readme.md rename to modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/networkRuleSets/version.json b/modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/networkRuleSets/version.json rename to modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json diff --git a/arm/Microsoft.EventHub/namespaces/readme.md b/modules/Microsoft.EventHub/namespaces/readme.md similarity index 100% rename from arm/Microsoft.EventHub/namespaces/readme.md rename to modules/Microsoft.EventHub/namespaces/readme.md diff --git a/arm/Microsoft.EventHub/namespaces/version.json b/modules/Microsoft.EventHub/namespaces/version.json similarity index 100% rename from arm/Microsoft.EventHub/namespaces/version.json rename to modules/Microsoft.EventHub/namespaces/version.json diff --git a/arm/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.HealthBot/healthBots/.parameters/parameters.json b/modules/Microsoft.HealthBot/healthBots/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.HealthBot/healthBots/.parameters/parameters.json rename to modules/Microsoft.HealthBot/healthBots/.parameters/parameters.json diff --git a/arm/Microsoft.HealthBot/healthBots/deploy.bicep b/modules/Microsoft.HealthBot/healthBots/deploy.bicep similarity index 100% rename from arm/Microsoft.HealthBot/healthBots/deploy.bicep rename to modules/Microsoft.HealthBot/healthBots/deploy.bicep diff --git a/arm/Microsoft.HealthBot/healthBots/readme.md b/modules/Microsoft.HealthBot/healthBots/readme.md similarity index 100% rename from arm/Microsoft.HealthBot/healthBots/readme.md rename to modules/Microsoft.HealthBot/healthBots/readme.md diff --git a/arm/Microsoft.HealthBot/healthBots/version.json b/modules/Microsoft.HealthBot/healthBots/version.json similarity index 100% rename from arm/Microsoft.HealthBot/healthBots/version.json rename to modules/Microsoft.HealthBot/healthBots/version.json diff --git a/arm/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/actionGroups/.parameters/parameters.json b/modules/Microsoft.Insights/actionGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/actionGroups/.parameters/parameters.json rename to modules/Microsoft.Insights/actionGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/actionGroups/deploy.bicep b/modules/Microsoft.Insights/actionGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/actionGroups/deploy.bicep rename to modules/Microsoft.Insights/actionGroups/deploy.bicep diff --git a/arm/Microsoft.Insights/actionGroups/readme.md b/modules/Microsoft.Insights/actionGroups/readme.md similarity index 100% rename from arm/Microsoft.Insights/actionGroups/readme.md rename to modules/Microsoft.Insights/actionGroups/readme.md diff --git a/arm/Microsoft.Insights/actionGroups/version.json b/modules/Microsoft.Insights/actionGroups/version.json similarity index 100% rename from arm/Microsoft.Insights/actionGroups/version.json rename to modules/Microsoft.Insights/actionGroups/version.json diff --git a/arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json b/modules/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json rename to modules/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/activityLogAlerts/deploy.bicep b/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/activityLogAlerts/deploy.bicep rename to modules/Microsoft.Insights/activityLogAlerts/deploy.bicep diff --git a/arm/Microsoft.Insights/activityLogAlerts/readme.md b/modules/Microsoft.Insights/activityLogAlerts/readme.md similarity index 100% rename from arm/Microsoft.Insights/activityLogAlerts/readme.md rename to modules/Microsoft.Insights/activityLogAlerts/readme.md diff --git a/arm/Microsoft.Insights/activityLogAlerts/version.json b/modules/Microsoft.Insights/activityLogAlerts/version.json similarity index 100% rename from arm/Microsoft.Insights/activityLogAlerts/version.json rename to modules/Microsoft.Insights/activityLogAlerts/version.json diff --git a/arm/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/components/.parameters/parameters.json b/modules/Microsoft.Insights/components/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/components/.parameters/parameters.json rename to modules/Microsoft.Insights/components/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/components/deploy.bicep b/modules/Microsoft.Insights/components/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/components/deploy.bicep rename to modules/Microsoft.Insights/components/deploy.bicep diff --git a/arm/Microsoft.Insights/components/readme.md b/modules/Microsoft.Insights/components/readme.md similarity index 100% rename from arm/Microsoft.Insights/components/readme.md rename to modules/Microsoft.Insights/components/readme.md diff --git a/arm/Microsoft.Insights/components/version.json b/modules/Microsoft.Insights/components/version.json similarity index 100% rename from arm/Microsoft.Insights/components/version.json rename to modules/Microsoft.Insights/components/version.json diff --git a/arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json b/modules/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json rename to modules/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/diagnosticSettings/deploy.bicep b/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/diagnosticSettings/deploy.bicep rename to modules/Microsoft.Insights/diagnosticSettings/deploy.bicep diff --git a/arm/Microsoft.Insights/diagnosticSettings/readme.md b/modules/Microsoft.Insights/diagnosticSettings/readme.md similarity index 100% rename from arm/Microsoft.Insights/diagnosticSettings/readme.md rename to modules/Microsoft.Insights/diagnosticSettings/readme.md diff --git a/arm/Microsoft.Insights/diagnosticSettings/version.json b/modules/Microsoft.Insights/diagnosticSettings/version.json similarity index 100% rename from arm/Microsoft.Insights/diagnosticSettings/version.json rename to modules/Microsoft.Insights/diagnosticSettings/version.json diff --git a/arm/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/metricAlerts/.parameters/parameters.json b/modules/Microsoft.Insights/metricAlerts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/metricAlerts/.parameters/parameters.json rename to modules/Microsoft.Insights/metricAlerts/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/metricAlerts/deploy.bicep b/modules/Microsoft.Insights/metricAlerts/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/metricAlerts/deploy.bicep rename to modules/Microsoft.Insights/metricAlerts/deploy.bicep diff --git a/arm/Microsoft.Insights/metricAlerts/readme.md b/modules/Microsoft.Insights/metricAlerts/readme.md similarity index 100% rename from arm/Microsoft.Insights/metricAlerts/readme.md rename to modules/Microsoft.Insights/metricAlerts/readme.md diff --git a/arm/Microsoft.Insights/metricAlerts/version.json b/modules/Microsoft.Insights/metricAlerts/version.json similarity index 100% rename from arm/Microsoft.Insights/metricAlerts/version.json rename to modules/Microsoft.Insights/metricAlerts/version.json diff --git a/arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json b/modules/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json rename to modules/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/privateLinkScopes/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/deploy.bicep rename to modules/Microsoft.Insights/privateLinkScopes/deploy.bicep diff --git a/arm/Microsoft.Insights/privateLinkScopes/readme.md b/modules/Microsoft.Insights/privateLinkScopes/readme.md similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/readme.md rename to modules/Microsoft.Insights/privateLinkScopes/readme.md diff --git a/arm/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep rename to modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep diff --git a/arm/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md rename to modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md diff --git a/arm/Microsoft.Insights/privateLinkScopes/scopedResources/version.json b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/scopedResources/version.json rename to modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json diff --git a/arm/Microsoft.Insights/privateLinkScopes/version.json b/modules/Microsoft.Insights/privateLinkScopes/version.json similarity index 100% rename from arm/Microsoft.Insights/privateLinkScopes/version.json rename to modules/Microsoft.Insights/privateLinkScopes/version.json diff --git a/arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json b/modules/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json rename to modules/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json diff --git a/arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep similarity index 100% rename from arm/Microsoft.Insights/scheduledQueryRules/deploy.bicep rename to modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep diff --git a/arm/Microsoft.Insights/scheduledQueryRules/readme.md b/modules/Microsoft.Insights/scheduledQueryRules/readme.md similarity index 100% rename from arm/Microsoft.Insights/scheduledQueryRules/readme.md rename to modules/Microsoft.Insights/scheduledQueryRules/readme.md diff --git a/arm/Microsoft.Insights/scheduledQueryRules/version.json b/modules/Microsoft.Insights/scheduledQueryRules/version.json similarity index 100% rename from arm/Microsoft.Insights/scheduledQueryRules/version.json rename to modules/Microsoft.Insights/scheduledQueryRules/version.json diff --git a/arm/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.KeyVault/vaults/.parameters/min.parameters.json b/modules/Microsoft.KeyVault/vaults/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/.parameters/min.parameters.json rename to modules/Microsoft.KeyVault/vaults/.parameters/min.parameters.json diff --git a/arm/Microsoft.KeyVault/vaults/.parameters/parameters.json b/modules/Microsoft.KeyVault/vaults/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/.parameters/parameters.json rename to modules/Microsoft.KeyVault/vaults/.parameters/parameters.json diff --git a/arm/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep b/modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep rename to modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep diff --git a/arm/Microsoft.KeyVault/vaults/accessPolicies/readme.md b/modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md similarity index 100% rename from arm/Microsoft.KeyVault/vaults/accessPolicies/readme.md rename to modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md diff --git a/arm/Microsoft.KeyVault/vaults/accessPolicies/version.json b/modules/Microsoft.KeyVault/vaults/accessPolicies/version.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/accessPolicies/version.json rename to modules/Microsoft.KeyVault/vaults/accessPolicies/version.json diff --git a/arm/Microsoft.KeyVault/vaults/deploy.bicep b/modules/Microsoft.KeyVault/vaults/deploy.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/deploy.bicep rename to modules/Microsoft.KeyVault/vaults/deploy.bicep diff --git a/arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.KeyVault/vaults/keys/deploy.bicep b/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/keys/deploy.bicep rename to modules/Microsoft.KeyVault/vaults/keys/deploy.bicep diff --git a/arm/Microsoft.KeyVault/vaults/keys/readme.md b/modules/Microsoft.KeyVault/vaults/keys/readme.md similarity index 100% rename from arm/Microsoft.KeyVault/vaults/keys/readme.md rename to modules/Microsoft.KeyVault/vaults/keys/readme.md diff --git a/arm/Microsoft.KeyVault/vaults/keys/version.json b/modules/Microsoft.KeyVault/vaults/keys/version.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/keys/version.json rename to modules/Microsoft.KeyVault/vaults/keys/version.json diff --git a/arm/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md similarity index 100% rename from arm/Microsoft.KeyVault/vaults/readme.md rename to modules/Microsoft.KeyVault/vaults/readme.md diff --git a/arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep b/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep similarity index 100% rename from arm/Microsoft.KeyVault/vaults/secrets/deploy.bicep rename to modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep diff --git a/arm/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md similarity index 100% rename from arm/Microsoft.KeyVault/vaults/secrets/readme.md rename to modules/Microsoft.KeyVault/vaults/secrets/readme.md diff --git a/arm/Microsoft.KeyVault/vaults/secrets/version.json b/modules/Microsoft.KeyVault/vaults/secrets/version.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/secrets/version.json rename to modules/Microsoft.KeyVault/vaults/secrets/version.json diff --git a/arm/Microsoft.KeyVault/vaults/version.json b/modules/Microsoft.KeyVault/vaults/version.json similarity index 100% rename from arm/Microsoft.KeyVault/vaults/version.json rename to modules/Microsoft.KeyVault/vaults/version.json diff --git a/arm/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json rename to modules/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json diff --git a/arm/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json rename to modules/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json diff --git a/arm/Microsoft.KubernetesConfiguration/extensions/deploy.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/extensions/deploy.bicep rename to modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep diff --git a/arm/Microsoft.KubernetesConfiguration/extensions/readme.md b/modules/Microsoft.KubernetesConfiguration/extensions/readme.md similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/extensions/readme.md rename to modules/Microsoft.KubernetesConfiguration/extensions/readme.md diff --git a/arm/Microsoft.KubernetesConfiguration/extensions/version.json b/modules/Microsoft.KubernetesConfiguration/extensions/version.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/extensions/version.json rename to modules/Microsoft.KubernetesConfiguration/extensions/version.json diff --git a/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json diff --git a/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json diff --git a/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep diff --git a/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md diff --git a/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json similarity index 100% rename from arm/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json diff --git a/arm/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Logic/workflows/.parameters/parameters.json b/modules/Microsoft.Logic/workflows/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Logic/workflows/.parameters/parameters.json rename to modules/Microsoft.Logic/workflows/.parameters/parameters.json diff --git a/arm/Microsoft.Logic/workflows/deploy.bicep b/modules/Microsoft.Logic/workflows/deploy.bicep similarity index 100% rename from arm/Microsoft.Logic/workflows/deploy.bicep rename to modules/Microsoft.Logic/workflows/deploy.bicep diff --git a/arm/Microsoft.Logic/workflows/readme.md b/modules/Microsoft.Logic/workflows/readme.md similarity index 100% rename from arm/Microsoft.Logic/workflows/readme.md rename to modules/Microsoft.Logic/workflows/readme.md diff --git a/arm/Microsoft.Logic/workflows/version.json b/modules/Microsoft.Logic/workflows/version.json similarity index 100% rename from arm/Microsoft.Logic/workflows/version.json rename to modules/Microsoft.Logic/workflows/version.json diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json rename to modules/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json diff --git a/arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json rename to modules/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json diff --git a/arm/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep rename to modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep diff --git a/arm/Microsoft.MachineLearningServices/workspaces/computes/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/computes/readme.md rename to modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md diff --git a/arm/Microsoft.MachineLearningServices/workspaces/computes/version.json b/modules/Microsoft.MachineLearningServices/workspaces/computes/version.json similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/computes/version.json rename to modules/Microsoft.MachineLearningServices/workspaces/computes/version.json diff --git a/arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/deploy.bicep rename to modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep diff --git a/arm/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/readme.md rename to modules/Microsoft.MachineLearningServices/workspaces/readme.md diff --git a/arm/Microsoft.MachineLearningServices/workspaces/version.json b/modules/Microsoft.MachineLearningServices/workspaces/version.json similarity index 100% rename from arm/Microsoft.MachineLearningServices/workspaces/version.json rename to modules/Microsoft.MachineLearningServices/workspaces/version.json diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep similarity index 100% rename from arm/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md similarity index 100% rename from arm/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md diff --git a/arm/Microsoft.ManagedIdentity/userAssignedIdentities/version.json b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json similarity index 100% rename from arm/Microsoft.ManagedIdentity/userAssignedIdentities/version.json rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep b/modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep rename to modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json rename to modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json rename to modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep b/modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep rename to modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/readme.md b/modules/Microsoft.ManagedServices/registrationDefinitions/readme.md similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/readme.md rename to modules/Microsoft.ManagedServices/registrationDefinitions/readme.md diff --git a/arm/Microsoft.ManagedServices/registrationDefinitions/version.json b/modules/Microsoft.ManagedServices/registrationDefinitions/version.json similarity index 100% rename from arm/Microsoft.ManagedServices/registrationDefinitions/version.json rename to modules/Microsoft.ManagedServices/registrationDefinitions/version.json diff --git a/arm/Microsoft.Management/managementGroups/.parameters/parameters.json b/modules/Microsoft.Management/managementGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Management/managementGroups/.parameters/parameters.json rename to modules/Microsoft.Management/managementGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Management/managementGroups/deploy.bicep b/modules/Microsoft.Management/managementGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Management/managementGroups/deploy.bicep rename to modules/Microsoft.Management/managementGroups/deploy.bicep diff --git a/arm/Microsoft.Management/managementGroups/readme.md b/modules/Microsoft.Management/managementGroups/readme.md similarity index 100% rename from arm/Microsoft.Management/managementGroups/readme.md rename to modules/Microsoft.Management/managementGroups/readme.md diff --git a/arm/Microsoft.Management/managementGroups/version.json b/modules/Microsoft.Management/managementGroups/version.json similarity index 100% rename from arm/Microsoft.Management/managementGroups/version.json rename to modules/Microsoft.Management/managementGroups/version.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/version.json b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/version.json rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md diff --git a/arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json rename to modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json diff --git a/arm/Microsoft.NetApp/netAppAccounts/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/deploy.bicep rename to modules/Microsoft.NetApp/netAppAccounts/deploy.bicep diff --git a/arm/Microsoft.NetApp/netAppAccounts/readme.md b/modules/Microsoft.NetApp/netAppAccounts/readme.md similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/readme.md rename to modules/Microsoft.NetApp/netAppAccounts/readme.md diff --git a/arm/Microsoft.NetApp/netAppAccounts/version.json b/modules/Microsoft.NetApp/netAppAccounts/version.json similarity index 100% rename from arm/Microsoft.NetApp/netAppAccounts/version.json rename to modules/Microsoft.NetApp/netAppAccounts/version.json diff --git a/arm/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/applicationGateways/.parameters/parameters.json b/modules/Microsoft.Network/applicationGateways/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/applicationGateways/.parameters/parameters.json rename to modules/Microsoft.Network/applicationGateways/.parameters/parameters.json diff --git a/arm/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/applicationGateways/deploy.bicep rename to modules/Microsoft.Network/applicationGateways/deploy.bicep diff --git a/arm/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md similarity index 100% rename from arm/Microsoft.Network/applicationGateways/readme.md rename to modules/Microsoft.Network/applicationGateways/readme.md diff --git a/arm/Microsoft.Network/applicationGateways/version.json b/modules/Microsoft.Network/applicationGateways/version.json similarity index 100% rename from arm/Microsoft.Network/applicationGateways/version.json rename to modules/Microsoft.Network/applicationGateways/version.json diff --git a/arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json b/modules/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json rename to modules/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/applicationSecurityGroups/deploy.bicep rename to modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep diff --git a/arm/Microsoft.Network/applicationSecurityGroups/readme.md b/modules/Microsoft.Network/applicationSecurityGroups/readme.md similarity index 100% rename from arm/Microsoft.Network/applicationSecurityGroups/readme.md rename to modules/Microsoft.Network/applicationSecurityGroups/readme.md diff --git a/arm/Microsoft.Network/applicationSecurityGroups/version.json b/modules/Microsoft.Network/applicationSecurityGroups/version.json similarity index 100% rename from arm/Microsoft.Network/applicationSecurityGroups/version.json rename to modules/Microsoft.Network/applicationSecurityGroups/version.json diff --git a/arm/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json b/modules/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json b/modules/Microsoft.Network/azureFirewalls/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/.parameters/parameters.json rename to modules/Microsoft.Network/azureFirewalls/.parameters/parameters.json diff --git a/arm/Microsoft.Network/azureFirewalls/deploy.bicep b/modules/Microsoft.Network/azureFirewalls/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/deploy.bicep rename to modules/Microsoft.Network/azureFirewalls/deploy.bicep diff --git a/arm/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/readme.md rename to modules/Microsoft.Network/azureFirewalls/readme.md diff --git a/arm/Microsoft.Network/azureFirewalls/version.json b/modules/Microsoft.Network/azureFirewalls/version.json similarity index 100% rename from arm/Microsoft.Network/azureFirewalls/version.json rename to modules/Microsoft.Network/azureFirewalls/version.json diff --git a/arm/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json b/modules/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json similarity index 100% rename from arm/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json rename to modules/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json b/modules/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json similarity index 100% rename from arm/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json rename to modules/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/min.parameters.json b/modules/Microsoft.Network/bastionHosts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/bastionHosts/.parameters/min.parameters.json rename to modules/Microsoft.Network/bastionHosts/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/bastionHosts/.parameters/parameters.json b/modules/Microsoft.Network/bastionHosts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/bastionHosts/.parameters/parameters.json rename to modules/Microsoft.Network/bastionHosts/.parameters/parameters.json diff --git a/arm/Microsoft.Network/bastionHosts/deploy.bicep b/modules/Microsoft.Network/bastionHosts/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/bastionHosts/deploy.bicep rename to modules/Microsoft.Network/bastionHosts/deploy.bicep diff --git a/arm/Microsoft.Network/bastionHosts/readme.md b/modules/Microsoft.Network/bastionHosts/readme.md similarity index 100% rename from arm/Microsoft.Network/bastionHosts/readme.md rename to modules/Microsoft.Network/bastionHosts/readme.md diff --git a/arm/Microsoft.Network/bastionHosts/version.json b/modules/Microsoft.Network/bastionHosts/version.json similarity index 100% rename from arm/Microsoft.Network/bastionHosts/version.json rename to modules/Microsoft.Network/bastionHosts/version.json diff --git a/arm/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json b/modules/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json similarity index 100% rename from arm/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json rename to modules/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json diff --git a/arm/Microsoft.Network/connections/deploy.bicep b/modules/Microsoft.Network/connections/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/connections/deploy.bicep rename to modules/Microsoft.Network/connections/deploy.bicep diff --git a/arm/Microsoft.Network/connections/readme.md b/modules/Microsoft.Network/connections/readme.md similarity index 100% rename from arm/Microsoft.Network/connections/readme.md rename to modules/Microsoft.Network/connections/readme.md diff --git a/arm/Microsoft.Network/connections/version.json b/modules/Microsoft.Network/connections/version.json similarity index 100% rename from arm/Microsoft.Network/connections/version.json rename to modules/Microsoft.Network/connections/version.json diff --git a/arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json b/modules/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json rename to modules/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json diff --git a/arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/ddosProtectionPlans/deploy.bicep rename to modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep diff --git a/arm/Microsoft.Network/ddosProtectionPlans/readme.md b/modules/Microsoft.Network/ddosProtectionPlans/readme.md similarity index 100% rename from arm/Microsoft.Network/ddosProtectionPlans/readme.md rename to modules/Microsoft.Network/ddosProtectionPlans/readme.md diff --git a/arm/Microsoft.Network/ddosProtectionPlans/version.json b/modules/Microsoft.Network/ddosProtectionPlans/version.json similarity index 100% rename from arm/Microsoft.Network/ddosProtectionPlans/version.json rename to modules/Microsoft.Network/ddosProtectionPlans/version.json diff --git a/arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json b/modules/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json rename to modules/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json diff --git a/arm/Microsoft.Network/expressRouteCircuits/deploy.bicep b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/expressRouteCircuits/deploy.bicep rename to modules/Microsoft.Network/expressRouteCircuits/deploy.bicep diff --git a/arm/Microsoft.Network/expressRouteCircuits/readme.md b/modules/Microsoft.Network/expressRouteCircuits/readme.md similarity index 100% rename from arm/Microsoft.Network/expressRouteCircuits/readme.md rename to modules/Microsoft.Network/expressRouteCircuits/readme.md diff --git a/arm/Microsoft.Network/expressRouteCircuits/version.json b/modules/Microsoft.Network/expressRouteCircuits/version.json similarity index 100% rename from arm/Microsoft.Network/expressRouteCircuits/version.json rename to modules/Microsoft.Network/expressRouteCircuits/version.json diff --git a/arm/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json b/modules/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json rename to modules/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/firewallPolicies/.parameters/parameters.json b/modules/Microsoft.Network/firewallPolicies/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/.parameters/parameters.json rename to modules/Microsoft.Network/firewallPolicies/.parameters/parameters.json diff --git a/arm/Microsoft.Network/firewallPolicies/deploy.bicep b/modules/Microsoft.Network/firewallPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/deploy.bicep rename to modules/Microsoft.Network/firewallPolicies/deploy.bicep diff --git a/arm/Microsoft.Network/firewallPolicies/readme.md b/modules/Microsoft.Network/firewallPolicies/readme.md similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/readme.md rename to modules/Microsoft.Network/firewallPolicies/readme.md diff --git a/arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep rename to modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep diff --git a/arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md rename to modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md diff --git a/arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json rename to modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json diff --git a/arm/Microsoft.Network/firewallPolicies/version.json b/modules/Microsoft.Network/firewallPolicies/version.json similarity index 100% rename from arm/Microsoft.Network/firewallPolicies/version.json rename to modules/Microsoft.Network/firewallPolicies/version.json diff --git a/arm/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/frontDoors/.parameters/parameters.json b/modules/Microsoft.Network/frontDoors/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/frontDoors/.parameters/parameters.json rename to modules/Microsoft.Network/frontDoors/.parameters/parameters.json diff --git a/arm/Microsoft.Network/frontDoors/deploy.bicep b/modules/Microsoft.Network/frontDoors/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/frontDoors/deploy.bicep rename to modules/Microsoft.Network/frontDoors/deploy.bicep diff --git a/arm/Microsoft.Network/frontDoors/readme.md b/modules/Microsoft.Network/frontDoors/readme.md similarity index 100% rename from arm/Microsoft.Network/frontDoors/readme.md rename to modules/Microsoft.Network/frontDoors/readme.md diff --git a/arm/Microsoft.Network/frontDoors/version.json b/modules/Microsoft.Network/frontDoors/version.json similarity index 100% rename from arm/Microsoft.Network/frontDoors/version.json rename to modules/Microsoft.Network/frontDoors/version.json diff --git a/arm/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/ipGroups/.parameters/parameters.json b/modules/Microsoft.Network/ipGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/ipGroups/.parameters/parameters.json rename to modules/Microsoft.Network/ipGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Network/ipGroups/deploy.bicep b/modules/Microsoft.Network/ipGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/ipGroups/deploy.bicep rename to modules/Microsoft.Network/ipGroups/deploy.bicep diff --git a/arm/Microsoft.Network/ipGroups/readme.md b/modules/Microsoft.Network/ipGroups/readme.md similarity index 100% rename from arm/Microsoft.Network/ipGroups/readme.md rename to modules/Microsoft.Network/ipGroups/readme.md diff --git a/arm/Microsoft.Network/ipGroups/version.json b/modules/Microsoft.Network/ipGroups/version.json similarity index 100% rename from arm/Microsoft.Network/ipGroups/version.json rename to modules/Microsoft.Network/ipGroups/version.json diff --git a/arm/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json b/modules/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json rename to modules/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/min.parameters.json b/modules/Microsoft.Network/loadBalancers/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/.parameters/min.parameters.json rename to modules/Microsoft.Network/loadBalancers/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/loadBalancers/.parameters/parameters.json b/modules/Microsoft.Network/loadBalancers/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/.parameters/parameters.json rename to modules/Microsoft.Network/loadBalancers/.parameters/parameters.json diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep b/modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep rename to modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md b/modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md similarity index 100% rename from arm/Microsoft.Network/loadBalancers/backendAddressPools/readme.md rename to modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md diff --git a/arm/Microsoft.Network/loadBalancers/backendAddressPools/version.json b/modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/backendAddressPools/version.json rename to modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json diff --git a/arm/Microsoft.Network/loadBalancers/deploy.bicep b/modules/Microsoft.Network/loadBalancers/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/loadBalancers/deploy.bicep rename to modules/Microsoft.Network/loadBalancers/deploy.bicep diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep b/modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep rename to modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md b/modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md similarity index 100% rename from arm/Microsoft.Network/loadBalancers/inboundNatRules/readme.md rename to modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md diff --git a/arm/Microsoft.Network/loadBalancers/inboundNatRules/version.json b/modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/inboundNatRules/version.json rename to modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json diff --git a/arm/Microsoft.Network/loadBalancers/readme.md b/modules/Microsoft.Network/loadBalancers/readme.md similarity index 100% rename from arm/Microsoft.Network/loadBalancers/readme.md rename to modules/Microsoft.Network/loadBalancers/readme.md diff --git a/arm/Microsoft.Network/loadBalancers/version.json b/modules/Microsoft.Network/loadBalancers/version.json similarity index 100% rename from arm/Microsoft.Network/loadBalancers/version.json rename to modules/Microsoft.Network/loadBalancers/version.json diff --git a/arm/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/localNetworkGateways/.parameters/parameters.json b/modules/Microsoft.Network/localNetworkGateways/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/localNetworkGateways/.parameters/parameters.json rename to modules/Microsoft.Network/localNetworkGateways/.parameters/parameters.json diff --git a/arm/Microsoft.Network/localNetworkGateways/deploy.bicep b/modules/Microsoft.Network/localNetworkGateways/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/localNetworkGateways/deploy.bicep rename to modules/Microsoft.Network/localNetworkGateways/deploy.bicep diff --git a/arm/Microsoft.Network/localNetworkGateways/readme.md b/modules/Microsoft.Network/localNetworkGateways/readme.md similarity index 100% rename from arm/Microsoft.Network/localNetworkGateways/readme.md rename to modules/Microsoft.Network/localNetworkGateways/readme.md diff --git a/arm/Microsoft.Network/localNetworkGateways/version.json b/modules/Microsoft.Network/localNetworkGateways/version.json similarity index 100% rename from arm/Microsoft.Network/localNetworkGateways/version.json rename to modules/Microsoft.Network/localNetworkGateways/version.json diff --git a/arm/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/natGateways/.parameters/parameters.json b/modules/Microsoft.Network/natGateways/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/natGateways/.parameters/parameters.json rename to modules/Microsoft.Network/natGateways/.parameters/parameters.json diff --git a/arm/Microsoft.Network/natGateways/deploy.bicep b/modules/Microsoft.Network/natGateways/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/natGateways/deploy.bicep rename to modules/Microsoft.Network/natGateways/deploy.bicep diff --git a/arm/Microsoft.Network/natGateways/readme.md b/modules/Microsoft.Network/natGateways/readme.md similarity index 100% rename from arm/Microsoft.Network/natGateways/readme.md rename to modules/Microsoft.Network/natGateways/readme.md diff --git a/arm/Microsoft.Network/natGateways/version.json b/modules/Microsoft.Network/natGateways/version.json similarity index 100% rename from arm/Microsoft.Network/natGateways/version.json rename to modules/Microsoft.Network/natGateways/version.json diff --git a/arm/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json b/modules/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/modules/Microsoft.Network/networkInterfaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/.parameters/parameters.json rename to modules/Microsoft.Network/networkInterfaces/.parameters/parameters.json diff --git a/arm/Microsoft.Network/networkInterfaces/deploy.bicep b/modules/Microsoft.Network/networkInterfaces/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/deploy.bicep rename to modules/Microsoft.Network/networkInterfaces/deploy.bicep diff --git a/arm/Microsoft.Network/networkInterfaces/readme.md b/modules/Microsoft.Network/networkInterfaces/readme.md similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/readme.md rename to modules/Microsoft.Network/networkInterfaces/readme.md diff --git a/arm/Microsoft.Network/networkInterfaces/version.json b/modules/Microsoft.Network/networkInterfaces/version.json similarity index 100% rename from arm/Microsoft.Network/networkInterfaces/version.json rename to modules/Microsoft.Network/networkInterfaces/version.json diff --git a/arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json rename to modules/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Network/networkSecurityGroups/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/deploy.bicep rename to modules/Microsoft.Network/networkSecurityGroups/deploy.bicep diff --git a/arm/Microsoft.Network/networkSecurityGroups/readme.md b/modules/Microsoft.Network/networkSecurityGroups/readme.md similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/readme.md rename to modules/Microsoft.Network/networkSecurityGroups/readme.md diff --git a/arm/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep rename to modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep diff --git a/arm/Microsoft.Network/networkSecurityGroups/securityRules/readme.md b/modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/securityRules/readme.md rename to modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md diff --git a/arm/Microsoft.Network/networkSecurityGroups/securityRules/version.json b/modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/securityRules/version.json rename to modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json diff --git a/arm/Microsoft.Network/networkSecurityGroups/version.json b/modules/Microsoft.Network/networkSecurityGroups/version.json similarity index 100% rename from arm/Microsoft.Network/networkSecurityGroups/version.json rename to modules/Microsoft.Network/networkSecurityGroups/version.json diff --git a/arm/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json b/modules/Microsoft.Network/networkWatchers/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/networkWatchers/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkWatchers/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/networkWatchers/.parameters/parameters.json b/modules/Microsoft.Network/networkWatchers/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/networkWatchers/.parameters/parameters.json rename to modules/Microsoft.Network/networkWatchers/.parameters/parameters.json diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep b/modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep rename to modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md similarity index 100% rename from arm/Microsoft.Network/networkWatchers/connectionMonitors/readme.md rename to modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md diff --git a/arm/Microsoft.Network/networkWatchers/connectionMonitors/version.json b/modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json similarity index 100% rename from arm/Microsoft.Network/networkWatchers/connectionMonitors/version.json rename to modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json diff --git a/arm/Microsoft.Network/networkWatchers/deploy.bicep b/modules/Microsoft.Network/networkWatchers/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatchers/deploy.bicep rename to modules/Microsoft.Network/networkWatchers/deploy.bicep diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep b/modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep rename to modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/readme.md b/modules/Microsoft.Network/networkWatchers/flowLogs/readme.md similarity index 100% rename from arm/Microsoft.Network/networkWatchers/flowLogs/readme.md rename to modules/Microsoft.Network/networkWatchers/flowLogs/readme.md diff --git a/arm/Microsoft.Network/networkWatchers/flowLogs/version.json b/modules/Microsoft.Network/networkWatchers/flowLogs/version.json similarity index 100% rename from arm/Microsoft.Network/networkWatchers/flowLogs/version.json rename to modules/Microsoft.Network/networkWatchers/flowLogs/version.json diff --git a/arm/Microsoft.Network/networkWatchers/readme.md b/modules/Microsoft.Network/networkWatchers/readme.md similarity index 100% rename from arm/Microsoft.Network/networkWatchers/readme.md rename to modules/Microsoft.Network/networkWatchers/readme.md diff --git a/arm/Microsoft.Network/networkWatchers/version.json b/modules/Microsoft.Network/networkWatchers/version.json similarity index 100% rename from arm/Microsoft.Network/networkWatchers/version.json rename to modules/Microsoft.Network/networkWatchers/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json b/modules/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json rename to modules/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/privateDnsZones/.parameters/parameters.json b/modules/Microsoft.Network/privateDnsZones/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/.parameters/parameters.json rename to modules/Microsoft.Network/privateDnsZones/.parameters/parameters.json diff --git a/arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/A/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/A/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/A/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/A/readme.md b/modules/Microsoft.Network/privateDnsZones/A/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/A/readme.md rename to modules/Microsoft.Network/privateDnsZones/A/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/A/version.json b/modules/Microsoft.Network/privateDnsZones/A/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/A/version.json rename to modules/Microsoft.Network/privateDnsZones/A/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/readme.md b/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/AAAA/readme.md rename to modules/Microsoft.Network/privateDnsZones/AAAA/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/AAAA/version.json b/modules/Microsoft.Network/privateDnsZones/AAAA/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/AAAA/version.json rename to modules/Microsoft.Network/privateDnsZones/AAAA/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/readme.md b/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/CNAME/readme.md rename to modules/Microsoft.Network/privateDnsZones/CNAME/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/CNAME/version.json b/modules/Microsoft.Network/privateDnsZones/CNAME/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/CNAME/version.json rename to modules/Microsoft.Network/privateDnsZones/CNAME/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/MX/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/MX/readme.md b/modules/Microsoft.Network/privateDnsZones/MX/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/MX/readme.md rename to modules/Microsoft.Network/privateDnsZones/MX/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/MX/version.json b/modules/Microsoft.Network/privateDnsZones/MX/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/MX/version.json rename to modules/Microsoft.Network/privateDnsZones/MX/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/PTR/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/readme.md b/modules/Microsoft.Network/privateDnsZones/PTR/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/PTR/readme.md rename to modules/Microsoft.Network/privateDnsZones/PTR/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/PTR/version.json b/modules/Microsoft.Network/privateDnsZones/PTR/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/PTR/version.json rename to modules/Microsoft.Network/privateDnsZones/PTR/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SOA/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/readme.md b/modules/Microsoft.Network/privateDnsZones/SOA/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SOA/readme.md rename to modules/Microsoft.Network/privateDnsZones/SOA/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/SOA/version.json b/modules/Microsoft.Network/privateDnsZones/SOA/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SOA/version.json rename to modules/Microsoft.Network/privateDnsZones/SOA/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SRV/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/readme.md b/modules/Microsoft.Network/privateDnsZones/SRV/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SRV/readme.md rename to modules/Microsoft.Network/privateDnsZones/SRV/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/SRV/version.json b/modules/Microsoft.Network/privateDnsZones/SRV/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/SRV/version.json rename to modules/Microsoft.Network/privateDnsZones/SRV/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/TXT/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/readme.md b/modules/Microsoft.Network/privateDnsZones/TXT/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/TXT/readme.md rename to modules/Microsoft.Network/privateDnsZones/TXT/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/TXT/version.json b/modules/Microsoft.Network/privateDnsZones/TXT/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/TXT/version.json rename to modules/Microsoft.Network/privateDnsZones/TXT/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/readme.md rename to modules/Microsoft.Network/privateDnsZones/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/version.json b/modules/Microsoft.Network/privateDnsZones/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/version.json rename to modules/Microsoft.Network/privateDnsZones/version.json diff --git a/arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep rename to modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep diff --git a/arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md rename to modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md diff --git a/arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json similarity index 100% rename from arm/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json rename to modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json diff --git a/arm/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json b/modules/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json rename to modules/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/privateEndpoints/.parameters/parameters.json b/modules/Microsoft.Network/privateEndpoints/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/.parameters/parameters.json rename to modules/Microsoft.Network/privateEndpoints/.parameters/parameters.json diff --git a/arm/Microsoft.Network/privateEndpoints/deploy.bicep b/modules/Microsoft.Network/privateEndpoints/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/deploy.bicep rename to modules/Microsoft.Network/privateEndpoints/deploy.bicep diff --git a/arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep rename to modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep diff --git a/arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md rename to modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md diff --git a/arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json rename to modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json diff --git a/arm/Microsoft.Network/privateEndpoints/readme.md b/modules/Microsoft.Network/privateEndpoints/readme.md similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/readme.md rename to modules/Microsoft.Network/privateEndpoints/readme.md diff --git a/arm/Microsoft.Network/privateEndpoints/version.json b/modules/Microsoft.Network/privateEndpoints/version.json similarity index 100% rename from arm/Microsoft.Network/privateEndpoints/version.json rename to modules/Microsoft.Network/privateEndpoints/version.json diff --git a/arm/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json b/modules/Microsoft.Network/publicIPAddresses/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/publicIPAddresses/.parameters/parameters.json rename to modules/Microsoft.Network/publicIPAddresses/.parameters/parameters.json diff --git a/arm/Microsoft.Network/publicIPAddresses/deploy.bicep b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/publicIPAddresses/deploy.bicep rename to modules/Microsoft.Network/publicIPAddresses/deploy.bicep diff --git a/arm/Microsoft.Network/publicIPAddresses/readme.md b/modules/Microsoft.Network/publicIPAddresses/readme.md similarity index 100% rename from arm/Microsoft.Network/publicIPAddresses/readme.md rename to modules/Microsoft.Network/publicIPAddresses/readme.md diff --git a/arm/Microsoft.Network/publicIPAddresses/version.json b/modules/Microsoft.Network/publicIPAddresses/version.json similarity index 100% rename from arm/Microsoft.Network/publicIPAddresses/version.json rename to modules/Microsoft.Network/publicIPAddresses/version.json diff --git a/arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json b/modules/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json rename to modules/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json diff --git a/arm/Microsoft.Network/publicIPPrefixes/deploy.bicep b/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/publicIPPrefixes/deploy.bicep rename to modules/Microsoft.Network/publicIPPrefixes/deploy.bicep diff --git a/arm/Microsoft.Network/publicIPPrefixes/readme.md b/modules/Microsoft.Network/publicIPPrefixes/readme.md similarity index 100% rename from arm/Microsoft.Network/publicIPPrefixes/readme.md rename to modules/Microsoft.Network/publicIPPrefixes/readme.md diff --git a/arm/Microsoft.Network/publicIPPrefixes/version.json b/modules/Microsoft.Network/publicIPPrefixes/version.json similarity index 100% rename from arm/Microsoft.Network/publicIPPrefixes/version.json rename to modules/Microsoft.Network/publicIPPrefixes/version.json diff --git a/arm/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/routeTables/.parameters/parameters.json b/modules/Microsoft.Network/routeTables/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/routeTables/.parameters/parameters.json rename to modules/Microsoft.Network/routeTables/.parameters/parameters.json diff --git a/arm/Microsoft.Network/routeTables/deploy.bicep b/modules/Microsoft.Network/routeTables/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/routeTables/deploy.bicep rename to modules/Microsoft.Network/routeTables/deploy.bicep diff --git a/arm/Microsoft.Network/routeTables/readme.md b/modules/Microsoft.Network/routeTables/readme.md similarity index 100% rename from arm/Microsoft.Network/routeTables/readme.md rename to modules/Microsoft.Network/routeTables/readme.md diff --git a/arm/Microsoft.Network/routeTables/version.json b/modules/Microsoft.Network/routeTables/version.json similarity index 100% rename from arm/Microsoft.Network/routeTables/version.json rename to modules/Microsoft.Network/routeTables/version.json diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json b/modules/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json rename to modules/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/trafficmanagerprofiles/deploy.bicep rename to modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/readme.md b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md similarity index 100% rename from arm/Microsoft.Network/trafficmanagerprofiles/readme.md rename to modules/Microsoft.Network/trafficmanagerprofiles/readme.md diff --git a/arm/Microsoft.Network/trafficmanagerprofiles/version.json b/modules/Microsoft.Network/trafficmanagerprofiles/version.json similarity index 100% rename from arm/Microsoft.Network/trafficmanagerprofiles/version.json rename to modules/Microsoft.Network/trafficmanagerprofiles/version.json diff --git a/arm/Microsoft.Network/virtualHubs/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualHubs/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualHubs/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualHubs/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/virtualHubs/.parameters/parameters.json b/modules/Microsoft.Network/virtualHubs/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualHubs/.parameters/parameters.json rename to modules/Microsoft.Network/virtualHubs/.parameters/parameters.json diff --git a/arm/Microsoft.Network/virtualHubs/deploy.bicep b/modules/Microsoft.Network/virtualHubs/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualHubs/deploy.bicep rename to modules/Microsoft.Network/virtualHubs/deploy.bicep diff --git a/arm/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep b/modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep rename to modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep diff --git a/arm/Microsoft.Network/virtualHubs/hubRouteTables/readme.md b/modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubRouteTables/readme.md rename to modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md diff --git a/arm/Microsoft.Network/virtualHubs/hubRouteTables/version.json b/modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubRouteTables/version.json rename to modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json diff --git a/arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep rename to modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep diff --git a/arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md rename to modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md diff --git a/arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json similarity index 100% rename from arm/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json rename to modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json diff --git a/arm/Microsoft.Network/virtualHubs/readme.md b/modules/Microsoft.Network/virtualHubs/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualHubs/readme.md rename to modules/Microsoft.Network/virtualHubs/readme.md diff --git a/arm/Microsoft.Network/virtualHubs/version.json b/modules/Microsoft.Network/virtualHubs/version.json similarity index 100% rename from arm/Microsoft.Network/virtualHubs/version.json rename to modules/Microsoft.Network/virtualHubs/version.json diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json rename to modules/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json diff --git a/arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json rename to modules/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json diff --git a/arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/deploy.bicep rename to modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep diff --git a/arm/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/readme.md rename to modules/Microsoft.Network/virtualNetworkGateways/readme.md diff --git a/arm/Microsoft.Network/virtualNetworkGateways/version.json b/modules/Microsoft.Network/virtualNetworkGateways/version.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworkGateways/version.json rename to modules/Microsoft.Network/virtualNetworkGateways/version.json diff --git a/arm/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/modules/Microsoft.Network/virtualNetworks/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/.parameters/parameters.json rename to modules/Microsoft.Network/virtualNetworks/.parameters/parameters.json diff --git a/arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/modules/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json rename to modules/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json diff --git a/arm/Microsoft.Network/virtualNetworks/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/deploy.bicep rename to modules/Microsoft.Network/virtualNetworks/deploy.bicep diff --git a/arm/Microsoft.Network/virtualNetworks/readme.md b/modules/Microsoft.Network/virtualNetworks/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/readme.md rename to modules/Microsoft.Network/virtualNetworks/readme.md diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/subnets/deploy.bicep rename to modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/readme.md b/modules/Microsoft.Network/virtualNetworks/subnets/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/subnets/readme.md rename to modules/Microsoft.Network/virtualNetworks/subnets/readme.md diff --git a/arm/Microsoft.Network/virtualNetworks/subnets/version.json b/modules/Microsoft.Network/virtualNetworks/subnets/version.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/subnets/version.json rename to modules/Microsoft.Network/virtualNetworks/subnets/version.json diff --git a/arm/Microsoft.Network/virtualNetworks/version.json b/modules/Microsoft.Network/virtualNetworks/version.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/version.json rename to modules/Microsoft.Network/virtualNetworks/version.json diff --git a/arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep rename to modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep diff --git a/arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md rename to modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md diff --git a/arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json similarity index 100% rename from arm/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json rename to modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json diff --git a/arm/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualWans/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualWans/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualWans/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/virtualWans/.parameters/parameters.json b/modules/Microsoft.Network/virtualWans/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/virtualWans/.parameters/parameters.json rename to modules/Microsoft.Network/virtualWans/.parameters/parameters.json diff --git a/arm/Microsoft.Network/virtualWans/deploy.bicep b/modules/Microsoft.Network/virtualWans/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/virtualWans/deploy.bicep rename to modules/Microsoft.Network/virtualWans/deploy.bicep diff --git a/arm/Microsoft.Network/virtualWans/readme.md b/modules/Microsoft.Network/virtualWans/readme.md similarity index 100% rename from arm/Microsoft.Network/virtualWans/readme.md rename to modules/Microsoft.Network/virtualWans/readme.md diff --git a/arm/Microsoft.Network/virtualWans/version.json b/modules/Microsoft.Network/virtualWans/version.json similarity index 100% rename from arm/Microsoft.Network/virtualWans/version.json rename to modules/Microsoft.Network/virtualWans/version.json diff --git a/arm/Microsoft.Network/vpnGateways/.parameters/min.parameters.json b/modules/Microsoft.Network/vpnGateways/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/vpnGateways/.parameters/min.parameters.json rename to modules/Microsoft.Network/vpnGateways/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/vpnGateways/.parameters/parameters.json b/modules/Microsoft.Network/vpnGateways/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/vpnGateways/.parameters/parameters.json rename to modules/Microsoft.Network/vpnGateways/.parameters/parameters.json diff --git a/arm/Microsoft.Network/vpnGateways/connections/deploy.bicep b/modules/Microsoft.Network/vpnGateways/connections/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/vpnGateways/connections/deploy.bicep rename to modules/Microsoft.Network/vpnGateways/connections/deploy.bicep diff --git a/arm/Microsoft.Network/vpnGateways/connections/readme.md b/modules/Microsoft.Network/vpnGateways/connections/readme.md similarity index 100% rename from arm/Microsoft.Network/vpnGateways/connections/readme.md rename to modules/Microsoft.Network/vpnGateways/connections/readme.md diff --git a/arm/Microsoft.Network/vpnGateways/connections/version.json b/modules/Microsoft.Network/vpnGateways/connections/version.json similarity index 100% rename from arm/Microsoft.Network/vpnGateways/connections/version.json rename to modules/Microsoft.Network/vpnGateways/connections/version.json diff --git a/arm/Microsoft.Network/vpnGateways/deploy.bicep b/modules/Microsoft.Network/vpnGateways/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/vpnGateways/deploy.bicep rename to modules/Microsoft.Network/vpnGateways/deploy.bicep diff --git a/arm/Microsoft.Network/vpnGateways/natRules/deploy.bicep b/modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/vpnGateways/natRules/deploy.bicep rename to modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep diff --git a/arm/Microsoft.Network/vpnGateways/natRules/readme.md b/modules/Microsoft.Network/vpnGateways/natRules/readme.md similarity index 100% rename from arm/Microsoft.Network/vpnGateways/natRules/readme.md rename to modules/Microsoft.Network/vpnGateways/natRules/readme.md diff --git a/arm/Microsoft.Network/vpnGateways/natRules/version.json b/modules/Microsoft.Network/vpnGateways/natRules/version.json similarity index 100% rename from arm/Microsoft.Network/vpnGateways/natRules/version.json rename to modules/Microsoft.Network/vpnGateways/natRules/version.json diff --git a/arm/Microsoft.Network/vpnGateways/readme.md b/modules/Microsoft.Network/vpnGateways/readme.md similarity index 100% rename from arm/Microsoft.Network/vpnGateways/readme.md rename to modules/Microsoft.Network/vpnGateways/readme.md diff --git a/arm/Microsoft.Network/vpnGateways/version.json b/modules/Microsoft.Network/vpnGateways/version.json similarity index 100% rename from arm/Microsoft.Network/vpnGateways/version.json rename to modules/Microsoft.Network/vpnGateways/version.json diff --git a/arm/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Network/vpnSites/.parameters/min.parameters.json b/modules/Microsoft.Network/vpnSites/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Network/vpnSites/.parameters/min.parameters.json rename to modules/Microsoft.Network/vpnSites/.parameters/min.parameters.json diff --git a/arm/Microsoft.Network/vpnSites/.parameters/parameters.json b/modules/Microsoft.Network/vpnSites/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Network/vpnSites/.parameters/parameters.json rename to modules/Microsoft.Network/vpnSites/.parameters/parameters.json diff --git a/arm/Microsoft.Network/vpnSites/deploy.bicep b/modules/Microsoft.Network/vpnSites/deploy.bicep similarity index 100% rename from arm/Microsoft.Network/vpnSites/deploy.bicep rename to modules/Microsoft.Network/vpnSites/deploy.bicep diff --git a/arm/Microsoft.Network/vpnSites/readme.md b/modules/Microsoft.Network/vpnSites/readme.md similarity index 100% rename from arm/Microsoft.Network/vpnSites/readme.md rename to modules/Microsoft.Network/vpnSites/readme.md diff --git a/arm/Microsoft.Network/vpnSites/version.json b/modules/Microsoft.Network/vpnSites/version.json similarity index 100% rename from arm/Microsoft.Network/vpnSites/version.json rename to modules/Microsoft.Network/vpnSites/version.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json rename to modules/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json rename to modules/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep rename to modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/dataSources/readme.md b/modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/dataSources/readme.md rename to modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md diff --git a/arm/Microsoft.OperationalInsights/workspaces/dataSources/version.json b/modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/dataSources/version.json rename to modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/deploy.bicep rename to modules/Microsoft.OperationalInsights/workspaces/deploy.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep rename to modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md rename to modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md diff --git a/arm/Microsoft.OperationalInsights/workspaces/linkedServices/version.json b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/linkedServices/version.json rename to modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/readme.md b/modules/Microsoft.OperationalInsights/workspaces/readme.md similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/readme.md rename to modules/Microsoft.OperationalInsights/workspaces/readme.md diff --git a/arm/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep rename to modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md rename to modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md diff --git a/arm/Microsoft.OperationalInsights/workspaces/savedSearches/version.json b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/savedSearches/version.json rename to modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep rename to modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md rename to modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md diff --git a/arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json rename to modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json diff --git a/arm/Microsoft.OperationalInsights/workspaces/version.json b/modules/Microsoft.OperationalInsights/workspaces/version.json similarity index 100% rename from arm/Microsoft.OperationalInsights/workspaces/version.json rename to modules/Microsoft.OperationalInsights/workspaces/version.json diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json diff --git a/arm/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json diff --git a/arm/Microsoft.OperationsManagement/solutions/deploy.bicep b/modules/Microsoft.OperationsManagement/solutions/deploy.bicep similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/deploy.bicep rename to modules/Microsoft.OperationsManagement/solutions/deploy.bicep diff --git a/arm/Microsoft.OperationsManagement/solutions/readme.md b/modules/Microsoft.OperationsManagement/solutions/readme.md similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/readme.md rename to modules/Microsoft.OperationsManagement/solutions/readme.md diff --git a/arm/Microsoft.OperationsManagement/solutions/version.json b/modules/Microsoft.OperationsManagement/solutions/version.json similarity index 100% rename from arm/Microsoft.OperationsManagement/solutions/version.json rename to modules/Microsoft.OperationsManagement/solutions/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json diff --git a/arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/.parameters/parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupConfig/readme.md rename to modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/backupConfig/version.json b/modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupConfig/version.json rename to modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md rename to modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/backupPolicies/version.json b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupPolicies/version.json rename to modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md rename to modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json rename to modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/protectionContainers/version.json b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/protectionContainers/version.json rename to modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/readme.md rename to modules/Microsoft.RecoveryServices/vaults/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json rename to modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep rename to modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md rename to modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md diff --git a/arm/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json rename to modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json diff --git a/arm/Microsoft.RecoveryServices/vaults/version.json b/modules/Microsoft.RecoveryServices/vaults/version.json similarity index 100% rename from arm/Microsoft.RecoveryServices/vaults/version.json rename to modules/Microsoft.RecoveryServices/vaults/version.json diff --git a/arm/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json similarity index 100% rename from arm/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json rename to modules/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json diff --git a/arm/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json similarity index 100% rename from arm/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json rename to modules/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json diff --git a/arm/Microsoft.Resources/deploymentScripts/deploy.bicep b/modules/Microsoft.Resources/deploymentScripts/deploy.bicep similarity index 100% rename from arm/Microsoft.Resources/deploymentScripts/deploy.bicep rename to modules/Microsoft.Resources/deploymentScripts/deploy.bicep diff --git a/arm/Microsoft.Resources/deploymentScripts/readme.md b/modules/Microsoft.Resources/deploymentScripts/readme.md similarity index 100% rename from arm/Microsoft.Resources/deploymentScripts/readme.md rename to modules/Microsoft.Resources/deploymentScripts/readme.md diff --git a/arm/Microsoft.Resources/deploymentScripts/version.json b/modules/Microsoft.Resources/deploymentScripts/version.json similarity index 100% rename from arm/Microsoft.Resources/deploymentScripts/version.json rename to modules/Microsoft.Resources/deploymentScripts/version.json diff --git a/arm/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Resources/resourceGroups/.parameters/parameters.json b/modules/Microsoft.Resources/resourceGroups/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Resources/resourceGroups/.parameters/parameters.json rename to modules/Microsoft.Resources/resourceGroups/.parameters/parameters.json diff --git a/arm/Microsoft.Resources/resourceGroups/deploy.bicep b/modules/Microsoft.Resources/resourceGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Resources/resourceGroups/deploy.bicep rename to modules/Microsoft.Resources/resourceGroups/deploy.bicep diff --git a/arm/Microsoft.Resources/resourceGroups/readme.md b/modules/Microsoft.Resources/resourceGroups/readme.md similarity index 100% rename from arm/Microsoft.Resources/resourceGroups/readme.md rename to modules/Microsoft.Resources/resourceGroups/readme.md diff --git a/arm/Microsoft.Resources/resourceGroups/version.json b/modules/Microsoft.Resources/resourceGroups/version.json similarity index 100% rename from arm/Microsoft.Resources/resourceGroups/version.json rename to modules/Microsoft.Resources/resourceGroups/version.json diff --git a/arm/Microsoft.Resources/tags/.parameters/min.parameters.json b/modules/Microsoft.Resources/tags/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Resources/tags/.parameters/min.parameters.json rename to modules/Microsoft.Resources/tags/.parameters/min.parameters.json diff --git a/arm/Microsoft.Resources/tags/.parameters/rg.parameters.json b/modules/Microsoft.Resources/tags/.parameters/rg.parameters.json similarity index 100% rename from arm/Microsoft.Resources/tags/.parameters/rg.parameters.json rename to modules/Microsoft.Resources/tags/.parameters/rg.parameters.json diff --git a/arm/Microsoft.Resources/tags/.parameters/sub.parameters.json b/modules/Microsoft.Resources/tags/.parameters/sub.parameters.json similarity index 100% rename from arm/Microsoft.Resources/tags/.parameters/sub.parameters.json rename to modules/Microsoft.Resources/tags/.parameters/sub.parameters.json diff --git a/arm/Microsoft.Resources/tags/deploy.bicep b/modules/Microsoft.Resources/tags/deploy.bicep similarity index 100% rename from arm/Microsoft.Resources/tags/deploy.bicep rename to modules/Microsoft.Resources/tags/deploy.bicep diff --git a/arm/Microsoft.Resources/tags/readme.md b/modules/Microsoft.Resources/tags/readme.md similarity index 100% rename from arm/Microsoft.Resources/tags/readme.md rename to modules/Microsoft.Resources/tags/readme.md diff --git a/arm/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep b/modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep similarity index 100% rename from arm/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep rename to modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep diff --git a/arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep b/modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep similarity index 100% rename from arm/Microsoft.Resources/tags/resourceGroups/deploy.bicep rename to modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep diff --git a/arm/Microsoft.Resources/tags/resourceGroups/readme.md b/modules/Microsoft.Resources/tags/resourceGroups/readme.md similarity index 100% rename from arm/Microsoft.Resources/tags/resourceGroups/readme.md rename to modules/Microsoft.Resources/tags/resourceGroups/readme.md diff --git a/arm/Microsoft.Resources/tags/resourceGroups/version.json b/modules/Microsoft.Resources/tags/resourceGroups/version.json similarity index 100% rename from arm/Microsoft.Resources/tags/resourceGroups/version.json rename to modules/Microsoft.Resources/tags/resourceGroups/version.json diff --git a/arm/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep b/modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep similarity index 100% rename from arm/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep rename to modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep diff --git a/arm/Microsoft.Resources/tags/subscriptions/deploy.bicep b/modules/Microsoft.Resources/tags/subscriptions/deploy.bicep similarity index 100% rename from arm/Microsoft.Resources/tags/subscriptions/deploy.bicep rename to modules/Microsoft.Resources/tags/subscriptions/deploy.bicep diff --git a/arm/Microsoft.Resources/tags/subscriptions/readme.md b/modules/Microsoft.Resources/tags/subscriptions/readme.md similarity index 100% rename from arm/Microsoft.Resources/tags/subscriptions/readme.md rename to modules/Microsoft.Resources/tags/subscriptions/readme.md diff --git a/arm/Microsoft.Resources/tags/subscriptions/version.json b/modules/Microsoft.Resources/tags/subscriptions/version.json similarity index 100% rename from arm/Microsoft.Resources/tags/subscriptions/version.json rename to modules/Microsoft.Resources/tags/subscriptions/version.json diff --git a/arm/Microsoft.Resources/tags/version.json b/modules/Microsoft.Resources/tags/version.json similarity index 100% rename from arm/Microsoft.Resources/tags/version.json rename to modules/Microsoft.Resources/tags/version.json diff --git a/arm/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep b/modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep similarity index 100% rename from arm/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep rename to modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep diff --git a/arm/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json b/modules/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json rename to modules/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json diff --git a/arm/Microsoft.Security/azureSecurityCenter/deploy.bicep b/modules/Microsoft.Security/azureSecurityCenter/deploy.bicep similarity index 100% rename from arm/Microsoft.Security/azureSecurityCenter/deploy.bicep rename to modules/Microsoft.Security/azureSecurityCenter/deploy.bicep diff --git a/arm/Microsoft.Security/azureSecurityCenter/readme.md b/modules/Microsoft.Security/azureSecurityCenter/readme.md similarity index 100% rename from arm/Microsoft.Security/azureSecurityCenter/readme.md rename to modules/Microsoft.Security/azureSecurityCenter/readme.md diff --git a/arm/Microsoft.Security/azureSecurityCenter/version.json b/modules/Microsoft.Security/azureSecurityCenter/version.json similarity index 100% rename from arm/Microsoft.Security/azureSecurityCenter/version.json rename to modules/Microsoft.Security/azureSecurityCenter/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json b/modules/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json rename to modules/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json diff --git a/arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json b/modules/Microsoft.ServiceBus/namespaces/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/.parameters/parameters.json rename to modules/Microsoft.ServiceBus/namespaces/.parameters/parameters.json diff --git a/arm/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md rename to modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/authorizationRules/version.json rename to modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md rename to modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json rename to modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md rename to modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json rename to modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md rename to modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json rename to modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md rename to modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json rename to modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/readme.md b/modules/Microsoft.ServiceBus/namespaces/queues/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/readme.md rename to modules/Microsoft.ServiceBus/namespaces/queues/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/queues/version.json b/modules/Microsoft.ServiceBus/namespaces/queues/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/queues/version.json rename to modules/Microsoft.ServiceBus/namespaces/queues/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/readme.md b/modules/Microsoft.ServiceBus/namespaces/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/readme.md rename to modules/Microsoft.ServiceBus/namespaces/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md rename to modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json rename to modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/readme.md b/modules/Microsoft.ServiceBus/namespaces/topics/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/readme.md rename to modules/Microsoft.ServiceBus/namespaces/topics/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/topics/version.json b/modules/Microsoft.ServiceBus/namespaces/topics/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/topics/version.json rename to modules/Microsoft.ServiceBus/namespaces/topics/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/version.json b/modules/Microsoft.ServiceBus/namespaces/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/version.json rename to modules/Microsoft.ServiceBus/namespaces/version.json diff --git a/arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep rename to modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep diff --git a/arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md rename to modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md diff --git a/arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json similarity index 100% rename from arm/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json rename to modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json diff --git a/arm/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json diff --git a/arm/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json diff --git a/arm/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json diff --git a/arm/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep rename to modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep diff --git a/arm/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md rename to modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md diff --git a/arm/Microsoft.ServiceFabric/clusters/applicationTypes/version.json b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/applicationTypes/version.json rename to modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json diff --git a/arm/Microsoft.ServiceFabric/clusters/deploy.bicep b/modules/Microsoft.ServiceFabric/clusters/deploy.bicep similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/deploy.bicep rename to modules/Microsoft.ServiceFabric/clusters/deploy.bicep diff --git a/arm/Microsoft.ServiceFabric/clusters/readme.md b/modules/Microsoft.ServiceFabric/clusters/readme.md similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/readme.md rename to modules/Microsoft.ServiceFabric/clusters/readme.md diff --git a/arm/Microsoft.ServiceFabric/clusters/version.json b/modules/Microsoft.ServiceFabric/clusters/version.json similarity index 100% rename from arm/Microsoft.ServiceFabric/clusters/version.json rename to modules/Microsoft.ServiceFabric/clusters/version.json diff --git a/arm/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Sql/managedInstances/.parameters/parameters.json b/modules/Microsoft.Sql/managedInstances/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/.parameters/parameters.json rename to modules/Microsoft.Sql/managedInstances/.parameters/parameters.json diff --git a/arm/Microsoft.Sql/managedInstances/administrators/deploy.bicep b/modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/administrators/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/administrators/readme.md b/modules/Microsoft.Sql/managedInstances/administrators/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/administrators/readme.md rename to modules/Microsoft.Sql/managedInstances/administrators/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/administrators/version.json b/modules/Microsoft.Sql/managedInstances/administrators/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/administrators/version.json rename to modules/Microsoft.Sql/managedInstances/administrators/version.json diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md rename to modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json rename to modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md rename to modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json rename to modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json diff --git a/arm/Microsoft.Sql/managedInstances/databases/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/databases/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/databases/readme.md b/modules/Microsoft.Sql/managedInstances/databases/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/readme.md rename to modules/Microsoft.Sql/managedInstances/databases/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/databases/version.json b/modules/Microsoft.Sql/managedInstances/databases/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/databases/version.json rename to modules/Microsoft.Sql/managedInstances/databases/version.json diff --git a/arm/Microsoft.Sql/managedInstances/deploy.bicep b/modules/Microsoft.Sql/managedInstances/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep b/modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/encryptionProtector/readme.md b/modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/encryptionProtector/readme.md rename to modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/encryptionProtector/version.json b/modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/encryptionProtector/version.json rename to modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json diff --git a/arm/Microsoft.Sql/managedInstances/keys/deploy.bicep b/modules/Microsoft.Sql/managedInstances/keys/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/keys/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/keys/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/keys/readme.md b/modules/Microsoft.Sql/managedInstances/keys/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/keys/readme.md rename to modules/Microsoft.Sql/managedInstances/keys/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/keys/version.json b/modules/Microsoft.Sql/managedInstances/keys/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/keys/version.json rename to modules/Microsoft.Sql/managedInstances/keys/version.json diff --git a/arm/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/readme.md rename to modules/Microsoft.Sql/managedInstances/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md rename to modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json rename to modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json diff --git a/arm/Microsoft.Sql/managedInstances/version.json b/modules/Microsoft.Sql/managedInstances/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/version.json rename to modules/Microsoft.Sql/managedInstances/version.json diff --git a/arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep rename to modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep diff --git a/arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md similarity index 100% rename from arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md rename to modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md diff --git a/arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json similarity index 100% rename from arm/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json rename to modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json diff --git a/arm/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Sql/servers/.parameters/admin.parameters.json b/modules/Microsoft.Sql/servers/.parameters/admin.parameters.json similarity index 100% rename from arm/Microsoft.Sql/servers/.parameters/admin.parameters.json rename to modules/Microsoft.Sql/servers/.parameters/admin.parameters.json diff --git a/arm/Microsoft.Sql/servers/.parameters/parameters.json b/modules/Microsoft.Sql/servers/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Sql/servers/.parameters/parameters.json rename to modules/Microsoft.Sql/servers/.parameters/parameters.json diff --git a/arm/Microsoft.Sql/servers/databases/deploy.bicep b/modules/Microsoft.Sql/servers/databases/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/databases/deploy.bicep rename to modules/Microsoft.Sql/servers/databases/deploy.bicep diff --git a/arm/Microsoft.Sql/servers/databases/readme.md b/modules/Microsoft.Sql/servers/databases/readme.md similarity index 100% rename from arm/Microsoft.Sql/servers/databases/readme.md rename to modules/Microsoft.Sql/servers/databases/readme.md diff --git a/arm/Microsoft.Sql/servers/databases/version.json b/modules/Microsoft.Sql/servers/databases/version.json similarity index 100% rename from arm/Microsoft.Sql/servers/databases/version.json rename to modules/Microsoft.Sql/servers/databases/version.json diff --git a/arm/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/deploy.bicep rename to modules/Microsoft.Sql/servers/deploy.bicep diff --git a/arm/Microsoft.Sql/servers/firewallRules/deploy.bicep b/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/firewallRules/deploy.bicep rename to modules/Microsoft.Sql/servers/firewallRules/deploy.bicep diff --git a/arm/Microsoft.Sql/servers/firewallRules/readme.md b/modules/Microsoft.Sql/servers/firewallRules/readme.md similarity index 100% rename from arm/Microsoft.Sql/servers/firewallRules/readme.md rename to modules/Microsoft.Sql/servers/firewallRules/readme.md diff --git a/arm/Microsoft.Sql/servers/firewallRules/version.json b/modules/Microsoft.Sql/servers/firewallRules/version.json similarity index 100% rename from arm/Microsoft.Sql/servers/firewallRules/version.json rename to modules/Microsoft.Sql/servers/firewallRules/version.json diff --git a/arm/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md similarity index 100% rename from arm/Microsoft.Sql/servers/readme.md rename to modules/Microsoft.Sql/servers/readme.md diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep b/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep rename to modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md similarity index 100% rename from arm/Microsoft.Sql/servers/securityAlertPolicies/readme.md rename to modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md diff --git a/arm/Microsoft.Sql/servers/securityAlertPolicies/version.json b/modules/Microsoft.Sql/servers/securityAlertPolicies/version.json similarity index 100% rename from arm/Microsoft.Sql/servers/securityAlertPolicies/version.json rename to modules/Microsoft.Sql/servers/securityAlertPolicies/version.json diff --git a/arm/Microsoft.Sql/servers/version.json b/modules/Microsoft.Sql/servers/version.json similarity index 100% rename from arm/Microsoft.Sql/servers/version.json rename to modules/Microsoft.Sql/servers/version.json diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep similarity index 100% rename from arm/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep rename to modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md similarity index 100% rename from arm/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md rename to modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md diff --git a/arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json similarity index 100% rename from arm/Microsoft.Sql/servers/vulnerabilityAssessments/version.json rename to modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json b/modules/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json b/modules/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json b/modules/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json b/modules/Microsoft.Storage/storageAccounts/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.parameters/parameters.json rename to modules/Microsoft.Storage/storageAccounts/.parameters/parameters.json diff --git a/arm/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json b/modules/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/containers/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/containers/version.json rename to modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/readme.md rename to modules/Microsoft.Storage/storageAccounts/blobServices/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/blobServices/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/blobServices/version.json rename to modules/Microsoft.Storage/storageAccounts/blobServices/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/readme.md rename to modules/Microsoft.Storage/storageAccounts/fileServices/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md rename to modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/shares/version.json b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/shares/version.json rename to modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/fileServices/version.json b/modules/Microsoft.Storage/storageAccounts/fileServices/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/fileServices/version.json rename to modules/Microsoft.Storage/storageAccounts/fileServices/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/managementPolicies/readme.md b/modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/managementPolicies/readme.md rename to modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/managementPolicies/version.json b/modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/managementPolicies/version.json rename to modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md rename to modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/queues/version.json b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/queues/version.json rename to modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/readme.md rename to modules/Microsoft.Storage/storageAccounts/queueServices/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/queueServices/version.json b/modules/Microsoft.Storage/storageAccounts/queueServices/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/queueServices/version.json rename to modules/Microsoft.Storage/storageAccounts/queueServices/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/readme.md rename to modules/Microsoft.Storage/storageAccounts/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/readme.md b/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/readme.md rename to modules/Microsoft.Storage/storageAccounts/tableServices/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep rename to modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md rename to modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/tables/version.json b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/tables/version.json rename to modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/tableServices/version.json b/modules/Microsoft.Storage/storageAccounts/tableServices/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/tableServices/version.json rename to modules/Microsoft.Storage/storageAccounts/tableServices/version.json diff --git a/arm/Microsoft.Storage/storageAccounts/version.json b/modules/Microsoft.Storage/storageAccounts/version.json similarity index 100% rename from arm/Microsoft.Storage/storageAccounts/version.json rename to modules/Microsoft.Storage/storageAccounts/version.json diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json rename to modules/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json rename to modules/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json diff --git a/arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/deploy.bicep rename to modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep diff --git a/arm/Microsoft.Synapse/privateLinkHubs/readme.md b/modules/Microsoft.Synapse/privateLinkHubs/readme.md similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/readme.md rename to modules/Microsoft.Synapse/privateLinkHubs/readme.md diff --git a/arm/Microsoft.Synapse/privateLinkHubs/version.json b/modules/Microsoft.Synapse/privateLinkHubs/version.json similarity index 100% rename from arm/Microsoft.Synapse/privateLinkHubs/version.json rename to modules/Microsoft.Synapse/privateLinkHubs/version.json diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json b/modules/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json rename to modules/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep similarity index 100% rename from arm/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep rename to modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md similarity index 100% rename from arm/Microsoft.VirtualMachineImages/imageTemplates/readme.md rename to modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md diff --git a/arm/Microsoft.VirtualMachineImages/imageTemplates/version.json b/modules/Microsoft.VirtualMachineImages/imageTemplates/version.json similarity index 100% rename from arm/Microsoft.VirtualMachineImages/imageTemplates/version.json rename to modules/Microsoft.VirtualMachineImages/imageTemplates/version.json diff --git a/arm/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Web/connections/.parameters/parameters.json b/modules/Microsoft.Web/connections/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Web/connections/.parameters/parameters.json rename to modules/Microsoft.Web/connections/.parameters/parameters.json diff --git a/arm/Microsoft.Web/connections/deploy.bicep b/modules/Microsoft.Web/connections/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/connections/deploy.bicep rename to modules/Microsoft.Web/connections/deploy.bicep diff --git a/arm/Microsoft.Web/connections/readme.md b/modules/Microsoft.Web/connections/readme.md similarity index 100% rename from arm/Microsoft.Web/connections/readme.md rename to modules/Microsoft.Web/connections/readme.md diff --git a/arm/Microsoft.Web/connections/version.json b/modules/Microsoft.Web/connections/version.json similarity index 100% rename from arm/Microsoft.Web/connections/version.json rename to modules/Microsoft.Web/connections/version.json diff --git a/arm/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json rename to modules/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json diff --git a/arm/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json rename to modules/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json diff --git a/arm/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/deploy.bicep rename to modules/Microsoft.Web/hostingEnvironments/deploy.bicep diff --git a/arm/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/readme.md rename to modules/Microsoft.Web/hostingEnvironments/readme.md diff --git a/arm/Microsoft.Web/hostingEnvironments/version.json b/modules/Microsoft.Web/hostingEnvironments/version.json similarity index 100% rename from arm/Microsoft.Web/hostingEnvironments/version.json rename to modules/Microsoft.Web/hostingEnvironments/version.json diff --git a/arm/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Web/serverfarms/.parameters/parameters.json b/modules/Microsoft.Web/serverfarms/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Web/serverfarms/.parameters/parameters.json rename to modules/Microsoft.Web/serverfarms/.parameters/parameters.json diff --git a/arm/Microsoft.Web/serverfarms/deploy.bicep b/modules/Microsoft.Web/serverfarms/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/serverfarms/deploy.bicep rename to modules/Microsoft.Web/serverfarms/deploy.bicep diff --git a/arm/Microsoft.Web/serverfarms/readme.md b/modules/Microsoft.Web/serverfarms/readme.md similarity index 100% rename from arm/Microsoft.Web/serverfarms/readme.md rename to modules/Microsoft.Web/serverfarms/readme.md diff --git a/arm/Microsoft.Web/serverfarms/version.json b/modules/Microsoft.Web/serverfarms/version.json similarity index 100% rename from arm/Microsoft.Web/serverfarms/version.json rename to modules/Microsoft.Web/serverfarms/version.json diff --git a/arm/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Web/sites/.parameters/fa.min.parameters.json b/modules/Microsoft.Web/sites/.parameters/fa.min.parameters.json similarity index 100% rename from arm/Microsoft.Web/sites/.parameters/fa.min.parameters.json rename to modules/Microsoft.Web/sites/.parameters/fa.min.parameters.json diff --git a/arm/Microsoft.Web/sites/.parameters/fa.parameters.json b/modules/Microsoft.Web/sites/.parameters/fa.parameters.json similarity index 100% rename from arm/Microsoft.Web/sites/.parameters/fa.parameters.json rename to modules/Microsoft.Web/sites/.parameters/fa.parameters.json diff --git a/arm/Microsoft.Web/sites/.parameters/wa.min.parameters.json b/modules/Microsoft.Web/sites/.parameters/wa.min.parameters.json similarity index 100% rename from arm/Microsoft.Web/sites/.parameters/wa.min.parameters.json rename to modules/Microsoft.Web/sites/.parameters/wa.min.parameters.json diff --git a/arm/Microsoft.Web/sites/.parameters/wa.parameters.json b/modules/Microsoft.Web/sites/.parameters/wa.parameters.json similarity index 100% rename from arm/Microsoft.Web/sites/.parameters/wa.parameters.json rename to modules/Microsoft.Web/sites/.parameters/wa.parameters.json diff --git a/arm/Microsoft.Web/sites/config-appsettings/deploy.bicep b/modules/Microsoft.Web/sites/config-appsettings/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/sites/config-appsettings/deploy.bicep rename to modules/Microsoft.Web/sites/config-appsettings/deploy.bicep diff --git a/arm/Microsoft.Web/sites/config-appsettings/readme.md b/modules/Microsoft.Web/sites/config-appsettings/readme.md similarity index 100% rename from arm/Microsoft.Web/sites/config-appsettings/readme.md rename to modules/Microsoft.Web/sites/config-appsettings/readme.md diff --git a/arm/Microsoft.Web/sites/config-appsettings/version.json b/modules/Microsoft.Web/sites/config-appsettings/version.json similarity index 100% rename from arm/Microsoft.Web/sites/config-appsettings/version.json rename to modules/Microsoft.Web/sites/config-appsettings/version.json diff --git a/arm/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep b/modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep rename to modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep diff --git a/arm/Microsoft.Web/sites/config-authsettingsv2/readme.md b/modules/Microsoft.Web/sites/config-authsettingsv2/readme.md similarity index 100% rename from arm/Microsoft.Web/sites/config-authsettingsv2/readme.md rename to modules/Microsoft.Web/sites/config-authsettingsv2/readme.md diff --git a/arm/Microsoft.Web/sites/config-authsettingsv2/version.json b/modules/Microsoft.Web/sites/config-authsettingsv2/version.json similarity index 100% rename from arm/Microsoft.Web/sites/config-authsettingsv2/version.json rename to modules/Microsoft.Web/sites/config-authsettingsv2/version.json diff --git a/arm/Microsoft.Web/sites/deploy.bicep b/modules/Microsoft.Web/sites/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/sites/deploy.bicep rename to modules/Microsoft.Web/sites/deploy.bicep diff --git a/arm/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md similarity index 100% rename from arm/Microsoft.Web/sites/readme.md rename to modules/Microsoft.Web/sites/readme.md diff --git a/arm/Microsoft.Web/sites/version.json b/modules/Microsoft.Web/sites/version.json similarity index 100% rename from arm/Microsoft.Web/sites/version.json rename to modules/Microsoft.Web/sites/version.json diff --git a/arm/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep similarity index 100% rename from arm/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep rename to modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep diff --git a/arm/Microsoft.Web/staticSites/.parameters/min.parameters.json b/modules/Microsoft.Web/staticSites/.parameters/min.parameters.json similarity index 100% rename from arm/Microsoft.Web/staticSites/.parameters/min.parameters.json rename to modules/Microsoft.Web/staticSites/.parameters/min.parameters.json diff --git a/arm/Microsoft.Web/staticSites/.parameters/parameters.json b/modules/Microsoft.Web/staticSites/.parameters/parameters.json similarity index 100% rename from arm/Microsoft.Web/staticSites/.parameters/parameters.json rename to modules/Microsoft.Web/staticSites/.parameters/parameters.json diff --git a/arm/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep similarity index 100% rename from arm/Microsoft.Web/staticSites/deploy.bicep rename to modules/Microsoft.Web/staticSites/deploy.bicep diff --git a/arm/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md similarity index 100% rename from arm/Microsoft.Web/staticSites/readme.md rename to modules/Microsoft.Web/staticSites/readme.md diff --git a/arm/Microsoft.Web/staticSites/version.json b/modules/Microsoft.Web/staticSites/version.json similarity index 100% rename from arm/Microsoft.Web/staticSites/version.json rename to modules/Microsoft.Web/staticSites/version.json diff --git a/modules/README.md b/modules/README.md new file mode 100644 index 0000000000..23e4b05592 --- /dev/null +++ b/modules/README.md @@ -0,0 +1,107 @@ +In this section you can find useful information regarding the Modules that are contained in this repository. + +## Available Resource Modules + +| Name | Provider namespace | Resource Type | +| - | - | - | +| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | `MS.AAD` | [DomainServices](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | +| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | `MS.AnalysisServices` | [servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | +| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | `MS.ApiManagement` | [service](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | +| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | `MS.AppConfiguration` | [configurationStores](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | +| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | `MS.Authorization` | [locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | +| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | | [policyAssignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | +| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | | [policyDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | +| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | | [policyExemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | +| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | | [policySetDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | +| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | | [roleAssignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | +| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | | [roleDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | +| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | `MS.Automation` | [automationAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | +| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | `MS.Batch` | [batchAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | +| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | `MS.CognitiveServices` | [accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | +| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | `MS.Compute` | [availabilitySets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | +| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | | [diskEncryptionSets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | +| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | | [disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | +| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | | [galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | +| [Images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | | [images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | +| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | | [proximityPlacementGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | +| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | | [virtualMachines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | +| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | | [virtualMachineScaleSets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | +| [Budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | `MS.Consumption` | [budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | +| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | `MS.ContainerInstance` | [containerGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | +| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | `MS.ContainerRegistry` | [registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | +| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | `MS.ContainerService` | [managedClusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | +| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | `MS.Databricks` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | +| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | `MS.DataFactory` | [factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | +| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | `MS.DataProtection` | [backupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | +| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | `MS.DesktopVirtualization` | [applicationgroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | +| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | | [hostpools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | +| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | | [scalingplans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | +| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | +| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | `MS.DocumentDB` | [databaseAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | +| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | `MS.EventGrid` | [systemTopics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | +| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | | [topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | +| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | `MS.EventHub` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | +| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | `MS.HealthBot` | [healthBots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | +| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | `MS.Insights` | [actionGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | +| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | | [activityLogAlerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | +| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | | [components](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | +| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | | [diagnosticSettings](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | +| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | | [metricAlerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | +| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | | [privateLinkScopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | +| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | | [scheduledQueryRules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | +| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | `MS.KeyVault` | [vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | +| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | `MS.KubernetesConfiguration` | [extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | +| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | | [fluxConfigurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | +| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | `MS.Logic` | [workflows](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | +| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | `MS.achineLearningServices` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | +| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | `MS.anagedIdentity` | [userAssignedIdentities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | +| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | `MS.anagedServices` | [registrationDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | +| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | `MS.anagement` | [managementGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | +| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | `MS.NetApp` | [netAppAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | +| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | `MS.Network` | [applicationGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | +| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | | [applicationSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | +| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | | [azureFirewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | +| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | | [bastionHosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | +| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | | [connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | +| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | | [ddosProtectionPlans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | +| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | | [expressRouteCircuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | +| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | | [firewallPolicies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | +| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | | [frontDoors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | +| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | | [ipGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | +| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | | [loadBalancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | +| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | | [localNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | +| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | | [natGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | +| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | | [networkInterfaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | +| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | | [networkSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | +| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | | [networkWatchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | +| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | | [privateDnsZones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | +| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | | [privateEndpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | +| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | | [publicIPAddresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | +| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | | [publicIPPrefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | +| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | | [routeTables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | +| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | | [trafficmanagerprofiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | +| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | | [virtualHubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | +| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | | [virtualNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | +| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | | [virtualNetworks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | +| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | | [virtualWans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | +| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | | [vpnGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | +| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | | [vpnSites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | +| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | `MS.OperationalInsights` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | +| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | `MS.OperationsManagement` | [solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | +| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | `MS.RecoveryServices` | [vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | +| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | `MS.Resources` | [deploymentScripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | +| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | | [resourceGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | +| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | | [tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | +| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | `MS.Security` | [azureSecurityCenter](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | +| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | `MS.ServiceBus` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | +| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | `MS.ServiceFabric` | [clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | +| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | `MS.Sql` | [managedInstances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | +| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | | [servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | +| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | `MS.Storage` | [storageAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | +| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | `MS.Synapse` | [privateLinkHubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | +| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | `MS.VirtualMachineImages` | [imageTemplates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | +| [API Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | `MS.Web` | [connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | +| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | | [hostingEnvironments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | +| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | | [serverfarms](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | +| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | | [sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | +| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | | [staticSites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | diff --git a/utilities/pipelines/resourcePublish/Get-ModulesToPublish.ps1 b/utilities/pipelines/resourcePublish/Get-ModulesToPublish.ps1 index 57c18ff75e..7993734f5a 100644 --- a/utilities/pipelines/resourcePublish/Get-ModulesToPublish.ps1 +++ b/utilities/pipelines/resourcePublish/Get-ModulesToPublish.ps1 @@ -79,9 +79,9 @@ This function will search the current directory and all parent directories for a Mandatory. Path to the folder/file that should be searched .EXAMPLE -Find-TemplateFile -Path "C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables\.bicep\nested_roleAssignments.bicep" +Find-TemplateFile -Path "C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables\.bicep\nested_roleAssignments.bicep" - Directory: C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables + Directory: C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables Mode LastWriteTime Length Name ---- ------------- ------ ---- @@ -98,7 +98,7 @@ function Find-TemplateFile { $FolderPath = Split-Path $Path -Parent $FolderName = Split-Path $Path -Leaf - if ($FolderName -eq 'arm') { + if ($FolderName -eq 'modules') { return $null } @@ -126,9 +126,9 @@ Find the closest deploy.bicep/json file to the changed files in the module folde Mandatory. Path to the main/parent module folder. .EXAMPLE -Get-TemplateFileToPublish -ModuleFolderPath "C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\" +Get-TemplateFileToPublish -ModuleFolderPath "C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\" -C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep +C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep Gets the closest deploy.bicep/json file to the changed files in the module folder structure. Assuming there is a changed file in 'Microsoft.Storage\storageAccounts\tableServices\tables' @@ -142,7 +142,7 @@ function Get-TemplateFileToPublish { [Parameter(Mandatory)] [string] $ModuleFolderPath ) - $ModuleFolderRelPath = $ModuleFolderPath.Split('/arm/')[-1] + $ModuleFolderRelPath = $ModuleFolderPath.Split('/modules/')[-1] $ModifiedFiles = Get-ModifiedFileList -Verbose Write-Verbose "Looking for modified files under: [$ModuleFolderRelPath]" -Verbose $ModifiedModuleFiles = $ModifiedFiles | Where-Object { $_.FullName -like "*$ModuleFolderPath*" } @@ -157,7 +157,7 @@ function Get-TemplateFileToPublish { Write-Verbose ('Modified modules found: [{0}]' -f $TemplateFilesToPublish.count) -Verbose $TemplateFilesToPublish | ForEach-Object { - $RelPath = ($_.FullName).Split('/arm/')[-1] + $RelPath = ($_.FullName).Split('/modules/')[-1] $RelPath = $RelPath.Split('/deploy.')[0] Write-Verbose " - [$RelPath]" -Verbose } @@ -179,15 +179,15 @@ Mandatory. Path to a deploy.bicep/json file. Optional. If true, the function will recurse up the folder structure to find the closest deploy.bicep/json file. .EXAMPLE -Get-ParentModuleTemplateFile -TemplateFilePath 'C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' -Recurse +Get-ParentModuleTemplateFile -TemplateFilePath 'C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' -Recurse - Directory: C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices + Directory: C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices Mode LastWriteTime Length Name ---- ------------- ------ ---- la--- 05.12.2021 22:45 1427 deploy.bicep - Directory: C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts + Directory: C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts Mode LastWriteTime Length Name ---- ------------- ------ ---- @@ -268,7 +268,7 @@ The file needs to be in the same folder as the template file itself. Mandatory. Path to a deploy.bicep/json file. .EXAMPLE -Get-ModuleVersionFromFile -TemplateFilePath 'C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' +Get-ModuleVersionFromFile -TemplateFilePath 'C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' 0.3 @@ -307,7 +307,7 @@ Patch version number is calculated based on the git commit count on the branch. Mandatory. Path to a deploy.bicep/json file. .EXAMPLE -Get-NewModuleVersion -TemplateFilePath 'C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' +Get-NewModuleVersion -TemplateFilePath 'C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\tableServices\tables\deploy.bicep' 0.3.630 @@ -347,16 +347,16 @@ Generates a hashtable with template file paths to publish with a new version. Mandatory. Path to a deploy.bicep/json file. .EXAMPLE -Get-ModulesToPublish -TemplateFilePath 'C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\deploy.bicep' +Get-ModulesToPublish -TemplateFilePath 'C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\deploy.bicep' Name Value ---- ----- -TemplateFilePath C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\fileServices\shares\deploy.bicep +TemplateFilePath C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\fileServices\shares\deploy.bicep Version 0.3.848-prerelease -TemplateFilePath C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\fileServices\deploy.bicep +TemplateFilePath C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\fileServices\deploy.bicep Version 0.3.848-prerelease -TemplateFilePath C:\Repos\Azure\ResourceModules\arm\Microsoft.Storage\storageAccounts\deploy.bicep +TemplateFilePath C:\Repos\Azure\ResourceModules\modules\Microsoft.Storage\storageAccounts\deploy.bicep Version 0.3.848-prerelease Generates a hashtable with template file paths to publish and their new versions. @@ -429,7 +429,7 @@ function Get-ModulesToPublish { if ($ModulesToPublish.count -gt 0) { Write-Verbose 'Publish the following modules:'-Verbose $ModulesToPublish | ForEach-Object { - $RelPath = ($_.TemplateFilePath).Split('/arm/')[-1] + $RelPath = ($_.TemplateFilePath).Split('/modules/')[-1] $RelPath = $RelPath.Split('/deploy.')[0] Write-Verbose (' - [{0}] [{1}] ' -f $RelPath, $_.Version) -Verbose } diff --git a/utilities/pipelines/resourcePublish/Publish-ModuleToPrivateBicepRegistry.ps1 b/utilities/pipelines/resourcePublish/Publish-ModuleToPrivateBicepRegistry.ps1 index 584582b4e1..319c73b919 100644 --- a/utilities/pipelines/resourcePublish/Publish-ModuleToPrivateBicepRegistry.ps1 +++ b/utilities/pipelines/resourcePublish/Publish-ModuleToPrivateBicepRegistry.ps1 @@ -7,7 +7,7 @@ Publish a new version of a given module to a private bicep registry .PARAMETER TemplateFilePath Mandatory. Path to the module deployment file from root. -Example: 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' +Example: 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' .PARAMETER ModuleVersion Mandatory. Version of the module to publish, following SemVer convention. @@ -26,7 +26,7 @@ Optional. The location of the resourceGroup the private bicep registry is deploy Example: 'West Europe' .EXAMPLE -Publish-ModuleToPrivateBicepRegistry -TemplateFilePath 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -BicepRegistryName 'adpsxxazacrx001' -BicepRegistryRgName 'artifacts-rg' +Publish-ModuleToPrivateBicepRegistry -TemplateFilePath 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -BicepRegistryName 'adpsxxazacrx001' -BicepRegistryRgName 'artifacts-rg' Try to publish the KeyVault module with version 3.0.0-alpha to a private bicep registry called 'adpsxxazacrx001' in resource group 'artifacts-rg'. #> @@ -76,8 +76,8 @@ function Publish-ModuleToPrivateBicepRegistry { } } - # Extracts Microsoft.KeyVault/vaults from e.g. C:\arm\Microsoft.KeyVault\vaults\deploy.bicep - $moduleIdentifier = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').Split('/arm/')[1] + # Extracts Microsoft.KeyVault/vaults from e.g. C:\modules\Microsoft.KeyVault\vaults\deploy.bicep + $moduleIdentifier = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').Split('/modules/')[1] $moduleRegistryIdentifier = 'bicep/modules/{0}' -f $moduleIdentifier.Replace('\', '/').Replace('/', '.').ToLower() ############################################# diff --git a/utilities/pipelines/resourcePublish/Publish-ModuleToTemplateSpec.ps1 b/utilities/pipelines/resourcePublish/Publish-ModuleToTemplateSpec.ps1 index 1a0a883a5f..df821bd8d8 100644 --- a/utilities/pipelines/resourcePublish/Publish-ModuleToTemplateSpec.ps1 +++ b/utilities/pipelines/resourcePublish/Publish-ModuleToTemplateSpec.ps1 @@ -8,7 +8,7 @@ The template spec is set up if not already existing. .PARAMETER TemplateFilePath Mandatory. Path to the module deployment file from root. -Example: 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' +Example: 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' .PARAMETER ModuleVersion Mandatory. Version of the module to publish, following SemVer convention. @@ -27,7 +27,7 @@ Mandatory. The description of the parent template spec. Example: 'iacs key vault' .EXAMPLE -Publish-ModuleToTemplateSpec -TemplateFilePath 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -TemplateSpecsRgName 'artifacts-rg' -TemplateSpecsRgLocation 'West Europe' -TemplateSpecsDescription 'iacs key vault' +Publish-ModuleToTemplateSpec -TemplateFilePath 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -TemplateSpecsRgName 'artifacts-rg' -TemplateSpecsRgLocation 'West Europe' -TemplateSpecsDescription 'iacs key vault' Try to publish the KeyVault module with version 3.0.0-alpha to a template spec in resource group 'artifacts-rg'. #> @@ -56,7 +56,7 @@ function Publish-ModuleToTemplateSpec { } process { - $moduleIdentifier = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').Split('/arm/')[1] + $moduleIdentifier = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').Split('/modules/')[1] $templateSpecIdentifier = $moduleIdentifier.Replace('\', '/').Replace('/', '.').ToLower() ############################# diff --git a/utilities/pipelines/resourcePublish/Publish-ModuleToUniversalArtifactFeed.ps1 b/utilities/pipelines/resourcePublish/Publish-ModuleToUniversalArtifactFeed.ps1 index 7868fe45fa..0dd3549f87 100644 --- a/utilities/pipelines/resourcePublish/Publish-ModuleToUniversalArtifactFeed.ps1 +++ b/utilities/pipelines/resourcePublish/Publish-ModuleToUniversalArtifactFeed.ps1 @@ -38,7 +38,7 @@ Publish a new version of a given module to an Azure DevOps artifact feed as a un .PARAMETER TemplateFilePath Mandatory. Path to the module deployment file from root. -Example: 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' +Example: 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' .PARAMETER ModuleVersion Mandatory. Version of the module to publish, following SemVer convention. @@ -60,7 +60,7 @@ Example: 'Artifacts'. Optional. The bearer token to use to authenticate the request. If not provided it MUST be existing in your environment as `$env:TOKEN` .EXAMPLE -Publish-ModuleToUniversalArtifactFeed -TemplateFilePath 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -vstsOrganizationUri 'https://dev.azure.com/fabrikam' -VstsProject 'IaC' -VstsFeedName 'Artifacts' +Publish-ModuleToUniversalArtifactFeed -TemplateFilePath 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' -ModuleVersion '3.0.0-alpha' -vstsOrganizationUri 'https://dev.azure.com/fabrikam' -VstsProject 'IaC' -VstsFeedName 'Artifacts' Try to publish the KeyVault module with version 3.0.0-alpha to a Universal Package Feed called 'Artifacts' under the project 'IaC'. #> @@ -102,9 +102,9 @@ function Publish-ModuleToUniversalArtifactFeed { ################################# # Universal package names => lowercase alphanumerics, dashes, dots or underscores, under 256 characters. - # 'C:\arm\Microsoft.KeyVault\vaults\deploy.bicep' => 'microsoft.keyvault.vaults' + # 'C:\modules\Microsoft.KeyVault\vaults\deploy.bicep' => 'microsoft.keyvault.vaults' $ModuleFolderPath = Split-Path $TemplateFilePath -Parent - $universalPackageModuleName = $ModuleFolderPath.Replace('\', '/').Split('/arm/')[1] + $universalPackageModuleName = $ModuleFolderPath.Replace('\', '/').Split('/modules/')[1] $universalPackageModuleName = ($universalPackageModuleName.Replace('\', '.').Replace('/', '.').toLower() -Replace '[^a-z0-9\.\-_]')[0..255] -join '' Write-Verbose "The universal package name is [$universalPackageModuleName]" -Verbose diff --git a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 index c826ed26d9..af78109452 100644 --- a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 @@ -18,9 +18,9 @@ Optional. The name of the resource group the deployment was happening in. Releva Optional. The ID of the management group to fetch deployments from. Relevant for management-group level deployments. .EXAMPLE -Initialize-DeploymentRemoval -DeploymentName 'virtualWans-20211204T1812029146Z' -TemplateFilePath "$home/ResourceModules/arm/Microsoft.Network/virtualWans/deploy.bicep" -resourceGroupName 'test-virtualWan-parameters.json-rg' +Initialize-DeploymentRemoval -DeploymentName 'virtualWans-20211204T1812029146Z' -TemplateFilePath "$home/ResourceModules/modules/Microsoft.Network/virtualWans/deploy.bicep" -resourceGroupName 'test-virtualWan-parameters.json-rg' -Remove the deployment 'virtualWans-20211204T1812029146Z' from resource group 'test-virtualWan-parameters.json-rg' that was executed using template in path "$home/ResourceModules/arm/Microsoft.Network/virtualWans/deploy.bicep" +Remove the deployment 'virtualWans-20211204T1812029146Z' from resource group 'test-virtualWan-parameters.json-rg' that was executed using template in path "$home/ResourceModules/modules/Microsoft.Network/virtualWans/deploy.bicep" #> function Initialize-DeploymentRemoval { diff --git a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 index bb5cef5dd6..b13d619e7b 100644 --- a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 +++ b/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 @@ -10,7 +10,7 @@ The relative path is returned instead of the full one to make paths easier to re Mandatory. The module path to search in. .EXAMPLE -Get-ModuleParameterFiles -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' +Get-ModuleParameterFiles -ModulePath 'C:\ResourceModules\modules\Microsoft.Compute\virtualMachines' Returns the relative file paths of all parameter files of the virtual machines module. #> diff --git a/utilities/tools/ConvertTo-ARMTemplate.ps1 b/utilities/tools/ConvertTo-ARMTemplate.ps1 index ed3150bef3..90fe651023 100644 --- a/utilities/tools/ConvertTo-ARMTemplate.ps1 +++ b/utilities/tools/ConvertTo-ARMTemplate.ps1 @@ -56,20 +56,20 @@ param ( ) $rootPath = Get-Item -Path $Path | Select-Object -ExpandProperty 'FullName' -$armFolderPath = Join-Path -Path $rootPath -ChildPath 'arm' +$modulesFolderPath = Join-Path -Path $rootPath -ChildPath 'modules' if ($ConvertChildren) { - $BicepFilesToConvert = Get-ChildItem -Path $armFolderPath -Filter 'deploy.bicep' -Recurse -Force + $BicepFilesToConvert = Get-ChildItem -Path $modulesFolderPath -Filter 'deploy.bicep' -Recurse -Force } else { - $BicepFilesToConvert = Get-ChildItem -Path $armFolderPath -Filter 'deploy.bicep' -Recurse -Force -Depth 2 + $BicepFilesToConvert = Get-ChildItem -Path $modulesFolderPath -Filter 'deploy.bicep' -Recurse -Force -Depth 2 } #region Remove existing deploy.json files Write-Verbose 'Remove existing deploy.json files' -if (Test-Path -Path (Join-Path -Path $armFolderPath -ChildPath 'deploy.bicep')) { - $JsonFilesToRemove = Get-ChildItem -Path $armFolderPath -Filter 'deploy.json' -Recurse -Force -File +if (Test-Path -Path (Join-Path -Path $modulesFolderPath -ChildPath 'deploy.bicep')) { + $JsonFilesToRemove = Get-ChildItem -Path $modulesFolderPath -Filter 'deploy.json' -Recurse -Force -File Write-Verbose "Remove existing deploy.json files - Remove [$($JsonFilesToRemove.count)] file(s)" - if ($PSCmdlet.ShouldProcess("[$($JsonFilesToRemove.count)] deploy.json files(s) in path [$armFolderPath]", 'Remove-Item')) { + if ($PSCmdlet.ShouldProcess("[$($JsonFilesToRemove.count)] deploy.json files(s) in path [$modulesFolderPath]", 'Remove-Item')) { $JsonFilesToRemove | Remove-Item -Force } Write-Verbose 'Remove existing deploy.json files - Done' @@ -81,7 +81,7 @@ if (Test-Path -Path (Join-Path -Path $armFolderPath -ChildPath 'deploy.bicep')) Write-Verbose 'Convert bicep files to json' Write-Verbose "Convert bicep files to json - Processing [$($BicepFilesToConvert.count)] file(s)" -if ($PSCmdlet.ShouldProcess("[$($BicepFilesToConvert.count)] deploy.bicep file(s) in path [$armFolderPath]", 'az bicep build')) { +if ($PSCmdlet.ShouldProcess("[$($BicepFilesToConvert.count)] deploy.bicep file(s) in path [$modulesFolderPath]", 'az bicep build')) { # parallelism is not supported on GitHub runners #$BicepFilesToConvert | ForEach-Object -ThrottleLimit $env:NUMBER_OF_PROCESSORS -Parallel { $BicepFilesToConvert | ForEach-Object { @@ -97,7 +97,7 @@ if (-not $SkipMetadataCleanup) { Write-Verbose 'Remove Bicep metadata from json' Write-Verbose "Remove Bicep metadata from json - Processing [$($BicepFilesToConvert.count)] file(s)" - if ($PSCmdlet.ShouldProcess("[$($BicepFilesToConvert.count)] deploy.bicep file(s) in path [$armFolderPath]", 'Set-Content')) { + if ($PSCmdlet.ShouldProcess("[$($BicepFilesToConvert.count)] deploy.bicep file(s) in path [$modulesFolderPath]", 'Set-Content')) { # parallelism is not supported on GitHub runners #$BicepFilesToConvert | ForEach-Object -ThrottleLimit $env:NUMBER_OF_PROCESSORS -Parallel { $BicepFilesToConvert | ForEach-Object { @@ -153,15 +153,15 @@ if (-not $SkipMetadataCleanup) { if (-not $SkipBicepCleanUp) { Write-Verbose 'Remove bicep files and folders' - $dotBicepFoldersToRemove = Get-ChildItem -Path $armFolderPath -Filter '.bicep' -Recurse -Force -Directory + $dotBicepFoldersToRemove = Get-ChildItem -Path $modulesFolderPath -Filter '.bicep' -Recurse -Force -Directory Write-Verbose "Remove bicep files and folders - Remove [$($dotBicepFoldersToRemove.count)] .bicep folder(s)" - if ($PSCmdlet.ShouldProcess("[$($dotBicepFoldersToRemove.count)] .bicep folder(s) in path [$armFolderPath]", 'Remove-Item')) { + if ($PSCmdlet.ShouldProcess("[$($dotBicepFoldersToRemove.count)] .bicep folder(s) in path [$modulesFolderPath]", 'Remove-Item')) { $dotBicepFoldersToRemove | Remove-Item -Recurse -Force } - $BicepFilesToRemove = Get-ChildItem -Path $armFolderPath -Filter '*.bicep' -Recurse -Force -File + $BicepFilesToRemove = Get-ChildItem -Path $modulesFolderPath -Filter '*.bicep' -Recurse -Force -File Write-Verbose "Remove bicep files and folders - Remove [$($BicepFilesToRemove.count)] *.bicep file(s)" - if ($PSCmdlet.ShouldProcess("[$($BicepFilesToRemove.count)] *.bicep file(s) in path [$armFolderPath]", 'Remove-Item')) { + if ($PSCmdlet.ShouldProcess("[$($BicepFilesToRemove.count)] *.bicep file(s) in path [$modulesFolderPath]", 'Remove-Item')) { $BicepFilesToRemove | Remove-Item -Force } diff --git a/utilities/tools/Get-LinkedLocalModuleList.ps1 b/utilities/tools/Get-LinkedLocalModuleList.ps1 index 347997b8e9..23d23d798c 100644 --- a/utilities/tools/Get-LinkedLocalModuleList.ps1 +++ b/utilities/tools/Get-LinkedLocalModuleList.ps1 @@ -6,14 +6,14 @@ Print a list of all local references for the modules in a given path The result will be a list of all modules in the given path alongside their individual references to other modules in the folder structure .PARAMETER path -Optional. The path to search in. Defaults to the 'arm' folder +Optional. The path to search in. Defaults to the 'modules' folder .EXAMPLE Get-LinkedLocalModuleList Invoke the function with the default path. Prints a list such as: -> The modules in path [C:\dev\ip\Azure-ResourceModules\ResourceModules\arm] have the following local folder dependencies: +> The modules in path [C:\dev\ip\Azure-ResourceModules\ResourceModules\modules] have the following local folder dependencies: > > Resource: Microsoft.EventGrid/topics > - Microsoft.EventGrid/Microsoft.Network/privateEndpoints @@ -26,7 +26,7 @@ Get-LinkedLocalModuleList -Path './Microsoft.Sql' Get only the references of the modules in folder path './Microsoft.Sql' -> The modules in path [..\..\arm\Microsoft.Sql\] have the following local folder dependencies: +> The modules in path [..\..\modules\Microsoft.Sql\] have the following local folder dependencies: > > Resource: Microsoft.Sql/servers > - Microsoft.Sql/Microsoft.Network/privateEndpoints @@ -36,7 +36,7 @@ function Get-LinkedLocalModuleList { [CmdletBinding()] param ( [Parameter()] - [string] $path = (Join-Path (Split-Path (Split-Path $PSScriptRoot -Parent) -Parent) 'arm') + [string] $path = (Join-Path (Split-Path (Split-Path $PSScriptRoot -Parent) -Parent) 'modules') ) # Load used functions diff --git a/utilities/tools/Get-LinkedModuleList.ps1 b/utilities/tools/Get-LinkedModuleList.ps1 index 2d6a8608e1..221924185e 100644 --- a/utilities/tools/Get-LinkedModuleList.ps1 +++ b/utilities/tools/Get-LinkedModuleList.ps1 @@ -9,7 +9,7 @@ As an output you will receive a hashtable that (for each provider namespace) lis - Linked remote module tempaltes (e.g. via "module rg 'br/modules:(..):(..)'") .PARAMETER path -Optional. The path to search in. Defaults to the 'arm' folder +Optional. The path to search in. Defaults to the 'modules' folder .EXAMPLE Get-LinkedModuleList @@ -40,7 +40,7 @@ function Get-LinkedModuleList { [CmdletBinding()] param ( [Parameter()] - [string] $path = (Join-Path (Split-Path (Split-Path $PSScriptRoot -Parent) -Parent) 'arm') + [string] $path = (Join-Path (Split-Path (Split-Path $PSScriptRoot -Parent) -Parent) 'modules') ) $resultSet = @{} diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index e169bd984a..96bfe0e955 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -350,7 +350,7 @@ function Set-DeploymentExamplesSection { $SectionContent = [System.Collections.ArrayList]@() $moduleRoot = Split-Path $TemplateFilePath -Parent - $resourceTypeIdentifier = $moduleRoot.Split('arm')[1].Replace('\', '/').TrimStart('/') + $resourceTypeIdentifier = $moduleRoot.Split('modules')[1].Replace('\', '/').TrimStart('/') $parameterFiles = Get-ChildItem (Join-Path $moduleRoot '.parameters') -Filter '*parameters.json' -Recurse $index = 1 @@ -639,7 +639,7 @@ function Set-ModuleReadMe { throw "Failed to compile [$TemplateFilePath]" } - $fullResourcePath = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/arm/')[1] + $fullResourcePath = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/modules/')[1] # Check readme if (-not (Test-Path $ReadMeFilePath) -or ([String]::IsNullOrEmpty((Get-Content $ReadMeFilePath -Raw)))) { @@ -674,7 +674,7 @@ function Set-ModuleReadMe { } # Update title - if ($TemplateFilePath.Replace('\', '/') -like '*/arm/*') { + if ($TemplateFilePath.Replace('\', '/') -like '*/modules/*') { if ($readMeFileContent[0] -notlike "*``[$fullResourcePath]``") { # Cut outdated diff --git a/utilities/tools/Set-ReadMeModuleTable.ps1 b/utilities/tools/Set-ReadMeModuleTable.ps1 index 9ebb1235ea..937d1e4605 100644 --- a/utilities/tools/Set-ReadMeModuleTable.ps1 +++ b/utilities/tools/Set-ReadMeModuleTable.ps1 @@ -25,7 +25,7 @@ Mandatory. The set of columns to add to the table in the order you expect them i Available are 'Name', 'ProviderNamespace', 'ResourceType', 'TemplateType', 'Deploy' & 'Status' .EXAMPLE -Set-ReadMeModuleTable -FilePath 'C:\readme.md' -ModulesPath 'C:\arm' -RepositoryName 'ResourceModules' -Organization 'Azure' -ColumnsInOrder @('Name','Status') +Set-ReadMeModuleTable -FilePath 'C:\readme.md' -ModulesPath 'C:\modules' -RepositoryName 'ResourceModules' -Organization 'Azure' -ColumnsInOrder @('Name','Status') Update the defined table section in the 'readme.md' file with a table that has the columns 'Name' & 'Status' #> diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index dced7d66d2..081762ab77 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -166,7 +166,7 @@ function Test-ModuleLocally { Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'arm/.global/global.module.tests.ps1') -Data @{ + Container = New-PesterContainer -Path (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'modules/.global/global.module.tests.ps1') -Data @{ moduleFolderPaths = Split-Path $TemplateFilePath -Parent enforcedTokenList = $enforcedTokenList } diff --git a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 index 5ac8682b7a..fb41024aaf 100644 --- a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 +++ b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 @@ -340,10 +340,10 @@ function Get-ResolvedSubServiceRow { 'Name' { switch ($Environment) { 'ADO' { - $row['Name'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/arm/{4})' -f (Get-ResourceModuleName -path $subfolder), $Organization, $ProjectName, $RepositoryName, $relativePath.Replace('\', '/')) + $row['Name'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/modules/{4})' -f (Get-ResourceModuleName -path $subfolder), $Organization, $ProjectName, $RepositoryName, $relativePath.Replace('\', '/')) } 'GitHub' { - $row['Name'] = ('[{0}](https://github.com/{1}/{2}/tree/main/arm/{3})' -f (Get-ResourceModuleName -path $subfolder), $Organization, $RepositoryName, $relativePath.Replace('\', '/')) + $row['Name'] = ('[{0}](https://github.com/{1}/{2}/tree/main/modules/{3})' -f (Get-ResourceModuleName -path $subfolder), $Organization, $RepositoryName, $relativePath.Replace('\', '/')) } } @@ -365,10 +365,10 @@ function Get-ResolvedSubServiceRow { 'ResourceType' { switch ($Environment) { 'ADO' { - $row['ResourceType'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/arm/{4})' -f $subName, $Organization, $ProjectName, $RepositoryName, $relativePath.Replace('\', '/')) + $row['ResourceType'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/modules/{4})' -f $subName, $Organization, $ProjectName, $RepositoryName, $relativePath.Replace('\', '/')) } 'GitHub' { - $row['ResourceType'] = ('[{0}](https://github.com/{1}/{2}/tree/main/arm/{3})' -f $subName, $Organization, $RepositoryName, $relativePath.Replace('\', '/')) + $row['ResourceType'] = ('[{0}](https://github.com/{1}/{2}/tree/main/modules/{3})' -f $subName, $Organization, $RepositoryName, $relativePath.Replace('\', '/')) } } @@ -451,7 +451,7 @@ Get-ModulesAsMarkdownTable -path 'C:\dev\Modules' -ColumnsInOrder @('Resource Ty Generate a markdown table for all modules in path 'C:\dev\Modules' with only the 'Resource Type' & 'Name' columns, , sorted by 'Name' .EXAMPLE -Get-ModulesAsMarkdownTable -path 'C:\dev\ip\Azure-Modules\ResourceModules\arm' -RepositoryName 'ResourceModules' -Organization 'Azure' -ColumnsInOrder @('Name','TemplateType','Status','Deploy') +Get-ModulesAsMarkdownTable -path 'C:\dev\ip\Azure-Modules\ResourceModules\modules' -RepositoryName 'ResourceModules' -Organization 'Azure' -ColumnsInOrder @('Name','TemplateType','Status','Deploy') Generate a markdown table for all modules in path 'C:\dev\Modules' with only the 'Name','TemplateType','Status' &'Deploy' columns, sorted by 'Name' #> @@ -544,10 +544,10 @@ function Get-ModulesAsMarkdownTable { 'Name' { switch ($Environment) { 'ADO' { - $row['Name'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/arm/{4})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $ProjectName, $RepositoryName, $concatedBase.Replace('\', '/')) + $row['Name'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/modules/{4})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $ProjectName, $RepositoryName, $concatedBase.Replace('\', '/')) } 'GitHub' { - $row['Name'] = ('[{0}](https://github.com/{1}/{2}/tree/main/arm/{3})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $RepositoryName, $concatedBase.Replace('\', '/')) + $row['Name'] = ('[{0}](https://github.com/{1}/{2}/tree/main/modules/{3})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $RepositoryName, $concatedBase.Replace('\', '/')) } } } @@ -568,10 +568,10 @@ function Get-ModulesAsMarkdownTable { 'ResourceType' { switch ($Environment) { 'ADO' { - $row['ResourceType'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/arm/{4})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $ProjectName, $RepositoryName, $concatedBase.Replace('\', '/')) + $row['ResourceType'] = ('[{0}](https://dev.azure.com/{1}/{2}/_git/{3}?path=/modules/{4})' -f (Get-ResourceModuleName -path $containedFolder), $Organization, $ProjectName, $RepositoryName, $concatedBase.Replace('\', '/')) } 'GitHub' { - $row['ResourceType'] += ('[{0}](https://github.com/{1}/{2}/tree/main/arm/{3})' -f $containedFolderName, $Organization, $RepositoryName, $concatedBase.Replace('\', '/')) + $row['ResourceType'] += ('[{0}](https://github.com/{1}/{2}/tree/main/modules/{3})' -f $containedFolderName, $Organization, $RepositoryName, $concatedBase.Replace('\', '/')) } } diff --git a/utilities/tools/tests/ConvertTo-ARMTemplate.Tests.ps1 b/utilities/tools/tests/ConvertTo-ARMTemplate.Tests.ps1 index 422bba1b51..8a544ed4d0 100644 --- a/utilities/tools/tests/ConvertTo-ARMTemplate.Tests.ps1 +++ b/utilities/tools/tests/ConvertTo-ARMTemplate.Tests.ps1 @@ -7,14 +7,14 @@ param () BeforeAll { # Define paths $rootPath = (Get-Item $PSScriptRoot).Parent.Parent.Parent.FullName - $armFolderPath = Join-Path $rootPath 'arm' + $modulesFolderPath = Join-Path $rootPath 'modules' $toolsPath = Join-Path $rootPath 'utilities' 'tools' # Collect original files - $bicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.Name -like '*.bicep' }).Count - $nestedBicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.Name -like 'nested_*bicep' }).Count - $deployBicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.Name -match 'deploy.bicep' }).Count - $deployParentBicepFilesCount = (Get-ChildItem -Recurse $armFolderPath -Depth 2 | Where-Object { $_.Name -match 'deploy.bicep' }).Count + $bicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.Name -like '*.bicep' }).Count + $nestedBicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.Name -like 'nested_*bicep' }).Count + $deployBicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.Name -match 'deploy.bicep' }).Count + $deployParentBicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath -Depth 2 | Where-Object { $_.Name -match 'deploy.bicep' }).Count # GitHub Workflows $moduleWorkflowFiles = Get-ChildItem -Path (Join-Path $rootPath '.github' 'workflows') -Filter 'ms.*.yml' -File @@ -48,17 +48,17 @@ Describe 'Test default behavior' -Tag 'Default' { } It 'All top-level deploy.bicep files are converted to deploy.json' { - $deployJsonFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count + $deployJsonFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count $deployJsonFilesCount | Should -Be $deployParentBicepFilesCount } It 'All bicep files are removed' { - $bicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count + $bicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count $bicepFilesCount | Should -Be 0 } It 'All json files have metadata removed' { - $deployJsonFiles = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) + $deployJsonFiles = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) $metadataFound = $false foreach ($deployJsonFile in $deployJsonFiles) { @@ -109,17 +109,17 @@ Describe 'Test flag to including children' -Tag 'ConvertChildren' { } It 'All deploy.bicep files are converted to deploy.json' { - $deployJsonFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count + $deployJsonFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count $deployJsonFilesCount | Should -Be $deployBicepFilesCount } It 'All bicep files are removed' { - $bicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count + $bicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count $bicepFilesCount | Should -Be 0 } It 'All json files have metadata removed' { - $deployJsonFiles = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) + $deployJsonFiles = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) $metadataFound = $false foreach ($deployJsonFile in $deployJsonFiles) { @@ -170,17 +170,17 @@ Describe 'Test flags that skip logic' -Tag 'Skip' { } It 'All deploy.bicep files are converted to deploy.json' { - $deployJsonFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count + $deployJsonFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }).Count $deployJsonFilesCount | Should -Be $deployParentBicepFilesCount } It 'All bicep files are still there' { - $bicepFilesCount = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count + $bicepFilesCount = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match '.*.bicep' }).Count $bicepFilesCount | Should -Be $bicepFilesCount } It 'All json files still have metadata' { - $deployJsonFiles = (Get-ChildItem -Recurse $armFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) + $deployJsonFiles = (Get-ChildItem -Recurse $modulesFolderPath | Where-Object { $_.FullName -match 'deploy.json' }) $metadataFound = $false foreach ($deployJsonFile in $deployJsonFiles) { From 27e87c1e30215511f66cf141c34507edd0002e00 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 20:01:29 +0200 Subject: [PATCH 02/42] Updated readme --- modules/Microsoft.OperationalInsights/workspaces/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.OperationalInsights/workspaces/readme.md b/modules/Microsoft.OperationalInsights/workspaces/readme.md index a59a80f2c1..7ab03028f1 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/readme.md +++ b/modules/Microsoft.OperationalInsights/workspaces/readme.md @@ -15,7 +15,7 @@ This template deploys a log analytics workspace. | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/diagnosticSettings) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.OperationalInsights/workspaces` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) | | `Microsoft.OperationalInsights/workspaces/dataSources` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) | | `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | From 60ec109118a3fd9eb682103dcccb6d52df24f19d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 20:04:14 +0200 Subject: [PATCH 03/42] Updated readme --- modules/Microsoft.Web/serverfarms/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Web/serverfarms/readme.md b/modules/Microsoft.Web/serverfarms/readme.md index f67d7dc3c0..72d0297048 100644 --- a/modules/Microsoft.Web/serverfarms/readme.md +++ b/modules/Microsoft.Web/serverfarms/readme.md @@ -260,8 +260,8 @@ tags: {

via Bicep module ```bicep -module serverf './Microsoft.Web/serverf/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-serverf' +module serverfarms './Microsoft.Web/serverfarms/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-serverfarms' params: { name: '<>-az-asp-x-001' lock: 'CanNotDelete' From 3c60701f7d68b8c0c65f79b238f2c9b66d55d5e8 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 20:11:58 +0200 Subject: [PATCH 04/42] Minor update --- .../automationAccounts/modules/deploy.bicep | 2 +- .../Microsoft.Automation/automationAccounts/modules/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep index 2927c87e94..4e9ce28d86 100644 --- a/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Conditional. The name of the parent Automation Account. Required if the template is used in a standalone deployment.') param automationAccountName string -@description('Required. Module package uri, e.g. https://www.powershellgallery.com/api/v2/package.') +@description('Required. Module package URI, e.g. https://www.powershellgallery.com/api/v2/package.') param uri string @description('Optional. Module version or specify latest to get the latest version.') diff --git a/modules/Microsoft.Automation/automationAccounts/modules/readme.md b/modules/Microsoft.Automation/automationAccounts/modules/readme.md index c593272a90..9eb4ee8a5c 100644 --- a/modules/Microsoft.Automation/automationAccounts/modules/readme.md +++ b/modules/Microsoft.Automation/automationAccounts/modules/readme.md @@ -20,7 +20,7 @@ This module deploys an Azure Automation Account Module. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `name` | string | Name of the Automation Account module. | -| `uri` | string | Module package uri, e.g. https://www.powershellgallery.com/api/v2/package. | +| `uri` | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | **Conditional parameters** | Parameter Name | Type | Description | From cd82aacfebd5c436110c6e1b5020f61585014441 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 20:51:48 +0200 Subject: [PATCH 05/42] Added trigger to arm convertion test --- .github/workflows/platform.convertToArmTemplate.tests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/platform.convertToArmTemplate.tests.yml b/.github/workflows/platform.convertToArmTemplate.tests.yml index abbce2b938..a17478ce75 100644 --- a/.github/workflows/platform.convertToArmTemplate.tests.yml +++ b/.github/workflows/platform.convertToArmTemplate.tests.yml @@ -1,6 +1,7 @@ name: '.Platform: Test - ConvertTo-ARMTemplate.ps1' on: + workflow_dispatch: push: branches: - main From 1bcc7ed55f9d0f23dea85374714992e3ad24c003 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 21:49:23 +0200 Subject: [PATCH 06/42] Adjusted pester --- modules/.global/global.module.tests.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/.global/global.module.tests.ps1 b/modules/.global/global.module.tests.ps1 index 3233d33690..389efe3eb4 100644 --- a/modules/.global/global.module.tests.ps1 +++ b/modules/.global/global.module.tests.ps1 @@ -156,7 +156,7 @@ Describe 'Readme tests' -Tag Readme { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -471,7 +471,7 @@ Describe 'Deployment template tests' -Tag Template { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -963,7 +963,7 @@ Describe "API version tests [All apiVersions in the template should be 'recent'] $moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Split('modules')[1].Replace('\', '/').Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' From 9832be2a8b5e9ad3c9bb12754d9a510799ff2562 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 22:08:27 +0200 Subject: [PATCH 07/42] Fixed in readme function --- utilities/tools/Set-ModuleReadMe.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index e06c53c970..cb564db51a 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -350,7 +350,7 @@ function Set-DeploymentExamplesSection { $SectionContent = [System.Collections.ArrayList]@() $moduleRoot = Split-Path $TemplateFilePath -Parent - $resourceTypeIdentifier = $moduleRoot.Split('modules')[1].Replace('\', '/').TrimStart('/') + $resourceTypeIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') $parameterFiles = Get-ChildItem (Join-Path $moduleRoot '.parameters') -Filter '*parameters.json' -Recurse $index = 1 From c5e44572716d71ec9c3b88fb79c6ba1db010e0a1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 26 Jun 2022 22:15:58 +0200 Subject: [PATCH 08/42] Re-added deleted template --- .../.bicep/nested_roleAssignments.bicep | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep new file mode 100644 index 0000000000..02cd494ea4 --- /dev/null +++ b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep @@ -0,0 +1,43 @@ +@sys.description('Required. The IDs of the principals to assign the role to.') +param principalIds array + +@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') +param roleDefinitionIdOrName string + +@sys.description('Required. The resource ID of the resource to apply the role assignment to.') +param resourceId string + +@sys.description('Optional. The principal type of the assigned principal ID.') +@allowed([ + 'ServicePrincipal' + 'Group' + 'User' + 'ForeignGroup' + 'Device' + '' +]) +param principalType string = '' + +@sys.description('Optional. The description of the role assignment.') +param description string = '' + +var builtInRoleNames = { + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') +} + +resource backupVault 'Microsoft.DataProtection/backupVaults@2022-03-01' existing = { + name: last(split(resourceId, '/')) +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { + name: guid(backupVault.id, principalId, roleDefinitionIdOrName) + properties: { + description: description + roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName + principalId: principalId + principalType: !empty(principalType) ? any(principalType) : null + } + scope: backupVault +}] From 69cad602ace52f03eb60b552e42da96ab5d25a6c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 10:05:10 +0200 Subject: [PATCH 09/42] Fixed pipeline reference --- .azuredevops/modulePipelines/ms.network.firewallpolicies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index d0628548a1..251c1eaa44 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -36,7 +36,7 @@ stages: - stage: Validation displayName: Static validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml - stage: Deployment displayName: Deployment validation From 436f8bbb6162d8c630ea3804d06c57fd5fad99fa Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 10:05:43 +0200 Subject: [PATCH 10/42] Fixed pipeline reference --- .azuredevops/modulePipelines/ms.network.firewallpolicies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index 251c1eaa44..4fb1a0f264 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -41,7 +41,7 @@ stages: - stage: Deployment displayName: Deployment validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: From fda28c21884ebf4bbad1e7ae8b222b2bc14214ab Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 10:12:20 +0200 Subject: [PATCH 11/42] Fixed pipeline title --- .azuredevops/modulePipelines/ms.network.virtualhubs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml index ff44ffc9cb..91fc5e736f 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml @@ -1,4 +1,4 @@ -name: 'Network: VirtualHubs' +name: 'Network - VirtualHubs' parameters: - name: removeDeployment From 80ba15b24cfd236f6fafc6ab45f6a1c91cc95dcc Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 10:39:19 +0200 Subject: [PATCH 12/42] Fixed another typo --- .../ms.kubernetesconfiguration.fluxconfigurations.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml index 75b300c5b6..80d647d747 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -1,4 +1,4 @@ -name: 'KubernetesConfiguration: FluxConfigurations' +name: 'KubernetesConfiguration - FluxConfigurations' parameters: - name: removeDeployment From 7a2135094d8c377e7f8cedc89868015fc5e3f4a1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 10:45:05 +0200 Subject: [PATCH 13/42] Fixed another typo --- .azuredevops/modulePipelines/ms.network.vpngateways.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.network.vpngateways.yml b/.azuredevops/modulePipelines/ms.network.vpngateways.yml index 5375efbf13..18743ce83b 100644 --- a/.azuredevops/modulePipelines/ms.network.vpngateways.yml +++ b/.azuredevops/modulePipelines/ms.network.vpngateways.yml @@ -1,4 +1,4 @@ -name: 'Network: VPNGateways' +name: 'Network - VPNGateways' parameters: - name: removeDeployment From 908a8ab2c1d5863de81429de068ae49aa02a93ff Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 11:05:14 +0200 Subject: [PATCH 14/42] Fixed casing --- .azuredevops/modulePipelines/ms.network.firewallpolicies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index 4fb1a0f264..4e64acd136 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -21,7 +21,7 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/firewallpolicies/*' + - '/modules/Microsoft.Network/firewallPolicies/*' - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/firewallpolicies' + value: '/modules/Microsoft.Network/firewallPolicies' stages: - stage: Validation From b7cee57c162f91f62916d35c445633af1e5a5d0c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 11:14:14 +0200 Subject: [PATCH 15/42] Fixed service fabric pipeline reference --- .azuredevops/modulePipelines/ms.servicefabric.clusters.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml index 45f197e830..60b8563841 100644 --- a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml +++ b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml @@ -36,12 +36,12 @@ stages: - stage: Validation displayName: Static validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml - stage: Deployment displayName: Deployment validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: From a2571f096bc71864f90521b438336dd5fc8dd7c5 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 11:50:56 +0200 Subject: [PATCH 16/42] First batch of changes --- .../modulePipelines/ms.aad.domainservices.yml | 2 +- .../modulePipelines/ms.analysisservices.servers.yml | 6 +++--- .../modulePipelines/ms.apimanagement.service.yml | 6 +++--- .../ms.appconfiguration.configurationstores.yml | 4 ++-- .../modulePipelines/ms.authorization.locks.yml | 2 +- .../ms.authorization.policyassignments.yml | 12 ++++++------ .../ms.authorization.policydefinitions.yml | 8 ++++---- .../ms.authorization.policyexemptions.yml | 12 ++++++------ .../ms.authorization.policysetdefinitions.yml | 8 ++++---- .../ms.authorization.roleassignments.yml | 12 ++++++------ .../ms.authorization.roledefinitions.yml | 12 ++++++------ .../ms.automation.automationaccounts.yml | 6 +++--- .../modulePipelines/ms.batch.batchaccounts.yml | 4 ++-- .../ms.cognitiveservices.accounts.yml | 8 ++++---- .../modulePipelines/ms.compute.availabilitysets.yml | 2 +- .../ms.compute.diskencryptionsets.yml | 2 +- .azuredevops/modulePipelines/ms.compute.disks.yml | 8 ++++---- .../modulePipelines/ms.compute.galleries.yml | 8 ++++---- .azuredevops/modulePipelines/ms.compute.images.yml | 2 +- .../ms.compute.proximityplacementgroups.yml | 2 +- .../modulePipelines/ms.compute.virtualmachines.yml | 12 ++++++------ .../ms.compute.virtualmachinescalesets.yml | 8 ++++---- .../modulePipelines/ms.consumption.budgets.yml | 2 +- .../ms.containerinstance.containergroups.yml | 2 +- .../ms.containerregistry.registries.yml | 6 +++--- .../ms.containerservice.managedclusters.yml | 4 ++-- .../modulePipelines/ms.databricks.workspaces.yml | 2 +- .../modulePipelines/ms.datafactory.factories.yml | 2 +- .../ms.dataprotection.backupvaults.yml | 4 ++-- .../ms.desktopvirtualization.applicationgroups.yml | 4 ++-- .../ms.desktopvirtualization.hostpools.yml | 2 +- .../ms.desktopvirtualization.scalingplans.yml | 2 +- .../ms.desktopvirtualization.workspaces.yml | 2 +- .../ms.documentdb.databaseaccounts.yml | 6 +++--- .../modulePipelines/ms.eventgrid.systemtopics.yml | 4 ++-- .azuredevops/modulePipelines/ms.eventgrid.topics.yml | 2 +- .../modulePipelines/ms.eventhub.namespaces.yml | 4 ++-- .../modulePipelines/ms.healthbot.healthbots.yml | 2 +- .../modulePipelines/ms.insights.actiongroups.yml | 2 +- .../ms.insights.activitylogalerts.yml | 2 +- .../modulePipelines/ms.insights.components.yml | 2 +- .../ms.insights.diagnosticsettings.yml | 2 +- .../modulePipelines/ms.insights.metricalerts.yml | 2 +- .../ms.insights.privatelinkscopes.yml | 2 +- .../ms.insights.scheduledqueryrules.yml | 2 +- .azuredevops/modulePipelines/ms.keyvault.vaults.yml | 4 ++-- .../ms.kubernetesconfiguration.extensions.yml | 4 ++-- ...ms.kubernetesconfiguration.fluxconfigurations.yml | 4 ++-- .azuredevops/modulePipelines/ms.logic.workflows.yml | 2 +- .../ms.machinelearningservices.workspaces.yml | 4 ++-- .../ms.managedidentity.userassignedidentities.yml | 2 +- .../ms.managedservices.registrationdefinitions.yml | 4 ++-- .../ms.management.managementgroups.yml | 2 +- .../modulePipelines/ms.netapp.netappaccounts.yml | 6 +++--- .../ms.network.applicationgateways.yml | 2 +- .../ms.network.applicationsecuritygroups.yml | 2 +- .../modulePipelines/ms.network.azurefirewalls.yml | 2 +- .../modulePipelines/ms.network.bastionhosts.yml | 4 ++-- .../modulePipelines/ms.network.connections.yml | 2 +- .../ms.network.ddosprotectionplans.yml | 2 +- .../ms.network.expressroutecircuits.yml | 2 +- .../modulePipelines/ms.network.firewallpolicies.yml | 2 +- .../modulePipelines/ms.network.frontdoors.yml | 2 +- .azuredevops/modulePipelines/ms.network.ipgroups.yml | 2 +- .../modulePipelines/ms.network.loadbalancers.yml | 6 +++--- .../ms.network.localnetworkgateways.yml | 2 +- .../modulePipelines/ms.network.natgateways.yml | 2 +- .../modulePipelines/ms.network.networkinterfaces.yml | 4 ++-- .../ms.network.networksecuritygroups.yml | 4 ++-- .../modulePipelines/ms.network.networkwatchers.yml | 4 ++-- .../modulePipelines/ms.network.privatednszones.yml | 4 ++-- .../modulePipelines/ms.network.privateendpoints.yml | 4 ++-- .../modulePipelines/ms.network.publicipaddresses.yml | 2 +- .../modulePipelines/ms.network.publicipprefixes.yml | 2 +- .../modulePipelines/ms.network.routetables.yml | 2 +- .../ms.network.trafficmanagerprofiles.yml | 2 +- .../modulePipelines/ms.network.virtualhubs.yml | 4 ++-- .../ms.network.virtualnetworkgateways.yml | 4 ++-- .../modulePipelines/ms.network.virtualnetworks.yml | 4 ++-- .../modulePipelines/ms.network.virtualwans.yml | 4 ++-- .../modulePipelines/ms.network.vpngateways.yml | 4 ++-- .azuredevops/modulePipelines/ms.network.vpnsites.yml | 4 ++-- .../ms.operationalinsights.workspaces.yml | 4 ++-- .../ms.operationsmanagement.solutions.yml | 6 +++--- .../modulePipelines/ms.recoveryservices.vaults.yml | 6 +++--- .../ms.resources.deploymentscripts.yml | 4 ++-- .../modulePipelines/ms.resources.resourcegroups.yml | 2 +- .azuredevops/modulePipelines/ms.resources.tags.yml | 6 +++--- .../ms.security.azuresecuritycenter.yml | 2 +- .../modulePipelines/ms.servicebus.namespaces.yml | 4 ++-- .../modulePipelines/ms.servicefabric.clusters.yml | 6 +++--- .../modulePipelines/ms.sql.managedinstances.yml | 2 +- .azuredevops/modulePipelines/ms.sql.servers.yml | 4 ++-- .../modulePipelines/ms.storage.storageaccounts.yml | 10 +++++----- .../modulePipelines/ms.synapse.privatelinkhubs.yml | 4 ++-- .../ms.virtualmachineimages.imagetemplates.yml | 2 +- .azuredevops/modulePipelines/ms.web.connections.yml | 2 +- .../modulePipelines/ms.web.hostingenvironments.yml | 4 ++-- .azuredevops/modulePipelines/ms.web.serverfarms.yml | 2 +- .azuredevops/modulePipelines/ms.web.sites.yml | 8 ++++---- .azuredevops/modulePipelines/ms.web.staticsites.yml | 4 ++-- .../templates/validateModuleDeployment/action.yml | 2 +- .../linux.prefix.parameter.json | 0 .../linux.vmnames.parameter.json | 0 .../parameters.json | 0 .../max.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../max.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../rg.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../rg.min.parameters.json | 0 .../rg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../rg.min.parameters.json | 0 .../rg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../rg.min.parameters.json | 0 .../rg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../mg.min.parameters.json | 0 .../mg.parameters.json | 0 .../rg.min.parameters.json | 0 .../rg.parameters.json | 0 .../sub.min.parameters.json | 0 .../sub.parameters.json | 0 .../encr.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../encr.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../speech.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../image.parameters.json | 0 .../import.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../images.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../linux.min.parameters.json | 0 .../linux.parameters.json | 0 .../windows.min.parameters.json | 0 .../windows.parameters.json | 0 .../linux.autmg.parameters.json | 0 .../linux.min.parameters.json | 0 .../linux.parameters.json | 0 .../windows.autmg.parameters.json | 0 .../windows.min.parameters.json | 0 .../windows.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../encr.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../azure.parameters.json | 0 .../kubenet.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../mongodb.parameters.json | 0 .../plain.parameters.json | 0 .../sqldb.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../rg.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../nfs3.parameters.json | 0 .../nfs41.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../addpip.parameters.json | 0 .../custompip.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../addpip.parameters.json | 0 .../custompip.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../vnet2vnet.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../internal.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../expressRoute.parameters.json | 0 .../vpn.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../vnetPeering.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../ms.parameters.json | 0 .../nonms.parameters.json | 0 .../dr.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../cli.parameters.json | 0 .../ps.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../rg.parameters.json | 0 .../sub.parameters.json | 0 .../parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../cert.parameters.json | 0 .../full.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../admin.parameters.json | 0 .../parameters.json | 0 .../encr.parameters.json | 0 .../min.parameters.json | 0 .../nfs.parameters.json | 0 .../parameters.json | 0 .../v1.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../parameters.json | 0 .../asev2.parameters.json | 0 .../asev3.parameters.json | 0 .../parameters.json | 0 .../fa.min.parameters.json | 0 .../fa.parameters.json | 0 .../wa.min.parameters.json | 0 .../wa.parameters.json | 0 .../min.parameters.json | 0 .../parameters.json | 0 .../resourceDeployment/New-TemplateDeployment.ps1 | 6 +++--- .../resourceDeployment/Test-TemplateDeployment.ps1 | 4 ++-- 316 files changed, 210 insertions(+), 210 deletions(-) rename constructs/Microsoft.Compute/virtualMachinesMultiple/{.parameters => .deploymentTests}/linux.prefix.parameter.json (100%) rename constructs/Microsoft.Compute/virtualMachinesMultiple/{.parameters => .deploymentTests}/linux.vmnames.parameter.json (100%) rename modules/Microsoft.AAD/DomainServices/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.AnalysisServices/servers/{.parameters => .deploymentTests}/max.parameters.json (100%) rename modules/Microsoft.AnalysisServices/servers/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.AnalysisServices/servers/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ApiManagement/service/{.parameters => .deploymentTests}/max.parameters.json (100%) rename modules/Microsoft.ApiManagement/service/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.ApiManagement/service/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.AppConfiguration/configurationStores/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.AppConfiguration/configurationStores/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Authorization/locks/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/rg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyAssignments/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Authorization/policyDefinitions/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyDefinitions/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/policyDefinitions/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyDefinitions/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/rg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/policyExemptions/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Authorization/policySetDefinitions/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/policySetDefinitions/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/policySetDefinitions/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/policySetDefinitions/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/rg.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleAssignments/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/mg.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/mg.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/rg.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/sub.min.parameters.json (100%) rename modules/Microsoft.Authorization/roleDefinitions/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Automation/automationAccounts/{.parameters => .deploymentTests}/encr.parameters.json (100%) rename modules/Microsoft.Automation/automationAccounts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Automation/automationAccounts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Batch/batchAccounts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Batch/batchAccounts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.CognitiveServices/accounts/{.parameters => .deploymentTests}/encr.parameters.json (100%) rename modules/Microsoft.CognitiveServices/accounts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.CognitiveServices/accounts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.CognitiveServices/accounts/{.parameters => .deploymentTests}/speech.parameters.json (100%) rename modules/Microsoft.Compute/availabilitySets/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Compute/availabilitySets/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/diskEncryptionSets/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/disks/{.parameters => .deploymentTests}/image.parameters.json (100%) rename modules/Microsoft.Compute/disks/{.parameters => .deploymentTests}/import.parameters.json (100%) rename modules/Microsoft.Compute/disks/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Compute/disks/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/galleries/{.parameters => .deploymentTests}/images.parameters.json (100%) rename modules/Microsoft.Compute/galleries/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/images/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/proximityPlacementGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Compute/virtualMachineScaleSets/{.parameters => .deploymentTests}/linux.min.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachineScaleSets/{.parameters => .deploymentTests}/linux.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachineScaleSets/{.parameters => .deploymentTests}/windows.min.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachineScaleSets/{.parameters => .deploymentTests}/windows.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/linux.autmg.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/linux.min.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/linux.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/windows.autmg.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/windows.min.parameters.json (100%) rename modules/Microsoft.Compute/virtualMachines/{.parameters => .deploymentTests}/windows.parameters.json (100%) rename modules/Microsoft.Consumption/budgets/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ContainerInstance/containerGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ContainerRegistry/registries/{.parameters => .deploymentTests}/encr.parameters.json (100%) rename modules/Microsoft.ContainerRegistry/registries/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.ContainerRegistry/registries/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ContainerService/managedClusters/{.parameters => .deploymentTests}/azure.parameters.json (100%) rename modules/Microsoft.ContainerService/managedClusters/{.parameters => .deploymentTests}/kubenet.parameters.json (100%) rename modules/Microsoft.DataFactory/factories/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.DataProtection/backupVaults/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.DataProtection/backupVaults/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Databricks/workspaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.DesktopVirtualization/applicationgroups/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.DesktopVirtualization/applicationgroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.DesktopVirtualization/hostpools/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.DesktopVirtualization/scalingplans/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.DesktopVirtualization/workspaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.DocumentDB/databaseAccounts/{.parameters => .deploymentTests}/mongodb.parameters.json (100%) rename modules/Microsoft.DocumentDB/databaseAccounts/{.parameters => .deploymentTests}/plain.parameters.json (100%) rename modules/Microsoft.DocumentDB/databaseAccounts/{.parameters => .deploymentTests}/sqldb.parameters.json (100%) rename modules/Microsoft.EventGrid/systemTopics/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.EventGrid/systemTopics/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.EventGrid/topics/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.EventHub/namespaces/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.EventHub/namespaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.HealthBot/healthBots/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/actionGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/activityLogAlerts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/components/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/diagnosticSettings/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/metricAlerts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/privateLinkScopes/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Insights/scheduledQueryRules/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.KeyVault/vaults/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.KeyVault/vaults/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.KubernetesConfiguration/extensions/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.KubernetesConfiguration/extensions/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.KubernetesConfiguration/fluxConfigurations/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.KubernetesConfiguration/fluxConfigurations/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Logic/workflows/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.MachineLearningServices/workspaces/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.MachineLearningServices/workspaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ManagedIdentity/userAssignedIdentities/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ManagedServices/registrationDefinitions/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ManagedServices/registrationDefinitions/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Management/managementGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.NetApp/netAppAccounts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.NetApp/netAppAccounts/{.parameters => .deploymentTests}/nfs3.parameters.json (100%) rename modules/Microsoft.NetApp/netAppAccounts/{.parameters => .deploymentTests}/nfs41.parameters.json (100%) rename modules/Microsoft.Network/applicationGateways/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/applicationSecurityGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/azureFirewalls/{.parameters => .deploymentTests}/addpip.parameters.json (100%) rename modules/Microsoft.Network/azureFirewalls/{.parameters => .deploymentTests}/custompip.parameters.json (100%) rename modules/Microsoft.Network/azureFirewalls/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/azureFirewalls/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/bastionHosts/{.parameters => .deploymentTests}/addpip.parameters.json (100%) rename modules/Microsoft.Network/bastionHosts/{.parameters => .deploymentTests}/custompip.parameters.json (100%) rename modules/Microsoft.Network/bastionHosts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/bastionHosts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/connections/{.parameters => .deploymentTests}/vnet2vnet.parameters.json (100%) rename modules/Microsoft.Network/ddosProtectionPlans/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/expressRouteCircuits/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/firewallPolicies/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/firewallPolicies/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/frontDoors/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/ipGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/loadBalancers/{.parameters => .deploymentTests}/internal.parameters.json (100%) rename modules/Microsoft.Network/loadBalancers/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/loadBalancers/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/localNetworkGateways/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/natGateways/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/networkInterfaces/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/networkInterfaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/networkSecurityGroups/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/networkSecurityGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/networkWatchers/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/networkWatchers/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/privateDnsZones/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/privateDnsZones/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/privateEndpoints/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/privateEndpoints/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/publicIPAddresses/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/publicIPPrefixes/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/routeTables/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/trafficmanagerprofiles/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/virtualHubs/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/virtualHubs/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/virtualNetworkGateways/{.parameters => .deploymentTests}/expressRoute.parameters.json (100%) rename modules/Microsoft.Network/virtualNetworkGateways/{.parameters => .deploymentTests}/vpn.parameters.json (100%) rename modules/Microsoft.Network/virtualNetworks/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/virtualNetworks/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/virtualNetworks/{.parameters => .deploymentTests}/vnetPeering.parameters.json (100%) rename modules/Microsoft.Network/virtualWans/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/virtualWans/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/vpnGateways/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/vpnGateways/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Network/vpnSites/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Network/vpnSites/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.OperationalInsights/workspaces/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.OperationalInsights/workspaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.OperationsManagement/solutions/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.OperationsManagement/solutions/{.parameters => .deploymentTests}/ms.parameters.json (100%) rename modules/Microsoft.OperationsManagement/solutions/{.parameters => .deploymentTests}/nonms.parameters.json (100%) rename modules/Microsoft.RecoveryServices/vaults/{.parameters => .deploymentTests}/dr.parameters.json (100%) rename modules/Microsoft.RecoveryServices/vaults/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.RecoveryServices/vaults/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Resources/deploymentScripts/{.parameters => .deploymentTests}/cli.parameters.json (100%) rename modules/Microsoft.Resources/deploymentScripts/{.parameters => .deploymentTests}/ps.parameters.json (100%) rename modules/Microsoft.Resources/resourceGroups/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Resources/tags/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Resources/tags/{.parameters => .deploymentTests}/rg.parameters.json (100%) rename modules/Microsoft.Resources/tags/{.parameters => .deploymentTests}/sub.parameters.json (100%) rename modules/Microsoft.Security/azureSecurityCenter/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ServiceBus/namespaces/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.ServiceBus/namespaces/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.ServiceFabric/clusters/{.parameters => .deploymentTests}/cert.parameters.json (100%) rename modules/Microsoft.ServiceFabric/clusters/{.parameters => .deploymentTests}/full.parameters.json (100%) rename modules/Microsoft.ServiceFabric/clusters/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Sql/managedInstances/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Sql/servers/{.parameters => .deploymentTests}/admin.parameters.json (100%) rename modules/Microsoft.Sql/servers/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Storage/storageAccounts/{.parameters => .deploymentTests}/encr.parameters.json (100%) rename modules/Microsoft.Storage/storageAccounts/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Storage/storageAccounts/{.parameters => .deploymentTests}/nfs.parameters.json (100%) rename modules/Microsoft.Storage/storageAccounts/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Storage/storageAccounts/{.parameters => .deploymentTests}/v1.parameters.json (100%) rename modules/Microsoft.Synapse/privateLinkHubs/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Synapse/privateLinkHubs/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.VirtualMachineImages/imageTemplates/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Web/connections/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Web/hostingEnvironments/{.parameters => .deploymentTests}/asev2.parameters.json (100%) rename modules/Microsoft.Web/hostingEnvironments/{.parameters => .deploymentTests}/asev3.parameters.json (100%) rename modules/Microsoft.Web/serverfarms/{.parameters => .deploymentTests}/parameters.json (100%) rename modules/Microsoft.Web/sites/{.parameters => .deploymentTests}/fa.min.parameters.json (100%) rename modules/Microsoft.Web/sites/{.parameters => .deploymentTests}/fa.parameters.json (100%) rename modules/Microsoft.Web/sites/{.parameters => .deploymentTests}/wa.min.parameters.json (100%) rename modules/Microsoft.Web/sites/{.parameters => .deploymentTests}/wa.parameters.json (100%) rename modules/Microsoft.Web/staticSites/{.parameters => .deploymentTests}/min.parameters.json (100%) rename modules/Microsoft.Web/staticSites/{.parameters => .deploymentTests}/parameters.json (100%) diff --git a/.azuredevops/modulePipelines/ms.aad.domainservices.yml b/.azuredevops/modulePipelines/ms.aad.domainservices.yml index 5d5aae952c..c6a5286cb9 100644 --- a/.azuredevops/modulePipelines/ms.aad.domainservices.yml +++ b/.azuredevops/modulePipelines/ms.aad.domainservices.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml index e2352cfa4f..8dcdee1813 100644 --- a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml +++ b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/max.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/max.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.apimanagement.service.yml b/.azuredevops/modulePipelines/ms.apimanagement.service.yml index eb9597d02c..b01fa1f753 100644 --- a/.azuredevops/modulePipelines/ms.apimanagement.service.yml +++ b/.azuredevops/modulePipelines/ms.apimanagement.service.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/max.parameters.json - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.deploymentTests/max.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml index 0feb981ff2..1a05fe60c1 100644 --- a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml +++ b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.locks.yml b/.azuredevops/modulePipelines/ms.authorization.locks.yml index 1422b4a4c6..d82db7ae5d 100644 --- a/.azuredevops/modulePipelines/ms.authorization.locks.yml +++ b/.azuredevops/modulePipelines/ms.authorization.locks.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml index c58331ead5..b3036c35be 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.min.parameters.json + - path: $(modulePath)/.deploymentTests/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml index 93fd0f469f..a70b9ec8c4 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml @@ -45,13 +45,13 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml index 50b00a7f08..2e59710782 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.min.parameters.json + - path: $(modulePath)/.deploymentTests/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml index e4c77a27b4..7b15303495 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml @@ -45,13 +45,13 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml index fb6bba1d74..e62c9db947 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.min.parameters.json + - path: $(modulePath)/.deploymentTests/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml index 3129650057..dd7820dc95 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mg.min.parameters.json + - path: $(modulePath)/.deploymentTests/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/mg.parameters.json + - path: $(modulePath)/.deploymentTests/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.min.parameters.json + - path: $(modulePath)/.deploymentTests/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.min.parameters.json + - path: $(modulePath)/.deploymentTests/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml index f4bc5e919f..1d756263a2 100644 --- a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml +++ b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/encr.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/encr.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml index 4013ce3b44..bd626999f3 100644 --- a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml +++ b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml index f14fc92495..1bb16a4346 100644 --- a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml +++ b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/speech.parameters.json - - path: $(modulePath)/.parameters/encr.parameters.json - - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/speech.parameters.json + - path: $(modulePath)/.deploymentTests/encr.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml index edd9663f84..6e88d0794d 100644 --- a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml +++ b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml index 414b010e09..6b677414cb 100644 --- a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml +++ b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.disks.yml b/.azuredevops/modulePipelines/ms.compute.disks.yml index 0aec061792..571805dddd 100644 --- a/.azuredevops/modulePipelines/ms.compute.disks.yml +++ b/.azuredevops/modulePipelines/ms.compute.disks.yml @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/image.parameters.json - - path: $(modulePath)/.parameters/import.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/image.parameters.json + - path: $(modulePath)/.deploymentTests/import.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.galleries.yml b/.azuredevops/modulePipelines/ms.compute.galleries.yml index a20b15290c..ae2a381844 100644 --- a/.azuredevops/modulePipelines/ms.compute.galleries.yml +++ b/.azuredevops/modulePipelines/ms.compute.galleries.yml @@ -39,8 +39,8 @@ stages: - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml parameters: deploymentBlocks: - - path: $(modulePath)/.parameters/images.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/images.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Deployment displayName: Deployment validation @@ -49,8 +49,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/images.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/images.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.images.yml b/.azuredevops/modulePipelines/ms.compute.images.yml index 6209ee2c2c..c2b70fd6a8 100644 --- a/.azuredevops/modulePipelines/ms.compute.images.yml +++ b/.azuredevops/modulePipelines/ms.compute.images.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml index d1371bccb5..6837787064 100644 --- a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml +++ b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml index 4358c822fc..f4598a4622 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml @@ -45,12 +45,12 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/linux.min.parameters.json - - path: $(modulePath)/.parameters/linux.parameters.json - - path: $(modulePath)/.parameters/linux.autmg.parameters.json - - path: $(modulePath)/.parameters/windows.min.parameters.json - - path: $(modulePath)/.parameters/windows.parameters.json - - path: $(modulePath)/.parameters/windows.autmg.parameters.json + - path: $(modulePath)/.deploymentTests/linux.min.parameters.json + - path: $(modulePath)/.deploymentTests/linux.parameters.json + - path: $(modulePath)/.deploymentTests/linux.autmg.parameters.json + - path: $(modulePath)/.deploymentTests/windows.min.parameters.json + - path: $(modulePath)/.deploymentTests/windows.parameters.json + - path: $(modulePath)/.deploymentTests/windows.autmg.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml index 22028b3495..8a235e6434 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/linux.min.parameters.json - - path: $(modulePath)/.parameters/linux.parameters.json - - path: $(modulePath)/.parameters/windows.min.parameters.json - - path: $(modulePath)/.parameters/windows.parameters.json + - path: $(modulePath)/.deploymentTests/linux.min.parameters.json + - path: $(modulePath)/.deploymentTests/linux.parameters.json + - path: $(modulePath)/.deploymentTests/windows.min.parameters.json + - path: $(modulePath)/.deploymentTests/windows.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.consumption.budgets.yml b/.azuredevops/modulePipelines/ms.consumption.budgets.yml index 1c6a664daf..47edcbd603 100644 --- a/.azuredevops/modulePipelines/ms.consumption.budgets.yml +++ b/.azuredevops/modulePipelines/ms.consumption.budgets.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml index 855d7dd391..fc9cf784c6 100644 --- a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml +++ b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml index 7995ba5e46..3833f24356 100644 --- a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml +++ b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/encr.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/encr.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml index 963ee36755..14748f8b77 100644 --- a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml +++ b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/azure.parameters.json - - path: $(modulePath)/.parameters/kubenet.parameters.json + - path: $(modulePath)/.deploymentTests/azure.parameters.json + - path: $(modulePath)/.deploymentTests/kubenet.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml index 5f4c9bf50c..ba0e52746c 100644 --- a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.datafactory.factories.yml b/.azuredevops/modulePipelines/ms.datafactory.factories.yml index 97d4f2f0a6..02601e6748 100644 --- a/.azuredevops/modulePipelines/ms.datafactory.factories.yml +++ b/.azuredevops/modulePipelines/ms.datafactory.factories.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml index 82f6aa3685..aa1c74765e 100644 --- a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml +++ b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml index 7f866f9e57..c0c4958ef2 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml index 937f2f72b4..f7f724d63a 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml index 312bb14859..adf58c1395 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml index 36306e9943..a850a151b3 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml index 07d69002ee..c7e13c5efe 100644 --- a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml +++ b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/mongodb.parameters.json - - path: $(modulePath)/.parameters/plain.parameters.json - - path: $(modulePath)/.parameters/sqldb.parameters.json + - path: $(modulePath)/.deploymentTests/mongodb.parameters.json + - path: $(modulePath)/.deploymentTests/plain.parameters.json + - path: $(modulePath)/.deploymentTests/sqldb.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml index a5b5e4c51b..74b9ed4827 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml index bce5557c01..618ee86540 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml index 35755a6eab..5f2b4d4a37 100644 --- a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml index 86e2587c59..08760e0264 100644 --- a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml +++ b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml index 1d6b367fee..465d18b9d8 100644 --- a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml +++ b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml index 0290432eeb..cffda42bac 100644 --- a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.components.yml b/.azuredevops/modulePipelines/ms.insights.components.yml index 2ebf16d0f5..77ced33898 100644 --- a/.azuredevops/modulePipelines/ms.insights.components.yml +++ b/.azuredevops/modulePipelines/ms.insights.components.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml index 68cbcd7a8b..aab087928e 100644 --- a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml +++ b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml index e2c559ed99..5d3ca5ec25 100644 --- a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml index 15d793c90a..e4d8eb0f2a 100644 --- a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml +++ b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml index 3ec1537e46..8af9bffff7 100644 --- a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml +++ b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml index 39f0e155c1..9defe0353a 100644 --- a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml +++ b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml index 7f53c0e67f..c638da8660 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml index 80d647d747..05c578d2e0 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.logic.workflows.yml b/.azuredevops/modulePipelines/ms.logic.workflows.yml index 0935dfc17e..869220d3e2 100644 --- a/.azuredevops/modulePipelines/ms.logic.workflows.yml +++ b/.azuredevops/modulePipelines/ms.logic.workflows.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml index 25d3dff698..79dfdc2be2 100644 --- a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml index 1f00c7cfc7..05a656cf55 100644 --- a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml +++ b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml index f32c9014d9..39c68df3c5 100644 --- a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.management.managementgroups.yml b/.azuredevops/modulePipelines/ms.management.managementgroups.yml index 2b6835ee2b..3289daddc9 100644 --- a/.azuredevops/modulePipelines/ms.management.managementgroups.yml +++ b/.azuredevops/modulePipelines/ms.management.managementgroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml index 51301ce92e..7ef1d4cbb5 100644 --- a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml +++ b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/nfs3.parameters.json - - path: $(modulePath)/.parameters/nfs41.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/nfs3.parameters.json + - path: $(modulePath)/.deploymentTests/nfs41.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml index 94f69382f6..da48d2dac5 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml index acd62eae47..f959c4795a 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml index 2f54d10839..64abfd6e64 100644 --- a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml +++ b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml index ffdb3bcbd4..6746220362 100644 --- a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml +++ b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.connections.yml b/.azuredevops/modulePipelines/ms.network.connections.yml index fb94033d50..1642c73684 100644 --- a/.azuredevops/modulePipelines/ms.network.connections.yml +++ b/.azuredevops/modulePipelines/ms.network.connections.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/vnet2vnet.parameters.json + - path: $(modulePath)/.deploymentTests/vnet2vnet.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml index 0e31c7a082..4574f81457 100644 --- a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml +++ b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml index 8cf0e657b8..8f86baa36a 100644 --- a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml +++ b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index 4e64acd136..51a75ecb68 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.frontdoors.yml b/.azuredevops/modulePipelines/ms.network.frontdoors.yml index 60ec3ae34b..ec107160d9 100644 --- a/.azuredevops/modulePipelines/ms.network.frontdoors.yml +++ b/.azuredevops/modulePipelines/ms.network.frontdoors.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.ipgroups.yml b/.azuredevops/modulePipelines/ms.network.ipgroups.yml index 68741237c9..47ac2b187a 100644 --- a/.azuredevops/modulePipelines/ms.network.ipgroups.yml +++ b/.azuredevops/modulePipelines/ms.network.ipgroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml index 79a642a9a2..cc2769f764 100644 --- a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml +++ b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/internal.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/internal.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml index 0ee1e4d5dc..862f64a093 100644 --- a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.natgateways.yml b/.azuredevops/modulePipelines/ms.network.natgateways.yml index c8c54a6b23..17cd3f4bee 100644 --- a/.azuredevops/modulePipelines/ms.network.natgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.natgateways.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml index 774230b786..ed2ff73682 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml index 508abc9800..a592dbf8d3 100644 --- a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml index 70dbbd7165..a032607be9 100644 --- a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml +++ b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.privatednszones.yml b/.azuredevops/modulePipelines/ms.network.privatednszones.yml index fbdae8dbbe..d4f53eb438 100644 --- a/.azuredevops/modulePipelines/ms.network.privatednszones.yml +++ b/.azuredevops/modulePipelines/ms.network.privatednszones.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml index 08c0110f53..55be935211 100644 --- a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml +++ b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml index 8162834d2c..eff1b0250f 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml index 0f4ac763e0..05a7e35e48 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.routetables.yml b/.azuredevops/modulePipelines/ms.network.routetables.yml index 3e7285e19b..15aeb0fff2 100644 --- a/.azuredevops/modulePipelines/ms.network.routetables.yml +++ b/.azuredevops/modulePipelines/ms.network.routetables.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml index e3d4a02456..a064e45548 100644 --- a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml +++ b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml index 91fc5e736f..671a6d9457 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml index f83662a85b..7d5fa11d44 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/expressRoute.parameters.json - - path: $(modulePath)/.parameters/vpn.parameters.json + - path: $(modulePath)/.deploymentTests/expressRoute.parameters.json + - path: $(modulePath)/.deploymentTests/vpn.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml index 3afcc78e93..c4b4a3ea0a 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/vnetPeering.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/vnetPeering.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualwans.yml b/.azuredevops/modulePipelines/ms.network.virtualwans.yml index 2f2aa5d2ab..32bfa7afd2 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualwans.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualwans.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.vpngateways.yml b/.azuredevops/modulePipelines/ms.network.vpngateways.yml index 18743ce83b..ee7ce830e8 100644 --- a/.azuredevops/modulePipelines/ms.network.vpngateways.yml +++ b/.azuredevops/modulePipelines/ms.network.vpngateways.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.vpnsites.yml b/.azuredevops/modulePipelines/ms.network.vpnsites.yml index 1671947a58..c6054542cc 100644 --- a/.azuredevops/modulePipelines/ms.network.vpnsites.yml +++ b/.azuredevops/modulePipelines/ms.network.vpnsites.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml index 8b4b67de7d..f3b4863863 100644 --- a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index ba8cdae0b1..05d4dae6cb 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/nonms.parameters.json - - path: $(modulePath)/.parameters/ms.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/nonms.parameters.json + - path: $(modulePath)/.deploymentTests/ms.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml index cba2c234be..416413054e 100644 --- a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml +++ b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml @@ -45,11 +45,11 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.parameters/dr.parameters.json + - path: $(modulePath)/.deploymentTests/dr.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml index d22921db65..2f5a850bea 100644 --- a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml +++ b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/cli.parameters.json - - path: $(modulePath)/.parameters/ps.parameters.json + - path: $(modulePath)/.deploymentTests/cli.parameters.json + - path: $(modulePath)/.deploymentTests/ps.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml index d9dda35a3c..03b074bdb2 100644 --- a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml +++ b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.tags.yml b/.azuredevops/modulePipelines/ms.resources.tags.yml index 2a63417b98..98316cfcfd 100644 --- a/.azuredevops/modulePipelines/ms.resources.tags.yml +++ b/.azuredevops/modulePipelines/ms.resources.tags.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/rg.parameters.json - - path: $(modulePath)/.parameters/sub.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.deploymentTests/sub.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml index ab25a3a0d5..4b6046d2e8 100644 --- a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml +++ b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml index 8f7a938e6b..626e23d613 100644 --- a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml index 60b8563841..c7e516692f 100644 --- a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml +++ b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/full.parameters.json - - path: $(modulePath)/.parameters/cert.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/full.parameters.json + - path: $(modulePath)/.deploymentTests/cert.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml index 8d238daff1..9d49a71ba7 100644 --- a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml +++ b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json defaultJobTimeoutInMinutes: 360 - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.sql.servers.yml b/.azuredevops/modulePipelines/ms.sql.servers.yml index ed0125f637..32d9b5e535 100644 --- a/.azuredevops/modulePipelines/ms.sql.servers.yml +++ b/.azuredevops/modulePipelines/ms.sql.servers.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/admin.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/admin.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml index 5b4e07ed3b..62f98d6d33 100644 --- a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml +++ b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml @@ -45,11 +45,11 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/nfs.parameters.json - - path: $(modulePath)/.parameters/parameters.json - - path: $(modulePath)/.parameters/v1.parameters.json - - path: $(modulePath)/.parameters/encr.parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/nfs.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.deploymentTests/v1.parameters.json + - path: $(modulePath)/.deploymentTests/encr.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml index 246865319c..295f5beb67 100644 --- a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml +++ b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml index 818ab369d5..8169a7e43d 100644 --- a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml +++ b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.connections.yml b/.azuredevops/modulePipelines/ms.web.connections.yml index ffba362d13..4a126a0ee8 100644 --- a/.azuredevops/modulePipelines/ms.web.connections.yml +++ b/.azuredevops/modulePipelines/ms.web.connections.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml index 1cdbca5b71..a3b6da3f80 100644 --- a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml +++ b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/asev2.parameters.json - - path: $(modulePath)/.parameters/asev3.parameters.json + - path: $(modulePath)/.deploymentTests/asev2.parameters.json + - path: $(modulePath)/.deploymentTests/asev3.parameters.json defaultJobTimeoutInMinutes: 180 - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.serverfarms.yml b/.azuredevops/modulePipelines/ms.web.serverfarms.yml index 4288d2a1e3..48d906fedc 100644 --- a/.azuredevops/modulePipelines/ms.web.serverfarms.yml +++ b/.azuredevops/modulePipelines/ms.web.serverfarms.yml @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.sites.yml b/.azuredevops/modulePipelines/ms.web.sites.yml index 28173a7c34..e56f5c75eb 100644 --- a/.azuredevops/modulePipelines/ms.web.sites.yml +++ b/.azuredevops/modulePipelines/ms.web.sites.yml @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/fa.min.parameters.json - - path: $(modulePath)/.parameters/fa.parameters.json - - path: $(modulePath)/.parameters/wa.min.parameters.json - - path: $(modulePath)/.parameters/wa.parameters.json + - path: $(modulePath)/.deploymentTests/fa.min.parameters.json + - path: $(modulePath)/.deploymentTests/fa.parameters.json + - path: $(modulePath)/.deploymentTests/wa.min.parameters.json + - path: $(modulePath)/.deploymentTests/wa.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml index 23fed47790..e408ebbb15 100644 --- a/.azuredevops/modulePipelines/ms.web.staticsites.yml +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.deploymentTests/parameters.json - stage: Publishing displayName: Publishing diff --git a/.github/actions/templates/validateModuleDeployment/action.yml b/.github/actions/templates/validateModuleDeployment/action.yml index 9addde2a80..634e751be7 100644 --- a/.github/actions/templates/validateModuleDeployment/action.yml +++ b/.github/actions/templates/validateModuleDeployment/action.yml @@ -15,7 +15,7 @@ ## | Parameter | Required | Default | Description | Example | ## |---------------------------|----------|---------|-------------------------------------------------------|-----------------------------------------------------------------------| ## | templateFilePath | true | '' | The path to the template file to use for deployment | 'modules/Microsoft.ApiManagement/service/deploy.bicep' | -## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'modules/Microsoft.ApiManagement/service/.parameters/parameters.json' | +## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json' | ## | location | true | '' | The location to use for deployment | 'WestEurope' | ## | resourceGroupName | false | '' | The resource group to deploy to | 'validation-rg' | ## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/.parameters/linux.prefix.parameter.json b/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json similarity index 100% rename from constructs/Microsoft.Compute/virtualMachinesMultiple/.parameters/linux.prefix.parameter.json rename to constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/.parameters/linux.vmnames.parameter.json b/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json similarity index 100% rename from constructs/Microsoft.Compute/virtualMachinesMultiple/.parameters/linux.vmnames.parameter.json rename to constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json diff --git a/modules/Microsoft.AAD/DomainServices/.parameters/parameters.json b/modules/Microsoft.AAD/DomainServices/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.AAD/DomainServices/.parameters/parameters.json rename to modules/Microsoft.AAD/DomainServices/.deploymentTests/parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json b/modules/Microsoft.AnalysisServices/servers/.deploymentTests/max.parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json rename to modules/Microsoft.AnalysisServices/servers/.deploymentTests/max.parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json b/modules/Microsoft.AnalysisServices/servers/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json rename to modules/Microsoft.AnalysisServices/servers/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/.parameters/parameters.json b/modules/Microsoft.AnalysisServices/servers/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.parameters/parameters.json rename to modules/Microsoft.AnalysisServices/servers/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ApiManagement/service/.parameters/max.parameters.json b/modules/Microsoft.ApiManagement/service/.deploymentTests/max.parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.parameters/max.parameters.json rename to modules/Microsoft.ApiManagement/service/.deploymentTests/max.parameters.json diff --git a/modules/Microsoft.ApiManagement/service/.parameters/min.parameters.json b/modules/Microsoft.ApiManagement/service/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.parameters/min.parameters.json rename to modules/Microsoft.ApiManagement/service/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.ApiManagement/service/.parameters/parameters.json b/modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.parameters/parameters.json rename to modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json rename to modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json rename to modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Authorization/locks/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/locks/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/locks/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/locks/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json b/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json rename to modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json b/modules/Microsoft.Automation/automationAccounts/.deploymentTests/encr.parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json rename to modules/Microsoft.Automation/automationAccounts/.deploymentTests/encr.parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json b/modules/Microsoft.Automation/automationAccounts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Automation/automationAccounts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/.parameters/parameters.json b/modules/Microsoft.Automation/automationAccounts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.parameters/parameters.json rename to modules/Microsoft.Automation/automationAccounts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json b/modules/Microsoft.Batch/batchAccounts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Batch/batchAccounts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Batch/batchAccounts/.parameters/parameters.json b/modules/Microsoft.Batch/batchAccounts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.parameters/parameters.json rename to modules/Microsoft.Batch/batchAccounts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/encr.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.deploymentTests/encr.parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.parameters/parameters.json b/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.parameters/parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json b/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/speech.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json rename to modules/Microsoft.CognitiveServices/accounts/.deploymentTests/speech.parameters.json diff --git a/modules/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json b/modules/Microsoft.Compute/availabilitySets/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json rename to modules/Microsoft.Compute/availabilitySets/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Compute/availabilitySets/.parameters/parameters.json b/modules/Microsoft.Compute/availabilitySets/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/.parameters/parameters.json rename to modules/Microsoft.Compute/availabilitySets/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json b/modules/Microsoft.Compute/diskEncryptionSets/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json rename to modules/Microsoft.Compute/diskEncryptionSets/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/disks/.parameters/image.parameters.json b/modules/Microsoft.Compute/disks/.deploymentTests/image.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.parameters/image.parameters.json rename to modules/Microsoft.Compute/disks/.deploymentTests/image.parameters.json diff --git a/modules/Microsoft.Compute/disks/.parameters/import.parameters.json b/modules/Microsoft.Compute/disks/.deploymentTests/import.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.parameters/import.parameters.json rename to modules/Microsoft.Compute/disks/.deploymentTests/import.parameters.json diff --git a/modules/Microsoft.Compute/disks/.parameters/min.parameters.json b/modules/Microsoft.Compute/disks/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.parameters/min.parameters.json rename to modules/Microsoft.Compute/disks/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Compute/disks/.parameters/parameters.json b/modules/Microsoft.Compute/disks/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.parameters/parameters.json rename to modules/Microsoft.Compute/disks/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/galleries/.parameters/images.parameters.json b/modules/Microsoft.Compute/galleries/.deploymentTests/images.parameters.json similarity index 100% rename from modules/Microsoft.Compute/galleries/.parameters/images.parameters.json rename to modules/Microsoft.Compute/galleries/.deploymentTests/images.parameters.json diff --git a/modules/Microsoft.Compute/galleries/.parameters/parameters.json b/modules/Microsoft.Compute/galleries/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/galleries/.parameters/parameters.json rename to modules/Microsoft.Compute/galleries/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/images/.parameters/parameters.json b/modules/Microsoft.Compute/images/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/images/.parameters/parameters.json rename to modules/Microsoft.Compute/images/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json b/modules/Microsoft.Compute/proximityPlacementGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json rename to modules/Microsoft.Compute/proximityPlacementGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json b/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json rename to modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.autmg.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.autmg.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.autmg.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.autmg.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json b/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json rename to modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.parameters.json diff --git a/modules/Microsoft.Consumption/budgets/.parameters/parameters.json b/modules/Microsoft.Consumption/budgets/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Consumption/budgets/.parameters/parameters.json rename to modules/Microsoft.Consumption/budgets/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json b/modules/Microsoft.ContainerInstance/containerGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json rename to modules/Microsoft.ContainerInstance/containerGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/encr.parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.deploymentTests/encr.parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json b/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.parameters/parameters.json b/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.parameters/parameters.json rename to modules/Microsoft.ContainerRegistry/registries/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.deploymentTests/azure.parameters.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json rename to modules/Microsoft.ContainerService/managedClusters/.deploymentTests/azure.parameters.json diff --git a/modules/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json b/modules/Microsoft.ContainerService/managedClusters/.deploymentTests/kubenet.parameters.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json rename to modules/Microsoft.ContainerService/managedClusters/.deploymentTests/kubenet.parameters.json diff --git a/modules/Microsoft.DataFactory/factories/.parameters/parameters.json b/modules/Microsoft.DataFactory/factories/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.DataFactory/factories/.parameters/parameters.json rename to modules/Microsoft.DataFactory/factories/.deploymentTests/parameters.json diff --git a/modules/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json b/modules/Microsoft.DataProtection/backupVaults/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json rename to modules/Microsoft.DataProtection/backupVaults/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.DataProtection/backupVaults/.parameters/parameters.json b/modules/Microsoft.DataProtection/backupVaults/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/.parameters/parameters.json rename to modules/Microsoft.DataProtection/backupVaults/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Databricks/workspaces/.parameters/parameters.json b/modules/Microsoft.Databricks/workspaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Databricks/workspaces/.parameters/parameters.json rename to modules/Microsoft.Databricks/workspaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/hostpools/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/hostpools/.deploymentTests/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json b/modules/Microsoft.DesktopVirtualization/scalingplans/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json rename to modules/Microsoft.DesktopVirtualization/scalingplans/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json b/modules/Microsoft.DesktopVirtualization/workspaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json rename to modules/Microsoft.DesktopVirtualization/workspaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/mongodb.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/mongodb.parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/plain.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/plain.parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json b/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/sqldb.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json rename to modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/sqldb.parameters.json diff --git a/modules/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json b/modules/Microsoft.EventGrid/systemTopics/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json rename to modules/Microsoft.EventGrid/systemTopics/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.EventGrid/systemTopics/.parameters/parameters.json b/modules/Microsoft.EventGrid/systemTopics/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/.parameters/parameters.json rename to modules/Microsoft.EventGrid/systemTopics/.deploymentTests/parameters.json diff --git a/modules/Microsoft.EventGrid/topics/.parameters/parameters.json b/modules/Microsoft.EventGrid/topics/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/topics/.parameters/parameters.json rename to modules/Microsoft.EventGrid/topics/.deploymentTests/parameters.json diff --git a/modules/Microsoft.EventHub/namespaces/.parameters/min.parameters.json b/modules/Microsoft.EventHub/namespaces/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/.parameters/min.parameters.json rename to modules/Microsoft.EventHub/namespaces/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.EventHub/namespaces/.parameters/parameters.json b/modules/Microsoft.EventHub/namespaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/.parameters/parameters.json rename to modules/Microsoft.EventHub/namespaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.HealthBot/healthBots/.parameters/parameters.json b/modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.HealthBot/healthBots/.parameters/parameters.json rename to modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/actionGroups/.parameters/parameters.json b/modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/actionGroups/.parameters/parameters.json rename to modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json b/modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/activityLogAlerts/.parameters/parameters.json rename to modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/components/.parameters/parameters.json b/modules/Microsoft.Insights/components/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/components/.parameters/parameters.json rename to modules/Microsoft.Insights/components/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json b/modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/diagnosticSettings/.parameters/parameters.json rename to modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/metricAlerts/.parameters/parameters.json b/modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/metricAlerts/.parameters/parameters.json rename to modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json b/modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/privateLinkScopes/.parameters/parameters.json rename to modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json b/modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Insights/scheduledQueryRules/.parameters/parameters.json rename to modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json diff --git a/modules/Microsoft.KeyVault/vaults/.parameters/min.parameters.json b/modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.KeyVault/vaults/.parameters/min.parameters.json rename to modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.KeyVault/vaults/.parameters/parameters.json b/modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.KeyVault/vaults/.parameters/parameters.json rename to modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.KubernetesConfiguration/extensions/.parameters/min.parameters.json rename to modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.KubernetesConfiguration/extensions/.parameters/parameters.json rename to modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/min.parameters.json rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.parameters/parameters.json rename to modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Logic/workflows/.parameters/parameters.json b/modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Logic/workflows/.parameters/parameters.json rename to modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.MachineLearningServices/workspaces/.parameters/min.parameters.json rename to modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.MachineLearningServices/workspaces/.parameters/parameters.json rename to modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ManagedIdentity/userAssignedIdentities/.parameters/parameters.json rename to modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/parameters.json rename to modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.ManagedServices/registrationDefinitions/.parameters/rg.parameters.json rename to modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Management/managementGroups/.parameters/parameters.json b/modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Management/managementGroups/.parameters/parameters.json rename to modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.NetApp/netAppAccounts/.parameters/min.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json similarity index 100% rename from modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs3.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json diff --git a/modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json similarity index 100% rename from modules/Microsoft.NetApp/netAppAccounts/.parameters/nfs41.parameters.json rename to modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json diff --git a/modules/Microsoft.Network/applicationGateways/.parameters/parameters.json b/modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/applicationGateways/.parameters/parameters.json rename to modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json b/modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/applicationSecurityGroups/.parameters/parameters.json rename to modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.parameters/addpip.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json diff --git a/modules/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.parameters/custompip.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json diff --git a/modules/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.parameters/min.parameters.json rename to modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/azureFirewalls/.parameters/parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/azureFirewalls/.parameters/parameters.json rename to modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json similarity index 100% rename from modules/Microsoft.Network/bastionHosts/.parameters/addpip.parameters.json rename to modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json diff --git a/modules/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json similarity index 100% rename from modules/Microsoft.Network/bastionHosts/.parameters/custompip.parameters.json rename to modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json diff --git a/modules/Microsoft.Network/bastionHosts/.parameters/min.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/bastionHosts/.parameters/min.parameters.json rename to modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/bastionHosts/.parameters/parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/bastionHosts/.parameters/parameters.json rename to modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json b/modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json similarity index 100% rename from modules/Microsoft.Network/connections/.parameters/vnet2vnet.parameters.json rename to modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json b/modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/ddosProtectionPlans/.parameters/parameters.json rename to modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json b/modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/expressRouteCircuits/.parameters/parameters.json rename to modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json b/modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/firewallPolicies/.parameters/min.parameters.json rename to modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/firewallPolicies/.parameters/parameters.json b/modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/firewallPolicies/.parameters/parameters.json rename to modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/frontDoors/.parameters/parameters.json b/modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/frontDoors/.parameters/parameters.json rename to modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/ipGroups/.parameters/parameters.json b/modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/ipGroups/.parameters/parameters.json rename to modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json similarity index 100% rename from modules/Microsoft.Network/loadBalancers/.parameters/internal.parameters.json rename to modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json diff --git a/modules/Microsoft.Network/loadBalancers/.parameters/min.parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/loadBalancers/.parameters/min.parameters.json rename to modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/loadBalancers/.parameters/parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/loadBalancers/.parameters/parameters.json rename to modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/localNetworkGateways/.parameters/parameters.json b/modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/localNetworkGateways/.parameters/parameters.json rename to modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/natGateways/.parameters/parameters.json b/modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/natGateways/.parameters/parameters.json rename to modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json b/modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/networkInterfaces/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/networkInterfaces/.parameters/parameters.json b/modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/networkInterfaces/.parameters/parameters.json rename to modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/networkSecurityGroups/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/networkSecurityGroups/.parameters/parameters.json rename to modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/networkWatchers/.parameters/min.parameters.json b/modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/networkWatchers/.parameters/min.parameters.json rename to modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/networkWatchers/.parameters/parameters.json b/modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/networkWatchers/.parameters/parameters.json rename to modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json b/modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/privateDnsZones/.parameters/min.parameters.json rename to modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/privateDnsZones/.parameters/parameters.json b/modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/privateDnsZones/.parameters/parameters.json rename to modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json b/modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json rename to modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/privateEndpoints/.parameters/parameters.json b/modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/privateEndpoints/.parameters/parameters.json rename to modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/publicIPAddresses/.parameters/parameters.json b/modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/publicIPAddresses/.parameters/parameters.json rename to modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json b/modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/publicIPPrefixes/.parameters/parameters.json rename to modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/routeTables/.parameters/parameters.json b/modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/routeTables/.parameters/parameters.json rename to modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json b/modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/trafficmanagerprofiles/.parameters/parameters.json rename to modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/virtualHubs/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualHubs/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/virtualHubs/.parameters/parameters.json b/modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualHubs/.parameters/parameters.json rename to modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualNetworkGateways/.parameters/expressRoute.parameters.json rename to modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualNetworkGateways/.parameters/vpn.parameters.json rename to modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json diff --git a/modules/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualNetworks/.parameters/parameters.json rename to modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json rename to modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json diff --git a/modules/Microsoft.Network/virtualWans/.parameters/min.parameters.json b/modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualWans/.parameters/min.parameters.json rename to modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/virtualWans/.parameters/parameters.json b/modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/virtualWans/.parameters/parameters.json rename to modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/vpnGateways/.parameters/min.parameters.json b/modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/vpnGateways/.parameters/min.parameters.json rename to modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/vpnGateways/.parameters/parameters.json b/modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/vpnGateways/.parameters/parameters.json rename to modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Network/vpnSites/.parameters/min.parameters.json b/modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Network/vpnSites/.parameters/min.parameters.json rename to modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Network/vpnSites/.parameters/parameters.json b/modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Network/vpnSites/.parameters/parameters.json rename to modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json diff --git a/modules/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.OperationalInsights/workspaces/.parameters/min.parameters.json rename to modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.OperationalInsights/workspaces/.parameters/parameters.json rename to modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.OperationsManagement/solutions/.parameters/min.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json similarity index 100% rename from modules/Microsoft.OperationsManagement/solutions/.parameters/ms.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json diff --git a/modules/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json similarity index 100% rename from modules/Microsoft.OperationsManagement/solutions/.parameters/nonms.parameters.json rename to modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json diff --git a/modules/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json similarity index 100% rename from modules/Microsoft.RecoveryServices/vaults/.parameters/dr.parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json diff --git a/modules/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.RecoveryServices/vaults/.parameters/min.parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.RecoveryServices/vaults/.parameters/parameters.json rename to modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json similarity index 100% rename from modules/Microsoft.Resources/deploymentScripts/.parameters/cli.parameters.json rename to modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json diff --git a/modules/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json similarity index 100% rename from modules/Microsoft.Resources/deploymentScripts/.parameters/ps.parameters.json rename to modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json diff --git a/modules/Microsoft.Resources/resourceGroups/.parameters/parameters.json b/modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Resources/resourceGroups/.parameters/parameters.json rename to modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Resources/tags/.parameters/min.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Resources/tags/.parameters/min.parameters.json rename to modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Resources/tags/.parameters/rg.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json similarity index 100% rename from modules/Microsoft.Resources/tags/.parameters/rg.parameters.json rename to modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json diff --git a/modules/Microsoft.Resources/tags/.parameters/sub.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json similarity index 100% rename from modules/Microsoft.Resources/tags/.parameters/sub.parameters.json rename to modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json diff --git a/modules/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json b/modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Security/azureSecurityCenter/.parameters/parameters.json rename to modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json b/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.ServiceBus/namespaces/.parameters/min.parameters.json rename to modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.ServiceBus/namespaces/.parameters/parameters.json b/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.ServiceBus/namespaces/.parameters/parameters.json rename to modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json diff --git a/modules/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json similarity index 100% rename from modules/Microsoft.ServiceFabric/clusters/.parameters/cert.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json diff --git a/modules/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json similarity index 100% rename from modules/Microsoft.ServiceFabric/clusters/.parameters/full.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json diff --git a/modules/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.ServiceFabric/clusters/.parameters/min.parameters.json rename to modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Sql/managedInstances/.parameters/parameters.json b/modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Sql/managedInstances/.parameters/parameters.json rename to modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Sql/servers/.parameters/admin.parameters.json b/modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json similarity index 100% rename from modules/Microsoft.Sql/servers/.parameters/admin.parameters.json rename to modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json diff --git a/modules/Microsoft.Sql/servers/.parameters/parameters.json b/modules/Microsoft.Sql/servers/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Sql/servers/.parameters/parameters.json rename to modules/Microsoft.Sql/servers/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json similarity index 100% rename from modules/Microsoft.Storage/storageAccounts/.parameters/encr.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json diff --git a/modules/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Storage/storageAccounts/.parameters/min.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json similarity index 100% rename from modules/Microsoft.Storage/storageAccounts/.parameters/nfs.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json diff --git a/modules/Microsoft.Storage/storageAccounts/.parameters/parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Storage/storageAccounts/.parameters/parameters.json rename to modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json similarity index 100% rename from modules/Microsoft.Storage/storageAccounts/.parameters/v1.parameters.json rename to modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json rename to modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Synapse/privateLinkHubs/.parameters/parameters.json rename to modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json b/modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.VirtualMachineImages/imageTemplates/.parameters/parameters.json rename to modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Web/connections/.parameters/parameters.json b/modules/Microsoft.Web/connections/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Web/connections/.parameters/parameters.json rename to modules/Microsoft.Web/connections/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json similarity index 100% rename from modules/Microsoft.Web/hostingEnvironments/.parameters/asev2.parameters.json rename to modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json diff --git a/modules/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json similarity index 100% rename from modules/Microsoft.Web/hostingEnvironments/.parameters/asev3.parameters.json rename to modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json diff --git a/modules/Microsoft.Web/serverfarms/.parameters/parameters.json b/modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Web/serverfarms/.parameters/parameters.json rename to modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json diff --git a/modules/Microsoft.Web/sites/.parameters/fa.min.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json similarity index 100% rename from modules/Microsoft.Web/sites/.parameters/fa.min.parameters.json rename to modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json diff --git a/modules/Microsoft.Web/sites/.parameters/fa.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json similarity index 100% rename from modules/Microsoft.Web/sites/.parameters/fa.parameters.json rename to modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json diff --git a/modules/Microsoft.Web/sites/.parameters/wa.min.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json similarity index 100% rename from modules/Microsoft.Web/sites/.parameters/wa.min.parameters.json rename to modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json diff --git a/modules/Microsoft.Web/sites/.parameters/wa.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json similarity index 100% rename from modules/Microsoft.Web/sites/.parameters/wa.parameters.json rename to modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json diff --git a/modules/Microsoft.Web/staticSites/.parameters/min.parameters.json b/modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json similarity index 100% rename from modules/Microsoft.Web/staticSites/.parameters/min.parameters.json rename to modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json diff --git a/modules/Microsoft.Web/staticSites/.parameters/parameters.json b/modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json similarity index 100% rename from modules/Microsoft.Web/staticSites/.parameters/parameters.json rename to modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json diff --git a/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 b/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 index c5fdb5244e..4aac14ad91 100644 --- a/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 +++ b/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 @@ -102,7 +102,7 @@ Optional. Maximum retry limit if the deployment fails. Default is 3. Optional. Do not throw an exception if it failed. Still returns the error message though .EXAMPLE -New-DeploymentWithParameterFile -templateFilePath 'C:/KeyVault/deploy.json' -parameterFilePath 'C:/KeyVault/.parameters/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' +New-DeploymentWithParameterFile -templateFilePath 'C:/KeyVault/deploy.json' -parameterFilePath 'C:/KeyVault/.deploymentTests/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' Deploy the deploy.json of the KeyVault module with the parameter file 'parameters.json' using the resource group 'aLegendaryRg' in location 'WestEurope' @@ -341,7 +341,7 @@ Optional. Maximum retry limit if the deployment fails. Default is 3. Optional. Do not throw an exception if it failed. Still returns the error message though .EXAMPLE -New-TemplateDeployment -templateFilePath 'C:/KeyVault/deploy.bicep' -parameterFilePath 'C:/KeyVault/.parameters/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' +New-TemplateDeployment -templateFilePath 'C:/KeyVault/deploy.bicep' -parameterFilePath 'C:/KeyVault/.deploymentTests/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' Deploy the deploy.bicep of the KeyVault module with the parameter file 'parameters.json' using the resource group 'aLegendaryRg' in location 'WestEurope' @@ -351,7 +351,7 @@ New-TemplateDeployment -templateFilePath 'C:/ResourceGroup/deploy.bicep' -locati Deploy the deploy.json of the ResourceGroup module in location 'WestEurope' .EXAMPLE -New-TemplateDeployment -templateFilePath 'C:/ResourceGroup/deploy.json' -parameterFilePath 'C:/ResourceGroup/.parameters/parameters.json' -location 'WestEurope' +New-TemplateDeployment -templateFilePath 'C:/ResourceGroup/deploy.json' -parameterFilePath 'C:/ResourceGroup/.deploymentTests/parameters.json' -location 'WestEurope' Deploy the deploy.json of the ResourceGroup module with the parameter file 'parameters.json' in location 'WestEurope' #> diff --git a/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 b/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 index 7ac7afeb97..ed5f56d23e 100644 --- a/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 +++ b/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 @@ -31,7 +31,7 @@ Optional. Name of the management group to deploy into. Mandatory if deploying in Optional. Additional parameters you can provide with the deployment. E.g. @{ resourceGroupName = 'myResourceGroup' } .EXAMPLE -Test-TemplateDeployment -templateFilePath 'C:/KeyVault/deploy.bicep' -parameterFilePath 'C:/KeyVault/.parameters/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' +Test-TemplateDeployment -templateFilePath 'C:/KeyVault/deploy.bicep' -parameterFilePath 'C:/KeyVault/.deploymentTests/parameters.json' -location 'WestEurope' -resourceGroupName 'aLegendaryRg' Test the deploy.bicep of the KeyVault module with the parameter file 'parameters.json' using the resource group 'aLegendaryRg' in location 'WestEurope' @@ -41,7 +41,7 @@ Test-TemplateDeployment -templateFilePath 'C:/KeyVault/deploy.bicep' -location ' Test the deploy.bicep of the KeyVault module using the resource group 'aLegendaryRg' in location 'WestEurope' .EXAMPLE -Test-TemplateDeployment -templateFilePath 'C:/ResourceGroup/deploy.json' -parameterFilePath 'C:/ResourceGroup/.parameters/parameters.json' -location 'WestEurope' +Test-TemplateDeployment -templateFilePath 'C:/ResourceGroup/deploy.json' -parameterFilePath 'C:/ResourceGroup/.deploymentTests/parameters.json' -location 'WestEurope' Test the deploy.json of the ResourceGroup module with the parameter file 'parameters.json' in location 'WestEurope' #> From a2681ccf7a4d801781ec7fddcd0c5743aef014d1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 11:57:10 +0200 Subject: [PATCH 17/42] Further renames --- ...board module library and CI environment.md | 20 +++++++++---------- ... CI environment - Deployment validation.md | 2 +- docs/wiki/The library - Module design.md | 4 ++-- modules/.global/global.module.tests.ps1 | 18 ++++++++--------- .../Get-ModuleParameterFiles.ps1 | 2 +- utilities/tools/Set-ModuleReadMe.ps1 | 2 +- utilities/tools/Test-ModuleLocally.ps1 | 6 +++--- .../helper/Get-ModulesAsMarkdownTable.ps1 | 16 +++++++-------- 8 files changed, 35 insertions(+), 35 deletions(-) diff --git a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md index 52a5377a93..4bfa507ab4 100644 --- a/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md +++ b/docs/wiki/Getting started - Scenario 2 Onboard module library and CI environment.md @@ -379,16 +379,16 @@ For this reason, make sure to update the references in the following modules onc | File | Parameter | Notes | | - | - | - | -| `modules\Microsoft.Compute\diskEncryptionSets\.parameters\parameters.json` |`keyUrl.value` | | -| `modules\Microsoft.Compute\virtualMachines\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `modules\Microsoft.Compute\virtualMachines\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `modules\Microsoft.Compute\virtualMachineScaleSets\.parameters\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `modules\Microsoft.Compute\virtualMachineScaleSets\.parameters\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | -| `modules\Microsoft.Sql\managedInstances\.parameters\parameters.json` | `keys.value.uri` | | -| `modules\Microsoft.Network\applicationGateways\.parameters\parameters.json` | `sslCertificates.value.properties.keyVaultSecretId` | | -| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `appSettingsKeyValuePairs.value.EASYAUTH_SECRET` | Key Vault secret URI without version | -| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App | -| `modules\Microsoft.Web\sites\.parameters\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app | +| `modules\Microsoft.Compute\diskEncryptionSets\.deploymentTests\parameters.json` |`keyUrl.value` | | +| `modules\Microsoft.Compute\virtualMachines\.deploymentTests\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachines\.deploymentTests\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachineScaleSets\.deploymentTests\linux.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Compute\virtualMachineScaleSets\.deploymentTests\windows.parameters.json` | `extensionDiskEncryptionConfig.value.settings.KeyEncryptionKeyURL` | | +| `modules\Microsoft.Sql\managedInstances\.deploymentTests\parameters.json` | `keys.value.uri` | | +| `modules\Microsoft.Network\applicationGateways\.deploymentTests\parameters.json` | `sslCertificates.value.properties.keyVaultSecretId` | | +| `modules\Microsoft.Web\sites\.deploymentTests\fa.parameters.json` | `appSettingsKeyValuePairs.value.EASYAUTH_SECRET` | Key Vault secret URI without version | +| `modules\Microsoft.Web\sites\.deploymentTests\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.registration.clientId` | App ID from the Azure Active Directory App | +| `modules\Microsoft.Web\sites\.deploymentTests\fa.parameters.json` | `authSettingV2Configuration.value.identityProviders.azureActiveDirectory.validation.allowedAudiences` | API endpoint from the Azure Active Directory app | diff --git a/docs/wiki/The CI environment - Deployment validation.md b/docs/wiki/The CI environment - Deployment validation.md index 25d45a3e34..76daa109f7 100644 --- a/docs/wiki/The CI environment - Deployment validation.md +++ b/docs/wiki/The CI environment - Deployment validation.md @@ -21,7 +21,7 @@ The deployment validation phase can be divided into three steps, running in sequ # Template validation -The template validation step performs a dry-run with each parameter file in the module's `'.parameters'` folder +The template validation step performs a dry-run with each parameter file in the module's `'.deploymentTests'` folder In particular, the step runs a `Test-AzDeployment` cmdlet (_the command may vary based on the template schema_) for each provided module parameter file to verify if the template could be deployed using them. diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 714282abff..2d9ade1b5e 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -109,7 +109,7 @@ Use the following naming standard for module files and folders: └─ ├─ .bicep | ├─ nested_extensionResource1.bicep - ├─ .parameters + ├─ .deploymentTests | └─ parameters.json ├─ deploy.bicep └─ readme.md @@ -121,7 +121,7 @@ Use the following naming standard for module files and folders: >└─ sites > ├─ .bicep > | └─ nested_roleAssignments.bicep - > ├─ .parameters + > ├─ .deploymentTests > | └─ parameters.json > ├─ deploy.bicep > └─ readme.md diff --git a/modules/.global/global.module.tests.ps1 b/modules/.global/global.module.tests.ps1 index 389efe3eb4..bc962c4e48 100644 --- a/modules/.global/global.module.tests.ps1 +++ b/modules/.global/global.module.tests.ps1 @@ -89,10 +89,10 @@ Describe 'File/folder tests' -Tag Modules { (Test-Path (Join-Path -Path $moduleFolderPath 'readme.md')) | Should -Be $true } - It '[] Module should contain a [.parameters] folder' -TestCases ($moduleFolderTestCases | Where-Object { $_.isTopLevelModule }) { + It '[] Module should contain a [.deploymentTests] folder' -TestCases ($moduleFolderTestCases | Where-Object { $_.isTopLevelModule }) { param( [string] $moduleFolderPath ) - Test-Path (Join-Path -Path $moduleFolderPath '.parameters') | Should -Be $true + Test-Path (Join-Path -Path $moduleFolderPath '.deploymentTests') | Should -Be $true } It '[] Module should contain a [version.json] file' -TestCases $moduleFolderTestCases { @@ -106,7 +106,7 @@ Describe 'File/folder tests' -Tag Modules { $folderTestCases = [System.Collections.ArrayList]@() foreach ($moduleFolderPath in $moduleFolderPaths) { - if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { + if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { $folderTestCases += @{ moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] moduleFolderPath = $moduleFolderPath @@ -120,13 +120,13 @@ Describe 'File/folder tests' -Tag Modules { [string] $moduleFolderName, $moduleFolderPath ) - $parameterFolderPath = Join-Path $moduleFolderPath '.parameters' + $parameterFolderPath = Join-Path $moduleFolderPath '.deploymentTests' (Get-ChildItem $parameterFolderPath -Filter '*parameters.json' -Force).Count | Should -BeGreaterThan 0 } $parameterFolderFilesTestCases = [System.Collections.ArrayList] @() foreach ($moduleFolderPath in $moduleFolderPaths) { - $parameterFolderPath = Join-Path $moduleFolderPath '.parameters' + $parameterFolderPath = Join-Path $moduleFolderPath '.deploymentTests' if (Test-Path $parameterFolderPath) { foreach ($parameterFile in (Get-ChildItem $parameterFolderPath -Filter '*parameters.json' -Force)) { $parameterFolderFilesTestCases += @{ @@ -505,8 +505,8 @@ Describe 'Deployment template tests' -Tag Template { $TemplateFile_AllParameterNames = $templateFile_Parameters.Keys | Sort-Object $TemplateFile_RequiredParametersNames = ($templateFile_Parameters.Keys | Where-Object { -not $templateFile_Parameters[$_].ContainsKey('defaultValue') }) | Sort-Object - if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { - $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.parameters' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName + if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { + $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.deploymentTests' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName foreach ($ParameterFilePath in $ParameterFilePaths) { $parameterFile_AllParameterNames = ((Get-Content $ParameterFilePath) | ConvertFrom-Json -AsHashtable).parameters.Keys | Sort-Object $parameterFileTestCases += @{ @@ -917,8 +917,8 @@ Describe 'Deployment template tests' -Tag Template { $parameterFileTokenTestCases = @() foreach ($moduleFolderPath in $moduleFolderPaths) { - if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { - $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.parameters' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName + if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { + $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.deploymentTests' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName foreach ($ParameterFilePath in $ParameterFilePaths) { foreach ($token in $enforcedTokenList.Keys) { $parameterFileTokenTestCases += @{ diff --git a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 index b13d619e7b..79ffb5ca87 100644 --- a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 +++ b/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 @@ -25,7 +25,7 @@ function Get-ModuleParameterFiles { # Note: Should be 'recurse', but is not working with powershell 7.2.1 on GitHub hosted agents but needs 7.2.2 # $parameterFilePaths = (Get-ChildItem -Recurse -Path $ModulePath -Filter '*parameters.json' -File).FullName - $parameterFilePaths = (Get-ChildItem -Path "$ModulePath/.parameters" -Filter '*parameters.json' -File).FullName + $parameterFilePaths = (Get-ChildItem -Path "$ModulePath/.deploymentTests" -Filter '*parameters.json' -File).FullName if (-not $parameterFilePaths) { throw "No parameter files found for module [$ModulePath]" diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index cb564db51a..5b48b09872 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -351,7 +351,7 @@ function Set-DeploymentExamplesSection { $moduleRoot = Split-Path $TemplateFilePath -Parent $resourceTypeIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') - $parameterFiles = Get-ChildItem (Join-Path $moduleRoot '.parameters') -Filter '*parameters.json' -Recurse + $parameterFiles = Get-ChildItem (Join-Path $moduleRoot '.deploymentTests') -Filter '*parameters.json' -Recurse $index = 1 foreach ($parameterFilePath in $parameterFiles.FullName) { diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index 081762ab77..92fe992e96 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -35,7 +35,7 @@ Optional. A hashtable parameter that contains custom tokens to be replaced in th $TestModuleLocallyInput = @{ TemplateFilePath = 'C:\Microsoft.Network\routeTables\deploy.bicep' - ParameterFilePath = 'C:\Microsoft.Network\routeTables\.parameters\parameters.json' + ParameterFilePath = 'C:\Microsoft.Network\routeTables\.deploymentTests\parameters.json' PesterTest = $false DeploymentTest = $false ValidationTest = $true @@ -115,7 +115,7 @@ function Test-ModuleLocally { [string] $TemplateFilePath, [Parameter(Mandatory = $false)] - [string] $parameterFilePath = (Join-Path (Split-Path $TemplateFilePath -Parent) '.parameters'), + [string] $parameterFilePath = (Join-Path (Split-Path $TemplateFilePath -Parent) '.deploymentTests'), [Parameter(Mandatory = $false)] [Psobject] $ValidateOrDeployParameters = @{}, @@ -166,7 +166,7 @@ function Test-ModuleLocally { Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'modules/.global/global.module.tests.ps1') -Data @{ + Container = New-PesterContainer -Path (Join-Path (Get-Item $PSScriptRoot).Parent.Parent 'araobal/global.module.tests.ps1') -Data @{ moduleFolderPaths = Split-Path $TemplateFilePath -Parent enforcedTokenList = $enforcedTokenList } diff --git a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 index fb41024aaf..eedb1c4fa6 100644 --- a/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 +++ b/utilities/tools/helper/Get-ModulesAsMarkdownTable.ps1 @@ -214,8 +214,8 @@ Check for the existens of any nested module levels .DESCRIPTION Check for the existens of any nested module levels. -A module is identified by folders that do not contain module-specific folders such as '.parameters'. -In other words, a module would contain a folder with e.g. a '.parameters' folder and would hence not count towards the hierarchy of parent folders. +A module is identified by folders that do not contain module-specific folders such as '.deploymentTests'. +In other words, a module would contain a folder with e.g. a '.deploymentTests' folder and would hence not count towards the hierarchy of parent folders. .PARAMETER path Mandatory. The path to search in. @@ -234,10 +234,10 @@ function Measure-FolderHasNestedModule { [string] $Path ) - # Get all folder paths that exist in the given path as long as they are not '.bicep' or '.parameters' folders + # Get all folder paths that exist in the given path as long as they are not '.bicep' or '.deploymentTests' folders # This works as long as the folder structure is consistent (e.g. no empty folders are created etc.) - $rawFoundFolders = Get-ChildItem $Path -Directory -Recurse -Exclude @('.bicep', '.parameters') -Force - $foundFolders = $rawFoundFolders | Where-Object { (Get-ChildItem $_.FullName -Directory -Depth 0 -Include '.parameters' -Force).count -gt 0 } + $rawFoundFolders = Get-ChildItem $Path -Directory -Recurse -Exclude @('.bicep', '.deploymentTests') -Force + $foundFolders = $rawFoundFolders | Where-Object { (Get-ChildItem $_.FullName -Directory -Depth 0 -Include '.deploymentTests' -Force).count -gt 0 } if ($foundFolders) { return $true } else { @@ -323,9 +323,9 @@ function Get-ResolvedSubServiceRow { [string]$ProjectName = '' ) - $rawSubFolders = Get-ChildItem -Path $subPath -Directory -Recurse -Exclude @('.bicep', '.parameters') -Force + $rawSubFolders = Get-ChildItem -Path $subPath -Directory -Recurse -Exclude @('.bicep', '.deploymentTests') -Force # Only consider those folders that have their own parameters, i.e. are top-level modules and not child-resource modules - $subFolders = $rawSubFolders | Where-Object { (Get-ChildItem $_.FullName -Directory -Depth 0 -Include '.parameters' -Force).count -gt 0 } + $subFolders = $rawSubFolders | Where-Object { (Get-ChildItem $_.FullName -Directory -Depth 0 -Include '.deploymentTests' -Force).count -gt 0 } foreach ($subfolder in $subFolders.FullName) { @@ -517,7 +517,7 @@ function Get-ModulesAsMarkdownTable { foreach ($topLevelFolder in $topLevelFolders) { $provider = Split-Path $topLevelFolder -Leaf - $containedFolders = Get-ChildItem -Path $topLevelFolder -Directory -Recurse -Exclude @('.bicep', '.parameters') -Depth 0 -Force + $containedFolders = Get-ChildItem -Path $topLevelFolder -Directory -Recurse -Exclude @('.bicep', '.deploymentTests') -Depth 0 -Force foreach ($containedFolder in $containedFolders.FullName) { $containedFolderName = (Split-Path $containedFolder -Leaf) From aa43dfad245fe93c166d12e84e5e0be83816bf16 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 12:05:19 +0200 Subject: [PATCH 18/42] Updated parameter fetch function --- .../templates/getParameterFiles/action.yml | 4 +- .../Get-DeploymentTestFileList.ps1 | 42 +++++++++++++++++++ .../Get-ModuleParameterFiles.ps1 | 42 ------------------- 3 files changed, 44 insertions(+), 44 deletions(-) create mode 100644 utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 delete mode 100644 utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 diff --git a/.github/actions/templates/getParameterFiles/action.yml b/.github/actions/templates/getParameterFiles/action.yml index cde9b10525..1bcb50e607 100644 --- a/.github/actions/templates/getParameterFiles/action.yml +++ b/.github/actions/templates/getParameterFiles/action.yml @@ -21,14 +21,14 @@ runs: # Grouping task logs Write-Output "::group::Get parameter files" # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-ModuleParameterFiles.ps1') + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-DeploymentTestFileList.ps1') $functionInput = @{ ModulePath = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.modulePath }}' } Write-Verbose "Invoke task with" -Verbose Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose # Get the list of parameter file paths - $parameterFilePaths = Get-ModuleParameterFiles @functionInput -Verbose + $parameterFilePaths = Get-DeploymentTestFileList @functionInput -Verbose # Output values to be accessed by next jobs $compressedOutput = $parameterFilePaths | ConvertTo-Json -Compress if($compressedOutput -notmatch "\[.*\]") { diff --git a/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 b/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 new file mode 100644 index 0000000000..426d5efd81 --- /dev/null +++ b/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 @@ -0,0 +1,42 @@ +<# +.SYNOPSIS +Get the relative file paths of all parameter files in the given module. + +.DESCRIPTION +Get the relative file paths of all parameter files in the given module. +The relative path is returned instead of the full one to make paths easier to read in the pipeline. + +.PARAMETER ModulePath +Mandatory. The module path to search in. + +.EXAMPLE +Get-DeploymentTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' + +Returns the relative file paths of all parameter files of the virtual machines module. +#> +function Get-DeploymentTestFileList { + + [CmdletBinding()] + param ( + [Parameter(Mandatory)] + [string] $ModulePath + ) + + $deploymentTests = @() + if (Test-Path (Join-Path $ModulePath '.deploymentTests')) { + $deploymentTests += (Get-ChildItem -Path (Join-Path $ModulePath '.deploymentTests') -Depth 0 -Include ('*.json', '*.bicep') -File).FullName + } + + if (-not $deploymentTests) { + throw "No deployment test files found for module [$ModulePath]" + } + + $deploymentTests = $deploymentTests | ForEach-Object { + $_.Replace($ModulePath, '').Trim('\').Trim('/') + } + + Write-Verbose 'Found parameter files' + $deploymentTests | ForEach-Object { Write-Verbose "- $_" } + + return $deploymentTests +} diff --git a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 deleted file mode 100644 index 79ffb5ca87..0000000000 --- a/utilities/pipelines/sharedScripts/Get-ModuleParameterFiles.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -<# -.SYNOPSIS -Get the relative file paths of all parameter files in the given module. - -.DESCRIPTION -Get the relative file paths of all parameter files in the given module. -The relative path is returned instead of the full one to make paths easier to read in the pipeline. - -.PARAMETER ModulePath -Mandatory. The module path to search in. - -.EXAMPLE -Get-ModuleParameterFiles -ModulePath 'C:\ResourceModules\modules\Microsoft.Compute\virtualMachines' - -Returns the relative file paths of all parameter files of the virtual machines module. -#> -function Get-ModuleParameterFiles { - - [CmdletBinding()] - param ( - [Parameter(Mandatory)] - [string] $ModulePath - ) - - # Note: Should be 'recurse', but is not working with powershell 7.2.1 on GitHub hosted agents but needs 7.2.2 - # $parameterFilePaths = (Get-ChildItem -Recurse -Path $ModulePath -Filter '*parameters.json' -File).FullName - - $parameterFilePaths = (Get-ChildItem -Path "$ModulePath/.deploymentTests" -Filter '*parameters.json' -File).FullName - - if (-not $parameterFilePaths) { - throw "No parameter files found for module [$ModulePath]" - } - - $parameterFilePaths = $parameterFilePaths | ForEach-Object { - $_.Replace($ModulePath, '').Trim('\').Trim('/') - } - - Write-Verbose 'Found parameter files' - $parameterFilePaths | ForEach-Object { Write-Verbose "- $_" } - - return $parameterFilePaths -} From 58cddcdce15e2819db849dc360c102e309312f63 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 12:05:48 +0200 Subject: [PATCH 19/42] Updated docs --- docs/wiki/The library - Module design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 2d9ade1b5e..0f5358a739 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -60,7 +60,7 @@ They can be deployed in different configurations just by changing the input para A **CARML module** consists of - The Bicep template deployment file (`deploy.bicep`). -- One or multiple template parameters files (`*parameters.json`) that will be used for testing, located in the `.parameters` subfolder. +- One or multiple template parameters files (`*parameters.json`) that will be used for testing, located in the `.deploymentTests` subfolder. - A `readme.md` file which describes the module itself. A module usually represents a single resource or a set of closely related resources. For example, a storage account and the associated lock or virtual machine and network interfaces. Modules are located in the `modules` folder. From c8d442380cfbcdea2a0264d9ffc19ed753ab5d53 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 12:07:05 +0200 Subject: [PATCH 20/42] Further rename --- modules/.global/global.module.tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/.global/global.module.tests.ps1 b/modules/.global/global.module.tests.ps1 index bc962c4e48..11507d46ca 100644 --- a/modules/.global/global.module.tests.ps1 +++ b/modules/.global/global.module.tests.ps1 @@ -102,7 +102,7 @@ Describe 'File/folder tests' -Tag Modules { } } - Context '.parameters folder' { + Context '.deploymentTests folder' { $folderTestCases = [System.Collections.ArrayList]@() foreach ($moduleFolderPath in $moduleFolderPaths) { From 0a33114a75b9dcb9d565923eb8e0215da621f8f7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 27 Jun 2022 15:03:15 +0200 Subject: [PATCH 21/42] First commit --- .../modulePipelines/ms.aad.domainservices.yml | 8 +- .../ms.analysisservices.servers.yml | 12 +- .../ms.apimanagement.service.yml | 12 +- ...s.appconfiguration.configurationstores.yml | 10 +- .../ms.authorization.locks.yml | 8 +- .../ms.authorization.policyassignments.yml | 18 +- .../ms.authorization.policydefinitions.yml | 14 +- .../ms.authorization.policyexemptions.yml | 18 +- .../ms.authorization.policysetdefinitions.yml | 14 +- .../ms.authorization.roleassignments.yml | 18 +- .../ms.authorization.roledefinitions.yml | 18 +- .../ms.automation.automationaccounts.yml | 12 +- .../ms.batch.batchaccounts.yml | 10 +- .../ms.cognitiveservices.accounts.yml | 14 +- .../ms.compute.availabilitysets.yml | 8 +- .../ms.compute.diskencryptionsets.yml | 8 +- .../modulePipelines/ms.compute.disks.yml | 14 +- .../modulePipelines/ms.compute.galleries.yml | 14 +- .../modulePipelines/ms.compute.images.yml | 8 +- .../ms.compute.proximityplacementgroups.yml | 8 +- .../ms.compute.virtualmachines.yml | 18 +- .../ms.compute.virtualmachinescalesets.yml | 14 +- .../ms.consumption.budgets.yml | 8 +- .../ms.containerinstance.containergroups.yml | 8 +- .../ms.containerregistry.registries.yml | 12 +- .../ms.containerservice.managedclusters.yml | 10 +- .../ms.databricks.workspaces.yml | 8 +- .../ms.datafactory.factories.yml | 8 +- .../ms.dataprotection.backupvaults.yml | 10 +- ...esktopvirtualization.applicationgroups.yml | 10 +- .../ms.desktopvirtualization.hostpools.yml | 8 +- .../ms.desktopvirtualization.scalingplans.yml | 8 +- .../ms.desktopvirtualization.workspaces.yml | 8 +- .../ms.documentdb.databaseaccounts.yml | 12 +- .../ms.eventgrid.systemtopics.yml | 10 +- .../modulePipelines/ms.eventgrid.topics.yml | 8 +- .../ms.eventhub.namespaces.yml | 10 +- .../ms.healthbot.healthbots.yml | 8 +- .../ms.insights.actiongroups.yml | 8 +- .../ms.insights.activitylogalerts.yml | 8 +- .../ms.insights.components.yml | 8 +- .../ms.insights.diagnosticsettings.yml | 8 +- .../ms.insights.metricalerts.yml | 8 +- .../ms.insights.privatelinkscopes.yml | 8 +- .../ms.insights.scheduledqueryrules.yml | 8 +- .../modulePipelines/ms.keyvault.vaults.yml | 10 +- .../ms.kubernetesconfiguration.extensions.yml | 10 +- ...rnetesconfiguration.fluxconfigurations.yml | 12 +- .../modulePipelines/ms.logic.workflows.yml | 8 +- .../ms.machinelearningservices.workspaces.yml | 10 +- ...managedidentity.userassignedidentities.yml | 8 +- ...anagedservices.registrationdefinitions.yml | 10 +- .../ms.management.managementgroups.yml | 8 +- .../ms.netapp.netappaccounts.yml | 12 +- .../ms.network.applicationgateways.yml | 8 +- .../ms.network.applicationsecuritygroups.yml | 8 +- .../ms.network.azurefirewalls.yml | 8 +- .../ms.network.bastionhosts.yml | 10 +- .../ms.network.connections.yml | 8 +- .../ms.network.ddosprotectionplans.yml | 8 +- .../ms.network.expressroutecircuits.yml | 8 +- .../ms.network.firewallpolicies.yml | 12 +- .../modulePipelines/ms.network.frontdoors.yml | 8 +- .../modulePipelines/ms.network.ipgroups.yml | 8 +- .../ms.network.loadbalancers.yml | 12 +- .../ms.network.localnetworkgateways.yml | 8 +- .../ms.network.natgateways.yml | 8 +- .../ms.network.networkinterfaces.yml | 10 +- .../ms.network.networksecuritygroups.yml | 10 +- .../ms.network.networkwatchers.yml | 10 +- .../ms.network.privatednszones.yml | 10 +- .../ms.network.privateendpoints.yml | 10 +- .../ms.network.publicipaddresses.yml | 8 +- .../ms.network.publicipprefixes.yml | 8 +- .../ms.network.routetables.yml | 8 +- .../ms.network.trafficmanagerprofiles.yml | 8 +- .../ms.network.virtualhubs.yml | 12 +- .../ms.network.virtualnetworkgateways.yml | 10 +- .../ms.network.virtualnetworks.yml | 10 +- .../ms.network.virtualwans.yml | 10 +- .../ms.network.vpngateways.yml | 12 +- .../modulePipelines/ms.network.vpnsites.yml | 10 +- .../ms.operationalinsights.workspaces.yml | 10 +- .../ms.operationsmanagement.solutions.yml | 12 +- .../ms.recoveryservices.vaults.yml | 12 +- .../ms.resources.deploymentscripts.yml | 10 +- .../ms.resources.resourcegroups.yml | 8 +- .../modulePipelines/ms.resources.tags.yml | 12 +- .../ms.security.azuresecuritycenter.yml | 8 +- .../ms.servicebus.namespaces.yml | 10 +- .../ms.servicefabric.clusters.yml | 16 +- .../ms.sql.managedinstances.yml | 8 +- .../modulePipelines/ms.sql.servers.yml | 10 +- .../ms.storage.storageaccounts.yml | 16 +- .../ms.synapse.privatelinkhubs.yml | 10 +- ...ms.virtualmachineimages.imagetemplates.yml | 8 +- .../modulePipelines/ms.web.connections.yml | 8 +- .../ms.web.hostingenvironments.yml | 10 +- .../modulePipelines/ms.web.serverfarms.yml | 8 +- .azuredevops/modulePipelines/ms.web.sites.yml | 14 +- .../modulePipelines/ms.web.staticsites.yml | 10 +- .../pipelineTemplates/jobs.publishModule.yml | 6 +- .../jobs.validateModulePester.yml | 12 +- .../platform.dependencies.yml | 2 +- .../platform.updateReadMe.yml | 10 +- .../templates/getParameterFiles/action.yml | 4 +- .../templates/publishModule/action.yml | 30 +- .../validateModuleDeployment/action.yml | 24 +- .../templates/validateModulePester/action.yml | 18 +- .github/workflows/ms.aad.domainservices.yml | 6 +- .../workflows/ms.analysisservices.servers.yml | 6 +- .../workflows/ms.apimanagement.service.yml | 6 +- ...s.appconfiguration.configurationstores.yml | 6 +- .github/workflows/ms.authorization.locks.yml | 6 +- .../ms.authorization.policyassignments.yml | 6 +- .../ms.authorization.policydefinitions.yml | 6 +- .../ms.authorization.policyexemptions.yml | 6 +- .../ms.authorization.policysetdefinitions.yml | 6 +- .../ms.authorization.roleassignments.yml | 6 +- .../ms.authorization.roledefinitions.yml | 6 +- .../ms.automation.automationaccounts.yml | 6 +- .github/workflows/ms.batch.batchaccounts.yml | 6 +- .../ms.cognitiveservices.accounts.yml | 6 +- .../workflows/ms.compute.availabilitysets.yml | 6 +- .../ms.compute.diskencryptionsets.yml | 6 +- .github/workflows/ms.compute.disks.yml | 6 +- .github/workflows/ms.compute.galleries.yml | 6 +- .github/workflows/ms.compute.images.yml | 6 +- .../ms.compute.proximityplacementgroups.yml | 6 +- .../workflows/ms.compute.virtualmachines.yml | 6 +- .../ms.compute.virtualmachinescalesets.yml | 6 +- .github/workflows/ms.consumption.budgets.yml | 6 +- .../ms.containerinstance.containergroups.yml | 6 +- .../ms.containerregistry.registries.yml | 6 +- .../ms.containerservice.managedclusters.yml | 6 +- .../workflows/ms.databricks.workspaces.yml | 6 +- .../workflows/ms.datafactory.factories.yml | 6 +- .../ms.dataprotection.backupvaults.yml | 98 +- ...esktopvirtualization.applicationgroups.yml | 6 +- .../ms.desktopvirtualization.hostpools.yml | 6 +- .../ms.desktopvirtualization.scalingplans.yml | 6 +- .../ms.desktopvirtualization.workspaces.yml | 6 +- .../ms.documentdb.databaseaccounts.yml | 6 +- .../workflows/ms.eventgrid.systemtopics.yml | 6 +- .github/workflows/ms.eventgrid.topics.yml | 6 +- .github/workflows/ms.eventhub.namespaces.yml | 6 +- .github/workflows/ms.healthbot.healthbots.yml | 6 +- .../workflows/ms.insights.actiongroups.yml | 6 +- .../ms.insights.activitylogalerts.yml | 6 +- .github/workflows/ms.insights.components.yml | 6 +- .../ms.insights.diagnosticsettings.yml | 6 +- .../workflows/ms.insights.metricalerts.yml | 6 +- .../ms.insights.privatelinkscopes.yml | 6 +- .../ms.insights.scheduledqueryrules.yml | 6 +- .github/workflows/ms.keyvault.vaults.yml | 6 +- .../ms.kubernetesconfiguration.extensions.yml | 6 +- ...rnetesconfiguration.fluxconfigurations.yml | 6 +- .github/workflows/ms.logic.workflows.yml | 6 +- .../ms.machinelearningservices.workspaces.yml | 6 +- ...managedidentity.userassignedidentities.yml | 6 +- ...anagedservices.registrationdefinitions.yml | 6 +- .../ms.management.managementgroups.yml | 6 +- .../workflows/ms.netapp.netappaccounts.yml | 6 +- .../ms.network.applicationgateways.yml | 6 +- .../ms.network.applicationsecuritygroups.yml | 6 +- .../workflows/ms.network.azurefirewalls.yml | 6 +- .github/workflows/ms.network.bastionhosts.yml | 6 +- .github/workflows/ms.network.connections.yml | 6 +- .../ms.network.ddosprotectionplans.yml | 6 +- .../ms.network.expressroutecircuits.yml | 6 +- .../workflows/ms.network.firewallpolicies.yml | 6 +- .github/workflows/ms.network.frontdoors.yml | 6 +- .github/workflows/ms.network.ipgroups.yml | 6 +- .../workflows/ms.network.loadbalancers.yml | 6 +- .../ms.network.localnetworkgateways.yml | 6 +- .github/workflows/ms.network.natgateways.yml | 6 +- .../ms.network.networkinterfaces.yml | 6 +- .../ms.network.networksecuritygroups.yml | 6 +- .../workflows/ms.network.networkwatchers.yml | 6 +- .../workflows/ms.network.privatednszones.yml | 6 +- .../workflows/ms.network.privateendpoints.yml | 6 +- .../ms.network.publicipaddresses.yml | 6 +- .../workflows/ms.network.publicipprefixes.yml | 6 +- .github/workflows/ms.network.routetables.yml | 6 +- .../ms.network.trafficmanagerprofiles.yml | 6 +- .github/workflows/ms.network.virtualhubs.yml | 6 +- .../ms.network.virtualnetworkgateways.yml | 6 +- .../workflows/ms.network.virtualnetworks.yml | 6 +- .github/workflows/ms.network.virtualwans.yml | 6 +- .github/workflows/ms.network.vpngateways.yml | 6 +- .github/workflows/ms.network.vpnsites.yml | 6 +- .../ms.operationalinsights.workspaces.yml | 6 +- .../ms.operationsmanagement.solutions.yml | 6 +- .../workflows/ms.recoveryservices.vaults.yml | 6 +- .../ms.resources.deploymentscripts.yml | 6 +- .../workflows/ms.resources.resourcegroups.yml | 6 +- .github/workflows/ms.resources.tags.yml | 6 +- .../ms.security.azuresecuritycenter.yml | 6 +- .../workflows/ms.servicebus.namespaces.yml | 6 +- .../workflows/ms.servicefabric.clusters.yml | 6 +- .github/workflows/ms.sql.managedinstances.yml | 6 +- .github/workflows/ms.sql.servers.yml | 6 +- .../workflows/ms.storage.storageaccounts.yml | 6 +- .../workflows/ms.synapse.privatelinkhubs.yml | 6 +- ...ms.virtualmachineimages.imagetemplates.yml | 6 +- .github/workflows/ms.web.connections.yml | 6 +- .../workflows/ms.web.hostingenvironments.yml | 6 +- .github/workflows/ms.web.serverfarms.yml | 6 +- .github/workflows/ms.web.sites.yml | 6 +- .github/workflows/ms.web.staticsites.yml | 6 +- .../platform.convertToArmTemplate.tests.yml | 1 - .github/workflows/platform.dependencies.yml | 76 +- .github/workflows/platform.updateReadMe.yml | 10 +- README.md | 202 +-- .../.global/global.module.tests.ps1 | 50 +- {modules => arm}/.global/shared/helper.psm1 | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/parameters.json | 0 .../Microsoft.AAD/DomainServices/deploy.bicep | 0 .../Microsoft.AAD/DomainServices/readme.md | 0 .../Microsoft.AAD/DomainServices/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../servers/.parameters}/max.parameters.json | 0 .../servers/.parameters}/min.parameters.json | 0 .../servers/.parameters}/parameters.json | 0 .../servers/deploy.bicep | 0 .../servers/readme.md | 0 .../servers/version.json | 0 .../.bicep/nested_authorizationServers.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../service/.parameters}/max.parameters.json | 0 .../service/.parameters}/min.parameters.json | 0 .../service/.parameters}/parameters.json | 0 .../service/apiVersionSets/deploy.bicep | 0 .../service/apiVersionSets/readme.md | 0 .../service/apiVersionSets/version.json | 0 .../service/apis/deploy.bicep | 0 .../service/apis/policies/deploy.bicep | 0 .../service/apis/policies/readme.md | 0 .../service/apis/policies/version.json | 0 .../service/apis/readme.md | 0 .../service/apis/version.json | 0 .../service/authorizationServers/deploy.bicep | 0 .../service/authorizationServers/readme.md | 0 .../service/authorizationServers/version.json | 0 .../service/backends/deploy.bicep | 0 .../service/backends/readme.md | 0 .../service/backends/version.json | 0 .../service/caches/deploy.bicep | 0 .../service/caches/readme.md | 0 .../service/caches/version.json | 0 .../service/deploy.bicep | 0 .../service/identityProviders/deploy.bicep | 0 .../service/identityProviders/readme.md | 0 .../service/identityProviders/version.json | 0 .../service/namedValues/deploy.bicep | 0 .../service/namedValues/readme.md | 0 .../service/namedValues/version.json | 0 .../service/policies/deploy.bicep | 0 .../service/policies/readme.md | 0 .../service/policies/version.json | 0 .../service/portalsettings/deploy.bicep | 0 .../service/portalsettings/readme.md | 0 .../service/portalsettings/version.json | 0 .../service/products/apis/deploy.bicep | 0 .../service/products/apis/readme.md | 0 .../service/products/apis/version.json | 0 .../service/products/deploy.bicep | 0 .../service/products/groups/deploy.bicep | 0 .../service/products/groups/readme.md | 0 .../service/products/groups/version.json | 0 .../service/products/readme.md | 0 .../service/products/version.json | 0 .../Microsoft.ApiManagement/service/readme.md | 0 .../service/subscriptions/deploy.bicep | 0 .../service/subscriptions/readme.md | 0 .../service/subscriptions/version.json | 0 .../service/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../.parameters}/parameters.json | 0 .../configurationStores/deploy.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../keyValues/deploy.bicep | 0 .../configurationStores/keyValues/readme.md | 0 .../keyValues/version.json | 0 .../configurationStores/readme.md | 0 .../configurationStores/version.json | 0 .../locks/.parameters}/rg.parameters.json | 0 .../locks/deploy.bicep | 0 .../Microsoft.Authorization/locks/readme.md | 0 .../locks/resourceGroup/deploy.bicep | 0 .../locks/resourceGroup/readme.md | 0 .../locks/resourceGroup/version.json | 0 .../locks/subscription/deploy.bicep | 0 .../locks/subscription/readme.md | 0 .../locks/subscription/version.json | 0 .../locks/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/rg.min.parameters.json | 0 .../.parameters}/rg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../policyAssignments/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyAssignments/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../policyAssignments/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../subscription/deploy.bicep | 0 .../policyAssignments/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyAssignments/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../policyDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyDefinitions/readme.md | 2 +- .../subscription/deploy.bicep | 0 .../policyDefinitions/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyDefinitions/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/rg.min.parameters.json | 0 .../.parameters}/rg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../policyExemptions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policyExemptions/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../policyExemptions/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../subscription/deploy.bicep | 0 .../policyExemptions/subscription/readme.md | 0 .../subscription/version.json | 0 .../policyExemptions/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../policySetDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../policySetDefinitions/readme.md | 2 +- .../subscription/deploy.bicep | 0 .../subscription/readme.md | 0 .../subscription/version.json | 0 .../policySetDefinitions/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/rg.min.parameters.json | 0 .../.parameters}/rg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../roleAssignments/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../roleAssignments/managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../roleAssignments/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../roleAssignments/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../roleAssignments/subscription/deploy.bicep | 0 .../roleAssignments/subscription/readme.md | 0 .../roleAssignments/subscription/version.json | 0 .../roleAssignments/version.json | 0 .../.parameters}/mg.min.parameters.json | 0 .../.parameters}/mg.parameters.json | 0 .../.parameters}/rg.min.parameters.json | 0 .../.parameters}/rg.parameters.json | 0 .../.parameters}/sub.min.parameters.json | 0 .../.parameters}/sub.parameters.json | 0 .../roleDefinitions/deploy.bicep | 0 .../managementGroup/deploy.bicep | 0 .../roleDefinitions/managementGroup/readme.md | 0 .../managementGroup/version.json | 0 .../roleDefinitions/readme.md | 2 +- .../resourceGroup/deploy.bicep | 0 .../roleDefinitions/resourceGroup/readme.md | 0 .../resourceGroup/version.json | 0 .../roleDefinitions/subscription/deploy.bicep | 0 .../roleDefinitions/subscription/readme.md | 0 .../roleDefinitions/subscription/version.json | 0 .../roleDefinitions/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/encr.parameters.json | 0 .../.parameters}/min.parameters.json | 0 .../.parameters}/parameters.json | 0 .../automationAccounts/deploy.bicep | 0 .../jobSchedules/deploy.bicep | 0 .../automationAccounts/jobSchedules/readme.md | 0 .../jobSchedules/version.json | 0 .../automationAccounts/modules/deploy.bicep | 2 +- .../automationAccounts/modules/readme.md | 2 +- .../automationAccounts/modules/version.json | 0 .../automationAccounts/readme.md | 0 .../automationAccounts/runbooks/deploy.bicep | 0 .../automationAccounts/runbooks/readme.md | 0 .../automationAccounts/runbooks/version.json | 0 .../automationAccounts/schedules/deploy.bicep | 0 .../automationAccounts/schedules/readme.md | 0 .../automationAccounts/schedules/version.json | 0 .../softwareUpdateConfigurations/deploy.bicep | 0 .../softwareUpdateConfigurations/readme.md | 0 .../softwareUpdateConfigurations/version.json | 0 .../automationAccounts/variables/deploy.bicep | 0 .../automationAccounts/variables/readme.md | 0 .../automationAccounts/variables/version.json | 0 .../automationAccounts/version.json | 0 .../.parameters}/min.parameters.json | 0 .../.parameters}/parameters.json | 0 .../batchAccounts/deploy.bicep | 0 .../Microsoft.Batch/batchAccounts/readme.md | 0 .../batchAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/encr.parameters.json | 0 .../accounts/.parameters}/min.parameters.json | 0 .../accounts/.parameters}/parameters.json | 0 .../.parameters}/speech.parameters.json | 0 .../accounts/deploy.bicep | 0 .../accounts/readme.md | 0 .../accounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../.parameters}/parameters.json | 0 .../availabilitySets/deploy.bicep | 0 .../availabilitySets/readme.md | 0 .../availabilitySets/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/parameters.json | 0 .../diskEncryptionSets/deploy.bicep | 0 .../diskEncryptionSets/readme.md | 0 .../diskEncryptionSets/version.json | 0 .../disks/.bicep/nested_roleAssignments.bicep | 0 .../disks/.parameters}/image.parameters.json | 0 .../disks/.parameters}/import.parameters.json | 0 .../disks/.parameters}/min.parameters.json | 0 .../disks/.parameters}/parameters.json | 0 .../Microsoft.Compute/disks/deploy.bicep | 0 .../Microsoft.Compute/disks/readme.md | 0 .../Microsoft.Compute/disks/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/images.parameters.json | 0 .../galleries/.parameters}/parameters.json | 0 .../Microsoft.Compute/galleries/deploy.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../galleries/images/deploy.bicep | 0 .../galleries/images/readme.md | 0 .../galleries/images/version.json | 0 .../Microsoft.Compute/galleries/readme.md | 0 .../Microsoft.Compute/galleries/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../images/.parameters}/parameters.json | 0 .../Microsoft.Compute/images/deploy.bicep | 0 .../Microsoft.Compute/images/readme.md | 0 .../Microsoft.Compute/images/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/parameters.json | 0 .../proximityPlacementGroups/deploy.bicep | 0 .../proximityPlacementGroups/readme.md | 0 .../proximityPlacementGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/linux.min.parameters.json | 0 .../.parameters}/linux.parameters.json | 0 .../.parameters}/windows.min.parameters.json | 0 .../.parameters}/windows.parameters.json | 0 .../virtualMachineScaleSets/deploy.bicep | 0 .../extensions/deploy.bicep | 0 .../extensions/readme.md | 0 .../extensions/version.json | 0 .../virtualMachineScaleSets/readme.md | 0 .../virtualMachineScaleSets/version.json | 0 .../.bicep/nested_networkInterface.bicep | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/linux.autmg.parameters.json | 0 .../.parameters}/linux.min.parameters.json | 0 .../.parameters}/linux.parameters.json | 0 .../windows.autmg.parameters.json | 0 .../.parameters}/windows.min.parameters.json | 0 .../.parameters}/windows.parameters.json | 0 .../virtualMachines/deploy.bicep | 0 .../virtualMachines/extensions/deploy.bicep | 0 .../virtualMachines/extensions/readme.md | 0 .../virtualMachines/extensions/version.json | 0 .../virtualMachines/readme.md | 0 .../virtualMachines/version.json | 0 .../budgets/.parameters}/parameters.json | 0 .../budgets/deploy.bicep | 0 .../Microsoft.Consumption/budgets/readme.md | 0 .../budgets/version.json | 0 .../.parameters}/parameters.json | 0 .../containerGroups/deploy.bicep | 0 .../containerGroups/readme.md | 0 .../containerGroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/encr.parameters.json | 0 .../.parameters}/min.parameters.json | 0 .../registries/.parameters}/parameters.json | 0 .../registries/deploy.bicep | 0 .../registries/readme.md | 0 .../registries/replications/deploy.bicep | 0 .../registries/replications/readme.md | 0 .../registries/replications/version.json | 0 .../registries/version.json | 0 .../registries/webhooks/deploy.bicep | 0 .../registries/webhooks/readme.md | 0 .../registries/webhooks/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/azure.parameters.json | 0 .../.parameters}/kubenet.parameters.json | 0 .../managedClusters/agentPools/deploy.bicep | 0 .../managedClusters/agentPools/readme.md | 0 .../managedClusters/agentPools/version.json | 0 .../managedClusters/deploy.bicep | 0 .../managedClusters/readme.md | 0 .../managedClusters/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../factories/.parameters}/parameters.json | 0 .../factories/deploy.bicep | 0 .../factories/integrationRuntime/deploy.bicep | 0 .../factories/integrationRuntime/readme.md | 0 .../factories/integrationRuntime/version.json | 0 .../managedVirtualNetwork/deploy.bicep | 0 .../factories/managedVirtualNetwork/readme.md | 0 .../managedVirtualNetwork/version.json | 0 .../Microsoft.DataFactory/factories/readme.md | 0 .../factories/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 6 +- .../.parameters}/min.parameters.json | 0 .../backupVaults/.parameters}/parameters.json | 0 .../backupVaults/backupPolicies/deploy.bicep | 0 .../backupVaults/backupPolicies/readme.md | 0 .../backupVaults/backupPolicies/version.json | 0 .../backupVaults/deploy.bicep | 0 .../backupVaults/readme.md | 0 .../backupVaults/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../workspaces/.parameters}/parameters.json | 0 .../workspaces/deploy.bicep | 0 .../Microsoft.Databricks/workspaces/readme.md | 0 .../workspaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../.parameters}/parameters.json | 0 .../applications/deploy.bicep | 0 .../applicationgroups/applications/readme.md | 0 .../applications/version.json | 0 .../applicationgroups/deploy.bicep | 0 .../applicationgroups/readme.md | 0 .../applicationgroups/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../hostpools/.parameters}/parameters.json | 0 .../hostpools/deploy.bicep | 0 .../hostpools/readme.md | 0 .../hostpools/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../scalingplans/deploy.bicep | 0 .../scalingplans/readme.md | 0 .../scalingplans/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../workspaces/.parameters}/parameters.json | 0 .../workspaces/deploy.bicep | 0 .../workspaces/readme.md | 0 .../workspaces/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/mongodb.parameters.json | 0 .../.parameters}/plain.parameters.json | 0 .../.parameters}/sqldb.parameters.json | 0 .../databaseAccounts/deploy.bicep | 0 .../mongodbDatabases/collections/deploy.bicep | 0 .../mongodbDatabases/collections/readme.md | 0 .../mongodbDatabases/collections/version.json | 0 .../mongodbDatabases/deploy.bicep | 0 .../mongodbDatabases/readme.md | 0 .../mongodbDatabases/version.json | 0 .../databaseAccounts/readme.md | 0 .../sqlDatabases/containers/deploy.bicep | 0 .../sqlDatabases/containers/readme.md | 0 .../sqlDatabases/containers/version.json | 0 .../sqlDatabases/deploy.bicep | 0 .../databaseAccounts/sqlDatabases/readme.md | 0 .../sqlDatabases/version.json | 0 .../databaseAccounts/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../systemTopics/.parameters}/parameters.json | 0 .../systemTopics/deploy.bicep | 0 .../systemTopics/readme.md | 0 .../systemTopics/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../topics/.parameters}/parameters.json | 0 .../Microsoft.EventGrid/topics/deploy.bicep | 0 .../Microsoft.EventGrid/topics/readme.md | 0 .../Microsoft.EventGrid/topics/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../.parameters}/min.parameters.json | 0 .../namespaces/.parameters}/parameters.json | 0 .../authorizationRules/deploy.bicep | 0 .../namespaces/authorizationRules/readme.md | 0 .../authorizationRules/version.json | 0 .../namespaces/deploy.bicep | 0 .../disasterRecoveryConfigs/deploy.bicep | 0 .../disasterRecoveryConfigs/readme.md | 0 .../disasterRecoveryConfigs/version.json | 0 .../.bicep/nested_roleAssignments.bicep | 0 .../eventhubs/authorizationRules/deploy.bicep | 0 .../eventhubs/authorizationRules/readme.md | 0 .../eventhubs/authorizationRules/version.json | 0 .../eventhubs/consumergroups/deploy.bicep | 0 .../eventhubs/consumergroups/readme.md | 0 .../eventhubs/consumergroups/version.json | 0 .../namespaces/eventhubs/deploy.bicep | 0 .../namespaces/eventhubs/readme.md | 0 .../namespaces/eventhubs/version.json | 0 .../linux.prefix.parameter.json | 67 - .../linux.vmnames.parameter.json | 65 - .../namespaces/networkRuleSets/deploy.bicep | 69 - .../namespaces/networkRuleSets/readme.md | 83 - .../namespaces/networkRuleSets/version.json | 4 - .../Microsoft.EventHub/namespaces/readme.md | 596 ------- .../namespaces/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/parameters.json | 22 - .../healthBots/deploy.bicep | 79 - .../Microsoft.HealthBot/healthBots/readme.md | 205 --- .../healthBots/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 54 - .../.deploymentTests/parameters.json | 45 - .../actionGroups/deploy.bicep | 105 -- .../Microsoft.Insights/actionGroups/readme.md | 333 ---- .../actionGroups/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 54 - .../.deploymentTests/parameters.json | 47 - .../activityLogAlerts/deploy.bicep | 88 - .../activityLogAlerts/readme.md | 499 ------ .../activityLogAlerts/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 57 - .../.deploymentTests/parameters.json | 22 - .../components/deploy.bicep | 116 -- .../Microsoft.Insights/components/readme.md | 209 --- .../components/version.json | 4 - .../.deploymentTests/parameters.json | 24 - .../diagnosticSettings/deploy.bicep | 93 - .../diagnosticSettings/readme.md | 98 - .../diagnosticSettings/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 57 - .../.deploymentTests/parameters.json | 49 - .../metricAlerts/deploy.bicep | 143 -- .../Microsoft.Insights/metricAlerts/readme.md | 478 ----- .../metricAlerts/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/parameters.json | 38 - .../privateLinkScopes/deploy.bicep | 112 -- .../privateLinkScopes/readme.md | 314 ---- .../scopedResources/deploy.bicep | 46 - .../scopedResources/readme.md | 42 - .../scopedResources/version.json | 4 - .../privateLinkScopes/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 71 - .../scheduledQueryRules/deploy.bicep | 129 -- .../scheduledQueryRules/readme.md | 300 ---- .../scheduledQueryRules/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 62 - .../.deploymentTests/min.parameters.json | 5 - .../vaults/.deploymentTests/parameters.json | 133 -- .../vaults/accessPolicies/deploy.bicep | 51 - .../vaults/accessPolicies/readme.md | 97 - .../vaults/accessPolicies/version.json | 4 - .../Microsoft.KeyVault/vaults/deploy.bicep | 331 ---- .../keys/.bicep/nested_roleAssignments.bicep | 61 - .../vaults/keys/deploy.bicep | 109 -- .../Microsoft.KeyVault/vaults/keys/readme.md | 151 -- .../vaults/keys/version.json | 4 - modules/Microsoft.KeyVault/vaults/readme.md | 669 ------- .../.bicep/nested_roleAssignments.bicep | 60 - .../vaults/secrets/deploy.bicep | 82 - .../vaults/secrets/readme.md | 149 -- .../vaults/secrets/version.json | 4 - .../Microsoft.KeyVault/vaults/version.json | 4 - .../.deploymentTests/min.parameters.json | 21 - .../.deploymentTests/parameters.json | 34 - .../extensions/deploy.bicep | 78 - .../extensions/readme.md | 191 -- .../extensions/version.json | 4 - .../.deploymentTests/min.parameters.json | 32 - .../.deploymentTests/parameters.json | 44 - .../fluxConfigurations/deploy.bicep | 83 - .../fluxConfigurations/readme.md | 234 --- .../fluxConfigurations/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/parameters.json | 78 - .../Microsoft.Logic/workflows/deploy.bicep | 235 --- modules/Microsoft.Logic/workflows/readme.md | 466 ----- .../Microsoft.Logic/workflows/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 54 - .../.deploymentTests/min.parameters.json | 24 - .../.deploymentTests/parameters.json | 119 -- .../workspaces/computes/deploy.bicep | 139 -- .../workspaces/computes/readme.md | 162 -- .../workspaces/computes/version.json | 4 - .../workspaces/deploy.bicep | 308 ---- .../workspaces/readme.md | 664 ------- .../workspaces/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 22 - .../userAssignedIdentities/deploy.bicep | 75 - .../userAssignedIdentities/readme.md | 201 --- .../userAssignedIdentities/version.json | 4 - .../nested_registrationAssignment.bicep | 15 - .../.deploymentTests/parameters.json | 34 - .../.deploymentTests/rg.parameters.json | 37 - .../registrationDefinitions/deploy.bicep | 75 - .../registrationDefinitions/readme.md | 330 ---- .../registrationDefinitions/version.json | 4 - .../.deploymentTests/parameters.json | 15 - .../managementGroups/deploy.bicep | 48 - .../managementGroups/readme.md | 168 -- .../managementGroups/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/nfs3.parameters.json | 99 -- .../.deploymentTests/nfs41.parameters.json | 106 -- .../.bicep/nested_roleAssignments.bicep | 53 - .../netAppAccounts/capacityPools/deploy.bicep | 115 -- .../netAppAccounts/capacityPools/readme.md | 152 -- .../netAppAccounts/capacityPools/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../capacityPools/volumes/deploy.bicep | 100 -- .../capacityPools/volumes/readme.md | 111 -- .../capacityPools/volumes/version.json | 4 - .../netAppAccounts/deploy.bicep | 126 -- .../Microsoft.NetApp/netAppAccounts/readme.md | 623 ------- .../netAppAccounts/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 61 - .../.deploymentTests/parameters.json | 367 ---- .../applicationGateways/deploy.bicep | 366 ---- .../applicationGateways/readme.md | 933 ---------- .../applicationGateways/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 60 - .../.deploymentTests/parameters.json | 22 - .../applicationSecurityGroups/deploy.bicep | 73 - .../applicationSecurityGroups/readme.md | 204 --- .../applicationSecurityGroups/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 60 - .../.deploymentTests/addpip.parameters.json | 20 - .../custompip.parameters.json | 37 - .../.deploymentTests/min.parameters.json | 12 - .../.deploymentTests/parameters.json | 135 -- .../azureFirewalls/deploy.bicep | 307 ---- .../azureFirewalls/readme.md | 746 -------- .../azureFirewalls/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 60 - .../.deploymentTests/addpip.parameters.json | 20 - .../custompip.parameters.json | 37 - .../.deploymentTests/min.parameters.json | 12 - .../.deploymentTests/parameters.json | 49 - .../bastionHosts/deploy.bicep | 229 --- .../Microsoft.Network/bastionHosts/readme.md | 560 ------ .../bastionHosts/version.json | 4 - .../vnet2vnet.parameters.json | 39 - .../connections/deploy.bicep | 128 -- .../Microsoft.Network/connections/readme.md | 387 ---- .../connections/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 22 - .../ddosProtectionPlans/deploy.bicep | 74 - .../ddosProtectionPlans/readme.md | 204 --- .../ddosProtectionPlans/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 52 - .../expressRouteCircuits/deploy.bicep | 223 --- .../expressRouteCircuits/readme.md | 266 --- .../expressRouteCircuits/version.json | 4 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 49 - .../firewallPolicies/deploy.bicep | 184 -- .../firewallPolicies/readme.md | 287 --- .../ruleCollectionGroups/deploy.bicep | 48 - .../ruleCollectionGroups/readme.md | 43 - .../ruleCollectionGroups/version.json | 4 - .../firewallPolicies/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/parameters.json | 115 -- .../Microsoft.Network/frontDoors/deploy.bicep | 178 -- .../Microsoft.Network/frontDoors/readme.md | 395 ----- .../Microsoft.Network/frontDoors/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../ipGroups/.deploymentTests/parameters.json | 28 - .../Microsoft.Network/ipGroups/deploy.bicep | 79 - modules/Microsoft.Network/ipGroups/readme.md | 215 --- .../Microsoft.Network/ipGroups/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 59 - .../.deploymentTests/internal.parameters.json | 101 -- .../.deploymentTests/min.parameters.json | 17 - .../.deploymentTests/parameters.json | 129 -- .../backendAddressPools/deploy.bicep | 48 - .../backendAddressPools/readme.md | 43 - .../backendAddressPools/version.json | 4 - .../loadBalancers/deploy.bicep | 273 --- .../inboundNatRules/deploy.bicep | 97 - .../loadBalancers/inboundNatRules/readme.md | 51 - .../inboundNatRules/version.json | 4 - .../Microsoft.Network/loadBalancers/readme.md | 956 ---------- .../loadBalancers/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 36 - .../localNetworkGateways/deploy.bicep | 105 -- .../localNetworkGateways/readme.md | 230 --- .../localNetworkGateways/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 40 - .../natGateways/deploy.bicep | 217 --- .../Microsoft.Network/natGateways/readme.md | 246 --- .../natGateways/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 63 - .../.deploymentTests/min.parameters.json | 17 - .../.deploymentTests/parameters.json | 55 - .../networkInterfaces/deploy.bicep | 168 -- .../networkInterfaces/readme.md | 342 ---- .../networkInterfaces/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 58 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 103 -- .../networkSecurityGroups/deploy.bicep | 174 -- .../networkSecurityGroups/readme.md | 400 ----- .../securityRules/deploy.bicep | 117 -- .../securityRules/readme.md | 56 - .../securityRules/version.json | 4 - .../networkSecurityGroups/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 92 - .../connectionMonitors/deploy.bicep | 76 - .../connectionMonitors/readme.md | 81 - .../connectionMonitors/version.json | 4 - .../networkWatchers/deploy.bicep | 112 -- .../networkWatchers/flowLogs/deploy.bicep | 105 -- .../networkWatchers/flowLogs/readme.md | 89 - .../networkWatchers/flowLogs/version.json | 4 - .../networkWatchers/readme.md | 382 ---- .../networkWatchers/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 198 --- .../A/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/A/deploy.bicep | 66 - .../privateDnsZones/A/readme.md | 105 -- .../privateDnsZones/A/version.json | 4 - .../AAAA/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/AAAA/deploy.bicep | 66 - .../privateDnsZones/AAAA/readme.md | 105 -- .../privateDnsZones/AAAA/version.json | 4 - .../CNAME/.bicep/nested_roleAssignments.bicep | 58 - .../privateDnsZones/CNAME/deploy.bicep | 66 - .../privateDnsZones/CNAME/readme.md | 105 -- .../privateDnsZones/CNAME/version.json | 4 - .../MX/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/MX/deploy.bicep | 66 - .../privateDnsZones/MX/readme.md | 105 -- .../privateDnsZones/MX/version.json | 4 - .../PTR/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/PTR/deploy.bicep | 66 - .../privateDnsZones/PTR/readme.md | 105 -- .../privateDnsZones/PTR/version.json | 4 - .../SOA/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/SOA/deploy.bicep | 66 - .../privateDnsZones/SOA/readme.md | 105 -- .../privateDnsZones/SOA/version.json | 4 - .../SRV/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/SRV/deploy.bicep | 66 - .../privateDnsZones/SRV/readme.md | 105 -- .../privateDnsZones/SRV/version.json | 4 - .../TXT/.bicep/nested_roleAssignments.bicep | 56 - .../privateDnsZones/TXT/deploy.bicep | 66 - .../privateDnsZones/TXT/readme.md | 138 -- .../privateDnsZones/TXT/version.json | 4 - .../privateDnsZones/deploy.bicep | 218 --- .../privateDnsZones/readme.md | 592 ------- .../privateDnsZones/version.json | 4 - .../virtualNetworkLinks/deploy.bicep | 61 - .../virtualNetworkLinks/readme.md | 87 - .../virtualNetworkLinks/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/min.parameters.json | 20 - .../.deploymentTests/parameters.json | 42 - .../privateEndpoints/deploy.bicep | 117 -- .../privateDnsZoneGroups/deploy.bicep | 51 - .../privateDnsZoneGroups/readme.md | 42 - .../privateDnsZoneGroups/version.json | 4 - .../privateEndpoints/readme.md | 305 ---- .../privateEndpoints/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 59 - .../.deploymentTests/parameters.json | 50 - .../publicIPAddresses/deploy.bicep | 197 --- .../publicIPAddresses/readme.md | 258 --- .../publicIPAddresses/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 25 - .../publicIPPrefixes/deploy.bicep | 85 - .../publicIPPrefixes/readme.md | 209 --- .../publicIPPrefixes/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/parameters.json | 34 - .../routeTables/deploy.bicep | 82 - .../Microsoft.Network/routeTables/readme.md | 317 ---- .../routeTables/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/parameters.json | 40 - .../trafficmanagerprofiles/deploy.bicep | 191 -- .../trafficmanagerprofiles/readme.md | 333 ---- .../trafficmanagerprofiles/version.json | 4 - .../.deploymentTests/min.parameters.json | 15 - .../.deploymentTests/parameters.json | 48 - .../virtualHubs/deploy.bicep | 178 -- .../virtualHubs/hubRouteTables/deploy.bicep | 48 - .../virtualHubs/hubRouteTables/readme.md | 43 - .../virtualHubs/hubRouteTables/version.json | 4 - .../hubVirtualNetworkConnections/deploy.bicep | 54 - .../hubVirtualNetworkConnections/readme.md | 48 - .../hubVirtualNetworkConnections/version.json | 4 - .../Microsoft.Network/virtualHubs/readme.md | 252 --- .../virtualHubs/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../expressRoute.parameters.json | 61 - .../.deploymentTests/vpn.parameters.json | 62 - .../virtualNetworkGateways/deploy.bicep | 411 ----- .../virtualNetworkGateways/readme.md | 471 ----- .../virtualNetworkGateways/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 70 - .../.deploymentTests/min.parameters.json | 14 - .../.deploymentTests/parameters.json | 96 - .../vnetPeering.parameters.json | 52 - .../virtualNetworks/deploy.bicep | 265 --- .../virtualNetworks/readme.md | 689 -------- .../.bicep/nested_roleAssignments.bicep | 70 - .../virtualNetworks/subnets/deploy.bicep | 124 -- .../virtualNetworks/subnets/readme.md | 192 -- .../virtualNetworks/subnets/version.json | 4 - .../virtualNetworks/version.json | 4 - .../virtualNetworkPeerings/deploy.bicep | 66 - .../virtualNetworkPeerings/readme.md | 54 - .../virtualNetworkPeerings/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 34 - .../virtualWans/deploy.bicep | 94 - .../Microsoft.Network/virtualWans/readme.md | 260 --- .../virtualWans/version.json | 4 - .../.deploymentTests/min.parameters.json | 12 - .../.deploymentTests/parameters.json | 68 - .../vpnGateways/connections/deploy.bicep | 102 -- .../vpnGateways/connections/readme.md | 112 -- .../vpnGateways/connections/version.json | 4 - .../vpnGateways/deploy.bicep | 124 -- .../vpnGateways/natRules/deploy.bicep | 70 - .../vpnGateways/natRules/readme.md | 46 - .../vpnGateways/natRules/version.json | 4 - .../Microsoft.Network/vpnGateways/readme.md | 355 ---- .../vpnGateways/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 37 - .../.deploymentTests/min.parameters.json | 20 - .../vpnSites/.deploymentTests/parameters.json | 77 - .../Microsoft.Network/vpnSites/deploy.bicep | 108 -- modules/Microsoft.Network/vpnSites/readme.md | 529 ------ .../Microsoft.Network/vpnSites/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 60 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 171 -- .../workspaces/dataSources/deploy.bicep | 102 -- .../workspaces/dataSources/readme.md | 95 - .../workspaces/dataSources/version.json | 4 - .../workspaces/deploy.bicep | 283 --- .../workspaces/linkedServices/deploy.bicep | 52 - .../workspaces/linkedServices/readme.md | 85 - .../workspaces/linkedServices/version.json | 4 - .../workspaces/readme.md | 807 --------- .../workspaces/savedSearches/deploy.bicep | 73 - .../workspaces/savedSearches/readme.md | 90 - .../workspaces/savedSearches/version.json | 4 - .../storageInsightConfigs/deploy.bicep | 63 - .../storageInsightConfigs/readme.md | 86 - .../storageInsightConfigs/version.json | 4 - .../workspaces/version.json | 4 - .../.deploymentTests/min.parameters.json | 12 - .../.deploymentTests/ms.parameters.json | 18 - .../.deploymentTests/nonms.parameters.json | 18 - .../solutions/deploy.bicep | 63 - .../solutions/readme.md | 180 -- .../solutions/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 60 - .../.deploymentTests/dr.parameters.json | 68 - .../.deploymentTests/min.parameters.json | 9 - .../vaults/.deploymentTests/parameters.json | 289 --- .../vaults/backupConfig/deploy.bicep | 88 - .../vaults/backupConfig/readme.md | 43 - .../vaults/backupConfig/version.json | 4 - .../vaults/backupPolicies/deploy.bicep | 42 - .../vaults/backupPolicies/readme.md | 224 --- .../vaults/backupPolicies/version.json | 4 - .../vaults/backupStorageConfig/deploy.bicep | 54 - .../vaults/backupStorageConfig/readme.md | 38 - .../vaults/backupStorageConfig/version.json | 4 - .../vaults/deploy.bicep | 288 --- .../vaults/protectionContainers/deploy.bicep | 98 - .../protectedItems/deploy.bicep | 66 - .../protectedItems/readme.md | 46 - .../protectedItems/version.json | 4 - .../vaults/protectionContainers/readme.md | 48 - .../vaults/protectionContainers/version.json | 4 - .../vaults/readme.md | 1572 ----------------- .../vaults/replicationFabrics/deploy.bicep | 61 - .../vaults/replicationFabrics/readme.md | 98 - .../deploy.bicep | 67 - .../replicationProtectionContainers/readme.md | 93 - .../deploy.bicep | 65 - .../readme.md | 46 - .../version.json | 4 - .../version.json | 4 - .../vaults/replicationFabrics/version.json | 4 - .../vaults/replicationPolicies/deploy.bicep | 57 - .../vaults/replicationPolicies/readme.md | 47 - .../vaults/replicationPolicies/version.json | 4 - .../vaults/version.json | 4 - .../.deploymentTests/cli.parameters.json | 35 - .../.deploymentTests/ps.parameters.json | 38 - .../deploymentScripts/deploy.bicep | 139 -- .../deploymentScripts/readme.md | 290 --- .../deploymentScripts/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 208 --- .../.deploymentTests/parameters.json | 27 - .../resourceGroups/deploy.bicep | 74 - .../resourceGroups/readme.md | 216 --- .../resourceGroups/version.json | 4 - .../tags/.deploymentTests/min.parameters.json | 5 - .../tags/.deploymentTests/rg.parameters.json | 18 - .../tags/.deploymentTests/sub.parameters.json | 15 - modules/Microsoft.Resources/tags/deploy.bicep | 63 - modules/Microsoft.Resources/tags/readme.md | 208 --- .../tags/resourceGroups/.bicep/readTags.bicep | 9 - .../tags/resourceGroups/deploy.bicep | 48 - .../tags/resourceGroups/readme.md | 76 - .../tags/resourceGroups/version.json | 4 - .../tags/subscriptions/.bicep/readTags.bicep | 11 - .../tags/subscriptions/deploy.bicep | 51 - .../tags/subscriptions/readme.md | 76 - .../tags/subscriptions/version.json | 4 - modules/Microsoft.Resources/tags/version.json | 4 - .../.bicep/nested_iotSecuritySolutions.bicep | 16 - .../.deploymentTests/parameters.json | 20 - .../azureSecurityCenter/deploy.bicep | 247 --- .../azureSecurityCenter/readme.md | 151 -- .../azureSecurityCenter/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/min.parameters.json | 5 - .../.deploymentTests/parameters.json | 167 -- .../authorizationRules/deploy.bicep | 51 - .../namespaces/authorizationRules/readme.md | 42 - .../authorizationRules/version.json | 4 - .../namespaces/deploy.bicep | 356 ---- .../disasterRecoveryConfigs/deploy.bicep | 50 - .../disasterRecoveryConfigs/readme.md | 39 - .../disasterRecoveryConfigs/version.json | 4 - .../namespaces/ipFilterRules/deploy.bicep | 58 - .../namespaces/ipFilterRules/readme.md | 44 - .../namespaces/ipFilterRules/version.json | 4 - .../migrationConfigurations/deploy.bicep | 50 - .../migrationConfigurations/readme.md | 43 - .../migrationConfigurations/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../queues/authorizationRules/deploy.bicep | 56 - .../queues/authorizationRules/readme.md | 43 - .../queues/authorizationRules/version.json | 4 - .../namespaces/queues/deploy.bicep | 161 -- .../namespaces/queues/readme.md | 118 -- .../namespaces/queues/version.json | 4 - .../Microsoft.ServiceBus/namespaces/readme.md | 640 ------- .../.bicep/nested_roleAssignments.bicep | 56 - .../topics/authorizationRules/deploy.bicep | 56 - .../topics/authorizationRules/readme.md | 43 - .../topics/authorizationRules/version.json | 4 - .../namespaces/topics/deploy.bicep | 157 -- .../namespaces/topics/readme.md | 117 -- .../namespaces/topics/version.json | 4 - .../namespaces/version.json | 4 - .../virtualNetworkRules/deploy.bicep | 46 - .../namespaces/virtualNetworkRules/readme.md | 42 - .../virtualNetworkRules/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/cert.parameters.json | 40 - .../.deploymentTests/full.parameters.json | 208 --- .../.deploymentTests/min.parameters.json | 34 - .../clusters/applicationTypes/deploy.bicep | 42 - .../clusters/applicationTypes/readme.md | 79 - .../clusters/applicationTypes/version.json | 4 - .../clusters/deploy.bicep | 328 ---- .../clusters/readme.md | 797 --------- .../clusters/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 56 - .../.deploymentTests/parameters.json | 150 -- .../administrators/deploy.bicep | 53 - .../managedInstances/administrators/readme.md | 44 - .../administrators/version.json | 4 - .../deploy.bicep | 63 - .../backupLongTermRetentionPolicies/readme.md | 46 - .../version.json | 4 - .../deploy.bicep | 51 - .../readme.md | 44 - .../version.json | 4 - .../managedInstances/databases/deploy.bicep | 203 --- .../managedInstances/databases/readme.md | 113 -- .../managedInstances/databases/version.json | 4 - .../managedInstances/deploy.bicep | 387 ---- .../encryptionProtector/deploy.bicep | 56 - .../encryptionProtector/readme.md | 44 - .../encryptionProtector/version.json | 4 - .../managedInstances/keys/deploy.bicep | 58 - .../managedInstances/keys/readme.md | 39 - .../managedInstances/keys/version.json | 4 - .../Microsoft.Sql/managedInstances/readme.md | 528 ------ .../securityAlertPolicies/deploy.bicep | 52 - .../securityAlertPolicies/readme.md | 43 - .../securityAlertPolicies/version.json | 4 - .../managedInstances/version.json | 4 - .../vulnerabilityAssessments/deploy.bicep | 59 - .../vulnerabilityAssessments/readme.md | 45 - .../vulnerabilityAssessments/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 57 - .../.deploymentTests/admin.parameters.json | 18 - .../servers/.deploymentTests/parameters.json | 106 -- .../servers/databases/deploy.bicep | 230 --- .../Microsoft.Sql/servers/databases/readme.md | 111 -- .../servers/databases/version.json | 4 - modules/Microsoft.Sql/servers/deploy.bicep | 227 --- .../servers/firewallRules/deploy.bicep | 48 - .../servers/firewallRules/readme.md | 43 - .../servers/firewallRules/version.json | 4 - modules/Microsoft.Sql/servers/readme.md | 571 ------ .../securityAlertPolicies/deploy.bicep | 73 - .../servers/securityAlertPolicies/readme.md | 48 - .../securityAlertPolicies/version.json | 4 - modules/Microsoft.Sql/servers/version.json | 4 - .../vulnerabilityAssessments/deploy.bicep | 59 - .../vulnerabilityAssessments/readme.md | 41 - .../vulnerabilityAssessments/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 80 - .../.deploymentTests/encr.parameters.json | 38 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/nfs.parameters.json | 64 - .../.deploymentTests/parameters.json | 192 -- .../.deploymentTests/v1.parameters.json | 12 - .../.bicep/nested_roleAssignments.bicep | 71 - .../blobServices/containers/deploy.bicep | 91 - .../immutabilityPolicies/deploy.bicep | 63 - .../containers/immutabilityPolicies/readme.md | 41 - .../immutabilityPolicies/version.json | 4 - .../blobServices/containers/readme.md | 107 -- .../blobServices/containers/version.json | 4 - .../storageAccounts/blobServices/deploy.bicep | 145 -- .../storageAccounts/blobServices/readme.md | 53 - .../storageAccounts/blobServices/version.json | 4 - .../storageAccounts/deploy.bicep | 404 ----- .../storageAccounts/fileServices/deploy.bicep | 143 -- .../storageAccounts/fileServices/readme.md | 51 - .../.bicep/nested_roleAssignments.bicep | 80 - .../fileServices/shares/deploy.bicep | 83 - .../fileServices/shares/readme.md | 106 -- .../fileServices/shares/version.json | 4 - .../storageAccounts/fileServices/version.json | 4 - .../managementPolicies/deploy.bicep | 48 - .../managementPolicies/readme.md | 123 -- .../managementPolicies/version.json | 4 - .../queueServices/deploy.bicep | 129 -- .../.bicep/nested_roleAssignments.bicep | 77 - .../queueServices/queues/deploy.bicep | 66 - .../queueServices/queues/readme.md | 104 -- .../queueServices/queues/version.json | 4 - .../storageAccounts/queueServices/readme.md | 49 - .../queueServices/version.json | 4 - .../storageAccounts/readme.md | 1001 ----------- .../tableServices/deploy.bicep | 127 -- .../storageAccounts/tableServices/readme.md | 48 - .../tableServices/tables/deploy.bicep | 46 - .../tableServices/tables/readme.md | 42 - .../tableServices/tables/version.json | 4 - .../tableServices/version.json | 4 - .../storageAccounts/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 36 - .../privateLinkHubs/deploy.bicep | 100 -- .../privateLinkHubs/readme.md | 346 ---- .../privateLinkHubs/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 53 - .../.deploymentTests/parameters.json | 69 - .../imageTemplates/deploy.bicep | 191 -- .../imageTemplates/readme.md | 389 ---- .../imageTemplates/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/parameters.json | 30 - .../Microsoft.Web/connections/deploy.bicep | 106 -- modules/Microsoft.Web/connections/readme.md | 224 --- .../Microsoft.Web/connections/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 54 - .../.deploymentTests/asev2.parameters.json | 54 - .../.deploymentTests/asev3.parameters.json | 48 - .../hostingEnvironments/deploy.bicep | 194 -- .../hostingEnvironments/readme.md | 400 ----- .../hostingEnvironments/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 57 - .../.deploymentTests/parameters.json | 46 - .../Microsoft.Web/serverfarms/deploy.bicep | 185 -- modules/Microsoft.Web/serverfarms/readme.md | 293 --- .../Microsoft.Web/serverfarms/version.json | 4 - .../sites/.bicep/nested_roleAssignments.bicep | 55 - .../.deploymentTests/fa.min.parameters.json | 20 - .../sites/.deploymentTests/fa.parameters.json | 146 -- .../.deploymentTests/wa.min.parameters.json | 15 - .../sites/.deploymentTests/wa.parameters.json | 70 - .../sites/config-appsettings/deploy.bicep | 95 - .../sites/config-appsettings/readme.md | 91 - .../sites/config-appsettings/version.json | 4 - .../sites/config-authsettingsv2/deploy.bicep | 60 - .../sites/config-authsettingsv2/readme.md | 73 - .../sites/config-authsettingsv2/version.json | 4 - modules/Microsoft.Web/sites/deploy.bicep | 294 --- modules/Microsoft.Web/sites/readme.md | 895 ---------- modules/Microsoft.Web/sites/version.json | 4 - .../.bicep/nested_roleAssignments.bicep | 34 - .../.deploymentTests/min.parameters.json | 9 - .../.deploymentTests/parameters.json | 50 - .../Microsoft.Web/staticSites/deploy.bicep | 174 -- modules/Microsoft.Web/staticSites/readme.md | 408 ----- .../Microsoft.Web/staticSites/version.json | 4 - modules/README.md | 107 -- .../Get-DeploymentTestFileList.ps1 | 42 - 1249 files changed, 1093 insertions(+), 63638 deletions(-) rename {modules => arm}/.global/global.module.tests.ps1 (96%) rename {modules => arm}/.global/shared/helper.psm1 (100%) rename {modules => arm}/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.AAD/DomainServices/.deploymentTests => arm/Microsoft.AAD/DomainServices/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.AAD/DomainServices/deploy.bicep (100%) rename {modules => arm}/Microsoft.AAD/DomainServices/readme.md (100%) rename {modules => arm}/Microsoft.AAD/DomainServices/version.json (100%) rename {modules => arm}/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.AnalysisServices/servers/.deploymentTests => arm/Microsoft.AnalysisServices/servers/.parameters}/max.parameters.json (100%) rename {modules/Microsoft.AnalysisServices/servers/.deploymentTests => arm/Microsoft.AnalysisServices/servers/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.AnalysisServices/servers/.deploymentTests => arm/Microsoft.AnalysisServices/servers/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.AnalysisServices/servers/deploy.bicep (100%) rename {modules => arm}/Microsoft.AnalysisServices/servers/readme.md (100%) rename {modules => arm}/Microsoft.AnalysisServices/servers/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.ApiManagement/service/.deploymentTests => arm/Microsoft.ApiManagement/service/.parameters}/max.parameters.json (100%) rename {modules/Microsoft.ApiManagement/service/.deploymentTests => arm/Microsoft.ApiManagement/service/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.ApiManagement/service/.deploymentTests => arm/Microsoft.ApiManagement/service/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apiVersionSets/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apiVersionSets/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/policies/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/policies/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/policies/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/apis/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/authorizationServers/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/authorizationServers/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/backends/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/backends/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/backends/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/caches/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/caches/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/caches/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/identityProviders/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/identityProviders/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/identityProviders/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/namedValues/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/namedValues/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/namedValues/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/policies/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/policies/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/policies/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/portalsettings/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/portalsettings/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/portalsettings/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/apis/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/apis/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/apis/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/groups/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/groups/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/groups/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/products/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/subscriptions/deploy.bicep (100%) rename {modules => arm}/Microsoft.ApiManagement/service/subscriptions/readme.md (100%) rename {modules => arm}/Microsoft.ApiManagement/service/subscriptions/version.json (100%) rename {modules => arm}/Microsoft.ApiManagement/service/version.json (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests => arm/Microsoft.AppConfiguration/configurationStores/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests => arm/Microsoft.AppConfiguration/configurationStores/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/deploy.bicep (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/keyValues/version.json (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/readme.md (100%) rename {modules => arm}/Microsoft.AppConfiguration/configurationStores/version.json (100%) rename {modules/Microsoft.Authorization/locks/.deploymentTests => arm/Microsoft.Authorization/locks/.parameters}/rg.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/locks/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/locks/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/locks/resourceGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/locks/resourceGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/locks/resourceGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/locks/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/locks/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/locks/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/locks/version.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/rg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/rg.parameters.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyAssignments/.deploymentTests => arm/Microsoft.Authorization/policyAssignments/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/resourceGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyAssignments/version.json (100%) rename {modules/Microsoft.Authorization/policyDefinitions/.deploymentTests => arm/Microsoft.Authorization/policyDefinitions/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyDefinitions/.deploymentTests => arm/Microsoft.Authorization/policyDefinitions/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/policyDefinitions/.deploymentTests => arm/Microsoft.Authorization/policyDefinitions/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyDefinitions/.deploymentTests => arm/Microsoft.Authorization/policyDefinitions/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyDefinitions/version.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/rg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/rg.parameters.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policyExemptions/.deploymentTests => arm/Microsoft.Authorization/policyExemptions/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/resourceGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policyExemptions/version.json (100%) rename {modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests => arm/Microsoft.Authorization/policySetDefinitions/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests => arm/Microsoft.Authorization/policySetDefinitions/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests => arm/Microsoft.Authorization/policySetDefinitions/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests => arm/Microsoft.Authorization/policySetDefinitions/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/policySetDefinitions/version.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/rg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/rg.parameters.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleAssignments/.deploymentTests => arm/Microsoft.Authorization/roleAssignments/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/resourceGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleAssignments/version.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/mg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/mg.parameters.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/rg.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/rg.parameters.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/sub.min.parameters.json (100%) rename {modules/Microsoft.Authorization/roleDefinitions/.deploymentTests => arm/Microsoft.Authorization/roleDefinitions/.parameters}/sub.parameters.json (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/managementGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/readme.md (99%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/subscription/readme.md (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/subscription/version.json (100%) rename {modules => arm}/Microsoft.Authorization/roleDefinitions/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Automation/automationAccounts/.deploymentTests => arm/Microsoft.Automation/automationAccounts/.parameters}/encr.parameters.json (100%) rename {modules/Microsoft.Automation/automationAccounts/.deploymentTests => arm/Microsoft.Automation/automationAccounts/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.Automation/automationAccounts/.deploymentTests => arm/Microsoft.Automation/automationAccounts/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/jobSchedules/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/jobSchedules/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/modules/deploy.bicep (96%) rename {modules => arm}/Microsoft.Automation/automationAccounts/modules/readme.md (97%) rename {modules => arm}/Microsoft.Automation/automationAccounts/modules/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/runbooks/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/runbooks/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/schedules/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/schedules/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/schedules/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/variables/deploy.bicep (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/variables/readme.md (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/variables/version.json (100%) rename {modules => arm}/Microsoft.Automation/automationAccounts/version.json (100%) rename {modules/Microsoft.Batch/batchAccounts/.deploymentTests => arm/Microsoft.Batch/batchAccounts/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.Batch/batchAccounts/.deploymentTests => arm/Microsoft.Batch/batchAccounts/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Batch/batchAccounts/deploy.bicep (100%) rename {modules => arm}/Microsoft.Batch/batchAccounts/readme.md (100%) rename {modules => arm}/Microsoft.Batch/batchAccounts/version.json (100%) rename {modules => arm}/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.CognitiveServices/accounts/.deploymentTests => arm/Microsoft.CognitiveServices/accounts/.parameters}/encr.parameters.json (100%) rename {modules/Microsoft.CognitiveServices/accounts/.deploymentTests => arm/Microsoft.CognitiveServices/accounts/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.CognitiveServices/accounts/.deploymentTests => arm/Microsoft.CognitiveServices/accounts/.parameters}/parameters.json (100%) rename {modules/Microsoft.CognitiveServices/accounts/.deploymentTests => arm/Microsoft.CognitiveServices/accounts/.parameters}/speech.parameters.json (100%) rename {modules => arm}/Microsoft.CognitiveServices/accounts/deploy.bicep (100%) rename {modules => arm}/Microsoft.CognitiveServices/accounts/readme.md (100%) rename {modules => arm}/Microsoft.CognitiveServices/accounts/version.json (100%) rename {modules => arm}/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/availabilitySets/.deploymentTests => arm/Microsoft.Compute/availabilitySets/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.Compute/availabilitySets/.deploymentTests => arm/Microsoft.Compute/availabilitySets/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/availabilitySets/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/availabilitySets/readme.md (100%) rename {modules => arm}/Microsoft.Compute/availabilitySets/version.json (100%) rename {modules => arm}/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/diskEncryptionSets/.deploymentTests => arm/Microsoft.Compute/diskEncryptionSets/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/diskEncryptionSets/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/diskEncryptionSets/readme.md (100%) rename {modules => arm}/Microsoft.Compute/diskEncryptionSets/version.json (100%) rename {modules => arm}/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/disks/.deploymentTests => arm/Microsoft.Compute/disks/.parameters}/image.parameters.json (100%) rename {modules/Microsoft.Compute/disks/.deploymentTests => arm/Microsoft.Compute/disks/.parameters}/import.parameters.json (100%) rename {modules/Microsoft.Compute/disks/.deploymentTests => arm/Microsoft.Compute/disks/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.Compute/disks/.deploymentTests => arm/Microsoft.Compute/disks/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/disks/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/disks/readme.md (100%) rename {modules => arm}/Microsoft.Compute/disks/version.json (100%) rename {modules => arm}/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/galleries/.deploymentTests => arm/Microsoft.Compute/galleries/.parameters}/images.parameters.json (100%) rename {modules/Microsoft.Compute/galleries/.deploymentTests => arm/Microsoft.Compute/galleries/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/galleries/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep (100%) rename {modules => arm}/Microsoft.Compute/galleries/images/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/galleries/images/readme.md (100%) rename {modules => arm}/Microsoft.Compute/galleries/images/version.json (100%) rename {modules => arm}/Microsoft.Compute/galleries/readme.md (100%) rename {modules => arm}/Microsoft.Compute/galleries/version.json (100%) rename {modules => arm}/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/images/.deploymentTests => arm/Microsoft.Compute/images/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/images/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/images/readme.md (100%) rename {modules => arm}/Microsoft.Compute/images/version.json (100%) rename {modules => arm}/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/proximityPlacementGroups/.deploymentTests => arm/Microsoft.Compute/proximityPlacementGroups/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Compute/proximityPlacementGroups/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/proximityPlacementGroups/readme.md (100%) rename {modules => arm}/Microsoft.Compute/proximityPlacementGroups/version.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests => arm/Microsoft.Compute/virtualMachineScaleSets/.parameters}/linux.min.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests => arm/Microsoft.Compute/virtualMachineScaleSets/.parameters}/linux.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests => arm/Microsoft.Compute/virtualMachineScaleSets/.parameters}/windows.min.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests => arm/Microsoft.Compute/virtualMachineScaleSets/.parameters}/windows.parameters.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/readme.md (100%) rename {modules => arm}/Microsoft.Compute/virtualMachineScaleSets/version.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/linux.autmg.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/linux.min.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/linux.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/windows.autmg.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/windows.min.parameters.json (100%) rename {modules/Microsoft.Compute/virtualMachines/.deploymentTests => arm/Microsoft.Compute/virtualMachines/.parameters}/windows.parameters.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/extensions/deploy.bicep (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/extensions/readme.md (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/extensions/version.json (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/readme.md (100%) rename {modules => arm}/Microsoft.Compute/virtualMachines/version.json (100%) rename {modules/Microsoft.Consumption/budgets/.deploymentTests => arm/Microsoft.Consumption/budgets/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Consumption/budgets/deploy.bicep (100%) rename {modules => arm}/Microsoft.Consumption/budgets/readme.md (100%) rename {modules => arm}/Microsoft.Consumption/budgets/version.json (100%) rename {modules/Microsoft.ContainerInstance/containerGroups/.deploymentTests => arm/Microsoft.ContainerInstance/containerGroups/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.ContainerInstance/containerGroups/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerInstance/containerGroups/readme.md (100%) rename {modules => arm}/Microsoft.ContainerInstance/containerGroups/version.json (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.ContainerRegistry/registries/.deploymentTests => arm/Microsoft.ContainerRegistry/registries/.parameters}/encr.parameters.json (100%) rename {modules/Microsoft.ContainerRegistry/registries/.deploymentTests => arm/Microsoft.ContainerRegistry/registries/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.ContainerRegistry/registries/.deploymentTests => arm/Microsoft.ContainerRegistry/registries/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/readme.md (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/replications/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/replications/readme.md (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/replications/version.json (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/version.json (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/webhooks/readme.md (100%) rename {modules => arm}/Microsoft.ContainerRegistry/registries/webhooks/version.json (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.ContainerService/managedClusters/.deploymentTests => arm/Microsoft.ContainerService/managedClusters/.parameters}/azure.parameters.json (100%) rename {modules/Microsoft.ContainerService/managedClusters/.deploymentTests => arm/Microsoft.ContainerService/managedClusters/.parameters}/kubenet.parameters.json (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/agentPools/readme.md (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/agentPools/version.json (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/deploy.bicep (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/readme.md (100%) rename {modules => arm}/Microsoft.ContainerService/managedClusters/version.json (100%) rename {modules => arm}/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DataFactory/factories/.deploymentTests => arm/Microsoft.DataFactory/factories/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.DataFactory/factories/deploy.bicep (100%) rename {modules => arm}/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep (100%) rename {modules => arm}/Microsoft.DataFactory/factories/integrationRuntime/readme.md (100%) rename {modules => arm}/Microsoft.DataFactory/factories/integrationRuntime/version.json (100%) rename {modules => arm}/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep (100%) rename {modules => arm}/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md (100%) rename {modules => arm}/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json (100%) rename {modules => arm}/Microsoft.DataFactory/factories/readme.md (100%) rename {modules => arm}/Microsoft.DataFactory/factories/version.json (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep (89%) rename {modules/Microsoft.DataProtection/backupVaults/.deploymentTests => arm/Microsoft.DataProtection/backupVaults/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.DataProtection/backupVaults/.deploymentTests => arm/Microsoft.DataProtection/backupVaults/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/backupPolicies/version.json (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/deploy.bicep (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/readme.md (100%) rename {modules => arm}/Microsoft.DataProtection/backupVaults/version.json (100%) rename {modules => arm}/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.Databricks/workspaces/.deploymentTests => arm/Microsoft.Databricks/workspaces/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.Databricks/workspaces/deploy.bicep (100%) rename {modules => arm}/Microsoft.Databricks/workspaces/readme.md (100%) rename {modules => arm}/Microsoft.Databricks/workspaces/version.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests => arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests => arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/readme.md (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/applicationgroups/version.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DesktopVirtualization/hostpools/.deploymentTests => arm/Microsoft.DesktopVirtualization/hostpools/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/hostpools/deploy.bicep (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/hostpools/readme.md (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/hostpools/version.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DesktopVirtualization/scalingplans/.deploymentTests => arm/Microsoft.DesktopVirtualization/scalingplans/.parameters}/min.parameters.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/scalingplans/readme.md (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/scalingplans/version.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DesktopVirtualization/workspaces/.deploymentTests => arm/Microsoft.DesktopVirtualization/workspaces/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/workspaces/deploy.bicep (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/workspaces/readme.md (100%) rename {modules => arm}/Microsoft.DesktopVirtualization/workspaces/version.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests => arm/Microsoft.DocumentDB/databaseAccounts/.parameters}/mongodb.parameters.json (100%) rename {modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests => arm/Microsoft.DocumentDB/databaseAccounts/.parameters}/plain.parameters.json (100%) rename {modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests => arm/Microsoft.DocumentDB/databaseAccounts/.parameters}/sqldb.parameters.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/deploy.bicep (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/readme.md (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json (100%) rename {modules => arm}/Microsoft.DocumentDB/databaseAccounts/version.json (100%) rename {modules => arm}/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.EventGrid/systemTopics/.deploymentTests => arm/Microsoft.EventGrid/systemTopics/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.EventGrid/systemTopics/.deploymentTests => arm/Microsoft.EventGrid/systemTopics/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.EventGrid/systemTopics/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventGrid/systemTopics/readme.md (100%) rename {modules => arm}/Microsoft.EventGrid/systemTopics/version.json (100%) rename {modules => arm}/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.EventGrid/topics/.deploymentTests => arm/Microsoft.EventGrid/topics/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.EventGrid/topics/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventGrid/topics/readme.md (100%) rename {modules => arm}/Microsoft.EventGrid/topics/version.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep (100%) rename {modules/Microsoft.EventHub/namespaces/.deploymentTests => arm/Microsoft.EventHub/namespaces/.parameters}/min.parameters.json (100%) rename {modules/Microsoft.EventHub/namespaces/.deploymentTests => arm/Microsoft.EventHub/namespaces/.parameters}/parameters.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/authorizationRules/readme.md (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/authorizationRules/version.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/readme.md (100%) rename {modules => arm}/Microsoft.EventHub/namespaces/eventhubs/version.json (100%) delete mode 100644 constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json delete mode 100644 constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json delete mode 100644 modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep delete mode 100644 modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md delete mode 100644 modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json delete mode 100644 modules/Microsoft.EventHub/namespaces/readme.md delete mode 100644 modules/Microsoft.EventHub/namespaces/version.json delete mode 100644 modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.HealthBot/healthBots/deploy.bicep delete mode 100644 modules/Microsoft.HealthBot/healthBots/readme.md delete mode 100644 modules/Microsoft.HealthBot/healthBots/version.json delete mode 100644 modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/actionGroups/deploy.bicep delete mode 100644 modules/Microsoft.Insights/actionGroups/readme.md delete mode 100644 modules/Microsoft.Insights/actionGroups/version.json delete mode 100644 modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/activityLogAlerts/deploy.bicep delete mode 100644 modules/Microsoft.Insights/activityLogAlerts/readme.md delete mode 100644 modules/Microsoft.Insights/activityLogAlerts/version.json delete mode 100644 modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/components/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/components/deploy.bicep delete mode 100644 modules/Microsoft.Insights/components/readme.md delete mode 100644 modules/Microsoft.Insights/components/version.json delete mode 100644 modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/diagnosticSettings/deploy.bicep delete mode 100644 modules/Microsoft.Insights/diagnosticSettings/readme.md delete mode 100644 modules/Microsoft.Insights/diagnosticSettings/version.json delete mode 100644 modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/metricAlerts/deploy.bicep delete mode 100644 modules/Microsoft.Insights/metricAlerts/readme.md delete mode 100644 modules/Microsoft.Insights/metricAlerts/version.json delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/deploy.bicep delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/readme.md delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json delete mode 100644 modules/Microsoft.Insights/privateLinkScopes/version.json delete mode 100644 modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep delete mode 100644 modules/Microsoft.Insights/scheduledQueryRules/readme.md delete mode 100644 modules/Microsoft.Insights/scheduledQueryRules/version.json delete mode 100644 modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md delete mode 100644 modules/Microsoft.KeyVault/vaults/accessPolicies/version.json delete mode 100644 modules/Microsoft.KeyVault/vaults/deploy.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/keys/deploy.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/keys/readme.md delete mode 100644 modules/Microsoft.KeyVault/vaults/keys/version.json delete mode 100644 modules/Microsoft.KeyVault/vaults/readme.md delete mode 100644 modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/secrets/readme.md delete mode 100644 modules/Microsoft.KeyVault/vaults/secrets/version.json delete mode 100644 modules/Microsoft.KeyVault/vaults/version.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep delete mode 100644 modules/Microsoft.KubernetesConfiguration/extensions/readme.md delete mode 100644 modules/Microsoft.KubernetesConfiguration/extensions/version.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep delete mode 100644 modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md delete mode 100644 modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json delete mode 100644 modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Logic/workflows/deploy.bicep delete mode 100644 modules/Microsoft.Logic/workflows/readme.md delete mode 100644 modules/Microsoft.Logic/workflows/version.json delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/computes/version.json delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/readme.md delete mode 100644 modules/Microsoft.MachineLearningServices/workspaces/version.json delete mode 100644 modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep delete mode 100644 modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md delete mode 100644 modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/readme.md delete mode 100644 modules/Microsoft.ManagedServices/registrationDefinitions/version.json delete mode 100644 modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Management/managementGroups/deploy.bicep delete mode 100644 modules/Microsoft.Management/managementGroups/readme.md delete mode 100644 modules/Microsoft.Management/managementGroups/version.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/deploy.bicep delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/readme.md delete mode 100644 modules/Microsoft.NetApp/netAppAccounts/version.json delete mode 100644 modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/applicationGateways/deploy.bicep delete mode 100644 modules/Microsoft.Network/applicationGateways/readme.md delete mode 100644 modules/Microsoft.Network/applicationGateways/version.json delete mode 100644 modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep delete mode 100644 modules/Microsoft.Network/applicationSecurityGroups/readme.md delete mode 100644 modules/Microsoft.Network/applicationSecurityGroups/version.json delete mode 100644 modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json delete mode 100644 modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json delete mode 100644 modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/azureFirewalls/deploy.bicep delete mode 100644 modules/Microsoft.Network/azureFirewalls/readme.md delete mode 100644 modules/Microsoft.Network/azureFirewalls/version.json delete mode 100644 modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json delete mode 100644 modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json delete mode 100644 modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/bastionHosts/deploy.bicep delete mode 100644 modules/Microsoft.Network/bastionHosts/readme.md delete mode 100644 modules/Microsoft.Network/bastionHosts/version.json delete mode 100644 modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json delete mode 100644 modules/Microsoft.Network/connections/deploy.bicep delete mode 100644 modules/Microsoft.Network/connections/readme.md delete mode 100644 modules/Microsoft.Network/connections/version.json delete mode 100644 modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep delete mode 100644 modules/Microsoft.Network/ddosProtectionPlans/readme.md delete mode 100644 modules/Microsoft.Network/ddosProtectionPlans/version.json delete mode 100644 modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/expressRouteCircuits/deploy.bicep delete mode 100644 modules/Microsoft.Network/expressRouteCircuits/readme.md delete mode 100644 modules/Microsoft.Network/expressRouteCircuits/version.json delete mode 100644 modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/firewallPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Network/firewallPolicies/readme.md delete mode 100644 modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep delete mode 100644 modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md delete mode 100644 modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json delete mode 100644 modules/Microsoft.Network/firewallPolicies/version.json delete mode 100644 modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/frontDoors/deploy.bicep delete mode 100644 modules/Microsoft.Network/frontDoors/readme.md delete mode 100644 modules/Microsoft.Network/frontDoors/version.json delete mode 100644 modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/ipGroups/deploy.bicep delete mode 100644 modules/Microsoft.Network/ipGroups/readme.md delete mode 100644 modules/Microsoft.Network/ipGroups/version.json delete mode 100644 modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json delete mode 100644 modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep delete mode 100644 modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md delete mode 100644 modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json delete mode 100644 modules/Microsoft.Network/loadBalancers/deploy.bicep delete mode 100644 modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep delete mode 100644 modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md delete mode 100644 modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json delete mode 100644 modules/Microsoft.Network/loadBalancers/readme.md delete mode 100644 modules/Microsoft.Network/loadBalancers/version.json delete mode 100644 modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/localNetworkGateways/deploy.bicep delete mode 100644 modules/Microsoft.Network/localNetworkGateways/readme.md delete mode 100644 modules/Microsoft.Network/localNetworkGateways/version.json delete mode 100644 modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/natGateways/deploy.bicep delete mode 100644 modules/Microsoft.Network/natGateways/readme.md delete mode 100644 modules/Microsoft.Network/natGateways/version.json delete mode 100644 modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/networkInterfaces/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkInterfaces/readme.md delete mode 100644 modules/Microsoft.Network/networkInterfaces/version.json delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/readme.md delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json delete mode 100644 modules/Microsoft.Network/networkSecurityGroups/version.json delete mode 100644 modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md delete mode 100644 modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json delete mode 100644 modules/Microsoft.Network/networkWatchers/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep delete mode 100644 modules/Microsoft.Network/networkWatchers/flowLogs/readme.md delete mode 100644 modules/Microsoft.Network/networkWatchers/flowLogs/version.json delete mode 100644 modules/Microsoft.Network/networkWatchers/readme.md delete mode 100644 modules/Microsoft.Network/networkWatchers/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/A/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/A/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/A/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/AAAA/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/AAAA/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/CNAME/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/CNAME/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/MX/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/MX/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/PTR/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/PTR/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/SOA/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/SOA/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/SRV/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/SRV/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/TXT/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/TXT/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/version.json delete mode 100644 modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md delete mode 100644 modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json delete mode 100644 modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/privateEndpoints/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep delete mode 100644 modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md delete mode 100644 modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json delete mode 100644 modules/Microsoft.Network/privateEndpoints/readme.md delete mode 100644 modules/Microsoft.Network/privateEndpoints/version.json delete mode 100644 modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/publicIPAddresses/deploy.bicep delete mode 100644 modules/Microsoft.Network/publicIPAddresses/readme.md delete mode 100644 modules/Microsoft.Network/publicIPAddresses/version.json delete mode 100644 modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/publicIPPrefixes/deploy.bicep delete mode 100644 modules/Microsoft.Network/publicIPPrefixes/readme.md delete mode 100644 modules/Microsoft.Network/publicIPPrefixes/version.json delete mode 100644 modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/routeTables/deploy.bicep delete mode 100644 modules/Microsoft.Network/routeTables/readme.md delete mode 100644 modules/Microsoft.Network/routeTables/version.json delete mode 100644 modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep delete mode 100644 modules/Microsoft.Network/trafficmanagerprofiles/readme.md delete mode 100644 modules/Microsoft.Network/trafficmanagerprofiles/version.json delete mode 100644 modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/virtualHubs/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md delete mode 100644 modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json delete mode 100644 modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md delete mode 100644 modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json delete mode 100644 modules/Microsoft.Network/virtualHubs/readme.md delete mode 100644 modules/Microsoft.Network/virtualHubs/version.json delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/readme.md delete mode 100644 modules/Microsoft.Network/virtualNetworkGateways/version.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworks/readme.md delete mode 100644 modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworks/subnets/readme.md delete mode 100644 modules/Microsoft.Network/virtualNetworks/subnets/version.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/version.json delete mode 100644 modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md delete mode 100644 modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json delete mode 100644 modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/virtualWans/deploy.bicep delete mode 100644 modules/Microsoft.Network/virtualWans/readme.md delete mode 100644 modules/Microsoft.Network/virtualWans/version.json delete mode 100644 modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/vpnGateways/connections/deploy.bicep delete mode 100644 modules/Microsoft.Network/vpnGateways/connections/readme.md delete mode 100644 modules/Microsoft.Network/vpnGateways/connections/version.json delete mode 100644 modules/Microsoft.Network/vpnGateways/deploy.bicep delete mode 100644 modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep delete mode 100644 modules/Microsoft.Network/vpnGateways/natRules/readme.md delete mode 100644 modules/Microsoft.Network/vpnGateways/natRules/version.json delete mode 100644 modules/Microsoft.Network/vpnGateways/readme.md delete mode 100644 modules/Microsoft.Network/vpnGateways/version.json delete mode 100644 modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Network/vpnSites/deploy.bicep delete mode 100644 modules/Microsoft.Network/vpnSites/readme.md delete mode 100644 modules/Microsoft.Network/vpnSites/version.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/deploy.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/readme.md delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json delete mode 100644 modules/Microsoft.OperationalInsights/workspaces/version.json delete mode 100644 modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json delete mode 100644 modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json delete mode 100644 modules/Microsoft.OperationsManagement/solutions/deploy.bicep delete mode 100644 modules/Microsoft.OperationsManagement/solutions/readme.md delete mode 100644 modules/Microsoft.OperationsManagement/solutions/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md delete mode 100644 modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json delete mode 100644 modules/Microsoft.RecoveryServices/vaults/version.json delete mode 100644 modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json delete mode 100644 modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json delete mode 100644 modules/Microsoft.Resources/deploymentScripts/deploy.bicep delete mode 100644 modules/Microsoft.Resources/deploymentScripts/readme.md delete mode 100644 modules/Microsoft.Resources/deploymentScripts/version.json delete mode 100644 modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Resources/resourceGroups/deploy.bicep delete mode 100644 modules/Microsoft.Resources/resourceGroups/readme.md delete mode 100644 modules/Microsoft.Resources/resourceGroups/version.json delete mode 100644 modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json delete mode 100644 modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json delete mode 100644 modules/Microsoft.Resources/tags/deploy.bicep delete mode 100644 modules/Microsoft.Resources/tags/readme.md delete mode 100644 modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep delete mode 100644 modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep delete mode 100644 modules/Microsoft.Resources/tags/resourceGroups/readme.md delete mode 100644 modules/Microsoft.Resources/tags/resourceGroups/version.json delete mode 100644 modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep delete mode 100644 modules/Microsoft.Resources/tags/subscriptions/deploy.bicep delete mode 100644 modules/Microsoft.Resources/tags/subscriptions/readme.md delete mode 100644 modules/Microsoft.Resources/tags/subscriptions/version.json delete mode 100644 modules/Microsoft.Resources/tags/version.json delete mode 100644 modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep delete mode 100644 modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Security/azureSecurityCenter/deploy.bicep delete mode 100644 modules/Microsoft.Security/azureSecurityCenter/readme.md delete mode 100644 modules/Microsoft.Security/azureSecurityCenter/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/queues/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/topics/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/version.json delete mode 100644 modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep delete mode 100644 modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md delete mode 100644 modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json delete mode 100644 modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json delete mode 100644 modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json delete mode 100644 modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep delete mode 100644 modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md delete mode 100644 modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json delete mode 100644 modules/Microsoft.ServiceFabric/clusters/deploy.bicep delete mode 100644 modules/Microsoft.ServiceFabric/clusters/readme.md delete mode 100644 modules/Microsoft.ServiceFabric/clusters/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/administrators/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/administrators/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/databases/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/keys/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/keys/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/keys/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/version.json delete mode 100644 modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep delete mode 100644 modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md delete mode 100644 modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json delete mode 100644 modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json delete mode 100644 modules/Microsoft.Sql/servers/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Sql/servers/databases/deploy.bicep delete mode 100644 modules/Microsoft.Sql/servers/databases/readme.md delete mode 100644 modules/Microsoft.Sql/servers/databases/version.json delete mode 100644 modules/Microsoft.Sql/servers/deploy.bicep delete mode 100644 modules/Microsoft.Sql/servers/firewallRules/deploy.bicep delete mode 100644 modules/Microsoft.Sql/servers/firewallRules/readme.md delete mode 100644 modules/Microsoft.Sql/servers/firewallRules/version.json delete mode 100644 modules/Microsoft.Sql/servers/readme.md delete mode 100644 modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md delete mode 100644 modules/Microsoft.Sql/servers/securityAlertPolicies/version.json delete mode 100644 modules/Microsoft.Sql/servers/version.json delete mode 100644 modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep delete mode 100644 modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md delete mode 100644 modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/blobServices/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/fileServices/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/queueServices/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/tableServices/version.json delete mode 100644 modules/Microsoft.Storage/storageAccounts/version.json delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/readme.md delete mode 100644 modules/Microsoft.Synapse/privateLinkHubs/version.json delete mode 100644 modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep delete mode 100644 modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md delete mode 100644 modules/Microsoft.VirtualMachineImages/imageTemplates/version.json delete mode 100644 modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Web/connections/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Web/connections/deploy.bicep delete mode 100644 modules/Microsoft.Web/connections/readme.md delete mode 100644 modules/Microsoft.Web/connections/version.json delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json delete mode 100644 modules/Microsoft.Web/hostingEnvironments/deploy.bicep delete mode 100644 modules/Microsoft.Web/hostingEnvironments/readme.md delete mode 100644 modules/Microsoft.Web/hostingEnvironments/version.json delete mode 100644 modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Web/serverfarms/deploy.bicep delete mode 100644 modules/Microsoft.Web/serverfarms/readme.md delete mode 100644 modules/Microsoft.Web/serverfarms/version.json delete mode 100644 modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json delete mode 100644 modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json delete mode 100644 modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json delete mode 100644 modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json delete mode 100644 modules/Microsoft.Web/sites/config-appsettings/deploy.bicep delete mode 100644 modules/Microsoft.Web/sites/config-appsettings/readme.md delete mode 100644 modules/Microsoft.Web/sites/config-appsettings/version.json delete mode 100644 modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep delete mode 100644 modules/Microsoft.Web/sites/config-authsettingsv2/readme.md delete mode 100644 modules/Microsoft.Web/sites/config-authsettingsv2/version.json delete mode 100644 modules/Microsoft.Web/sites/deploy.bicep delete mode 100644 modules/Microsoft.Web/sites/readme.md delete mode 100644 modules/Microsoft.Web/sites/version.json delete mode 100644 modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep delete mode 100644 modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json delete mode 100644 modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json delete mode 100644 modules/Microsoft.Web/staticSites/deploy.bicep delete mode 100644 modules/Microsoft.Web/staticSites/readme.md delete mode 100644 modules/Microsoft.Web/staticSites/version.json delete mode 100644 modules/README.md delete mode 100644 utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 diff --git a/.azuredevops/modulePipelines/ms.aad.domainservices.yml b/.azuredevops/modulePipelines/ms.aad.domainservices.yml index c6a5286cb9..a11e9a9940 100644 --- a/.azuredevops/modulePipelines/ms.aad.domainservices.yml +++ b/.azuredevops/modulePipelines/ms.aad.domainservices.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.aad.domainservices.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.AAD/DomainServices/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.AAD/DomainServices/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.AAD/DomainServices' + value: '/arm/Microsoft.AAD/DomainServices' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml index 8dcdee1813..61c1cf2529 100644 --- a/.azuredevops/modulePipelines/ms.analysisservices.servers.yml +++ b/.azuredevops/modulePipelines/ms.analysisservices.servers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.analysisservices.servers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.AnalysisServices/servers/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.AnalysisServices/servers/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.AnalysisServices/servers' + value: '/arm/Microsoft.AnalysisServices/servers' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/max.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/max.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.apimanagement.service.yml b/.azuredevops/modulePipelines/ms.apimanagement.service.yml index b01fa1f753..c9ce3c1ec4 100644 --- a/.azuredevops/modulePipelines/ms.apimanagement.service.yml +++ b/.azuredevops/modulePipelines/ms.apimanagement.service.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.apimanagement.service.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ApiManagement/service/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ApiManagement/service/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ApiManagement/service' + value: '/arm/Microsoft.ApiManagement/service' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/max.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.parameters/max.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml index 1a05fe60c1..71b9c1aaea 100644 --- a/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml +++ b/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.appconfiguration.configurationstores.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.AppConfiguration/configurationStores/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.AppConfiguration/configurationStores/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.AppConfiguration/configurationStores' + value: '/arm/Microsoft.AppConfiguration/configurationStores' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.locks.yml b/.azuredevops/modulePipelines/ms.authorization.locks.yml index d82db7ae5d..796262ea91 100644 --- a/.azuredevops/modulePipelines/ms.authorization.locks.yml +++ b/.azuredevops/modulePipelines/ms.authorization.locks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.locks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/locks/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/locks/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/locks' + value: '/arm/Microsoft.Authorization/locks' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml index b3036c35be..58909f70ec 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policyassignments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/policyAssignments/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/policyAssignments/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/policyAssignments' + value: '/arm/Microsoft.Authorization/policyAssignments' stages: - stage: Validation @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.min.parameters.json + - path: $(modulePath)/.parameters/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml index a70b9ec8c4..d72e85726e 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policydefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/policyDefinitions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/policyDefinitions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/policyDefinitions' + value: '/arm/Microsoft.Authorization/policyDefinitions' stages: - stage: Validation @@ -45,13 +45,13 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml index 2e59710782..bf0ba49d1d 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policyexemptions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/policyExemptions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/policyExemptions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/policyExemptions' + value: '/arm/Microsoft.Authorization/policyExemptions' stages: - stage: Validation @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.min.parameters.json + - path: $(modulePath)/.parameters/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml index 7b15303495..075a7d1e98 100644 --- a/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.policysetdefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/policySetDefinitions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/policySetDefinitions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/policySetDefinitions' + value: '/arm/Microsoft.Authorization/policySetDefinitions' stages: - stage: Validation @@ -45,13 +45,13 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml index e62c9db947..eaf576d22e 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.roleassignments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/roleAssignments/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/roleAssignments/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/roleAssignments' + value: '/arm/Microsoft.Authorization/roleAssignments' stages: - stage: Validation @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.min.parameters.json + - path: $(modulePath)/.parameters/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml index dd7820dc95..7d17acf846 100644 --- a/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml +++ b/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.authorization.roledefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Authorization/roleDefinitions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Authorization/roleDefinitions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Authorization/roleDefinitions' + value: '/arm/Microsoft.Authorization/roleDefinitions' stages: - stage: Validation @@ -45,17 +45,17 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mg.min.parameters.json + - path: $(modulePath)/.parameters/mg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/mg.parameters.json + - path: $(modulePath)/.parameters/mg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.min.parameters.json + - path: $(modulePath)/.parameters/sub.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.min.parameters.json + - path: $(modulePath)/.parameters/rg.min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml index 1d756263a2..712302abd9 100644 --- a/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml +++ b/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.automation.automationaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Automation/automationAccounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Automation/automationAccounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Automation/automationAccounts' + value: '/arm/Microsoft.Automation/automationAccounts' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/encr.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/encr.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml index bd626999f3..281f7c72c2 100644 --- a/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml +++ b/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.batch.batchaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Batch/batchAccounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Batch/batchAccounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Batch/batchAccounts' + value: '/arm/Microsoft.Batch/batchAccounts' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml index 1bb16a4346..2630458041 100644 --- a/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml +++ b/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.cognitiveservices.accounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.CognitiveServices/accounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.CognitiveServices/accounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.CognitiveServices/accounts' + value: '/arm/Microsoft.CognitiveServices/accounts' stages: - stage: Validation @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/speech.parameters.json - - path: $(modulePath)/.deploymentTests/encr.parameters.json - - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/speech.parameters.json + - path: $(modulePath)/.parameters/encr.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml index 6e88d0794d..c824e8c9be 100644 --- a/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml +++ b/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.availabilitysets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/availabilitySets/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/availabilitySets/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/availabilitySets' + value: '/arm/Microsoft.Compute/availabilitySets' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml index 6b677414cb..7f75460410 100644 --- a/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml +++ b/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.diskencryptionsets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/diskEncryptionSets/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/diskEncryptionSets/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/diskEncryptionSets' + value: '/arm/Microsoft.Compute/diskEncryptionSets' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.disks.yml b/.azuredevops/modulePipelines/ms.compute.disks.yml index 571805dddd..3f9cae557f 100644 --- a/.azuredevops/modulePipelines/ms.compute.disks.yml +++ b/.azuredevops/modulePipelines/ms.compute.disks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.disks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/disks/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/disks/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/disks' + value: '/arm/Microsoft.Compute/disks' stages: - stage: Validation @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/image.parameters.json - - path: $(modulePath)/.deploymentTests/import.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/image.parameters.json + - path: $(modulePath)/.parameters/import.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.galleries.yml b/.azuredevops/modulePipelines/ms.compute.galleries.yml index ae2a381844..cf84e0fbef 100644 --- a/.azuredevops/modulePipelines/ms.compute.galleries.yml +++ b/.azuredevops/modulePipelines/ms.compute.galleries.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.galleries.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/galleries/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/galleries/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/galleries' + value: '/arm/Microsoft.Compute/galleries' stages: - stage: Validation @@ -39,8 +39,8 @@ stages: - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml parameters: deploymentBlocks: - - path: $(modulePath)/.deploymentTests/images.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/images.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Deployment displayName: Deployment validation @@ -49,8 +49,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/images.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/images.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.images.yml b/.azuredevops/modulePipelines/ms.compute.images.yml index c2b70fd6a8..834db0a5d7 100644 --- a/.azuredevops/modulePipelines/ms.compute.images.yml +++ b/.azuredevops/modulePipelines/ms.compute.images.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.images.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/images/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/images/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/images' + value: '/arm/Microsoft.Compute/images' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml index 6837787064..c14f444ee2 100644 --- a/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml +++ b/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.proximityplacementgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/proximityPlacementGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/proximityPlacementGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/proximityPlacementGroups' + value: '/arm/Microsoft.Compute/proximityPlacementGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml index f4598a4622..2fc6340f98 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.virtualmachines.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/virtualMachines/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/virtualMachines/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/virtualMachines' + value: '/arm/Microsoft.Compute/virtualMachines' stages: - stage: Validation @@ -45,12 +45,12 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/linux.min.parameters.json - - path: $(modulePath)/.deploymentTests/linux.parameters.json - - path: $(modulePath)/.deploymentTests/linux.autmg.parameters.json - - path: $(modulePath)/.deploymentTests/windows.min.parameters.json - - path: $(modulePath)/.deploymentTests/windows.parameters.json - - path: $(modulePath)/.deploymentTests/windows.autmg.parameters.json + - path: $(modulePath)/.parameters/linux.min.parameters.json + - path: $(modulePath)/.parameters/linux.parameters.json + - path: $(modulePath)/.parameters/linux.autmg.parameters.json + - path: $(modulePath)/.parameters/windows.min.parameters.json + - path: $(modulePath)/.parameters/windows.parameters.json + - path: $(modulePath)/.parameters/windows.autmg.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml index 8a235e6434..70b43e3cc6 100644 --- a/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml +++ b/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.compute.virtualmachinescalesets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Compute/virtualMachineScaleSets/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Compute/virtualMachineScaleSets/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Compute/virtualMachineScaleSets' + value: '/arm/Microsoft.Compute/virtualMachineScaleSets' stages: - stage: Validation @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/linux.min.parameters.json - - path: $(modulePath)/.deploymentTests/linux.parameters.json - - path: $(modulePath)/.deploymentTests/windows.min.parameters.json - - path: $(modulePath)/.deploymentTests/windows.parameters.json + - path: $(modulePath)/.parameters/linux.min.parameters.json + - path: $(modulePath)/.parameters/linux.parameters.json + - path: $(modulePath)/.parameters/windows.min.parameters.json + - path: $(modulePath)/.parameters/windows.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.consumption.budgets.yml b/.azuredevops/modulePipelines/ms.consumption.budgets.yml index 47edcbd603..ba9e462fa4 100644 --- a/.azuredevops/modulePipelines/ms.consumption.budgets.yml +++ b/.azuredevops/modulePipelines/ms.consumption.budgets.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.consumption.budgets.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Consumption/budgets/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Consumption/budgets/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Consumption/budgets' + value: '/arm/Microsoft.Consumption/budgets' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml index fc9cf784c6..694b57b52b 100644 --- a/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml +++ b/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerinstance.containergroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ContainerInstance/containerGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ContainerInstance/containerGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ContainerInstance/containerGroups' + value: '/arm/Microsoft.ContainerInstance/containerGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml index 3833f24356..aca706eb23 100644 --- a/.azuredevops/modulePipelines/ms.containerregistry.registries.yml +++ b/.azuredevops/modulePipelines/ms.containerregistry.registries.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerregistry.registries.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ContainerRegistry/registries/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ContainerRegistry/registries/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ContainerRegistry/registries' + value: '/arm/Microsoft.ContainerRegistry/registries' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/encr.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/encr.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml index 14748f8b77..68d4bc63d7 100644 --- a/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml +++ b/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.containerservice.managedclusters.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ContainerService/managedClusters/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ContainerService/managedClusters/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ContainerService/managedClusters' + value: '/arm/Microsoft.ContainerService/managedClusters' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/azure.parameters.json - - path: $(modulePath)/.deploymentTests/kubenet.parameters.json + - path: $(modulePath)/.parameters/azure.parameters.json + - path: $(modulePath)/.parameters/kubenet.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml index ba0e52746c..7ec75b0a9b 100644 --- a/.azuredevops/modulePipelines/ms.databricks.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.databricks.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.databricks.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Databricks/workspaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Databricks/workspaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Databricks/workspaces' + value: '/arm/Microsoft.Databricks/workspaces' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.datafactory.factories.yml b/.azuredevops/modulePipelines/ms.datafactory.factories.yml index 02601e6748..ccfabaf55b 100644 --- a/.azuredevops/modulePipelines/ms.datafactory.factories.yml +++ b/.azuredevops/modulePipelines/ms.datafactory.factories.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.datafactory.factories.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DataFactory/factories/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DataFactory/factories/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DataFactory/factories' + value: '/arm/Microsoft.DataFactory/factories' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml index aa1c74765e..55ba9a7eea 100644 --- a/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml +++ b/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.dataprotection.backupvaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DataProtection/vaults/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DataProtection/vaults/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DataProtection/backupVaults' + value: '/arm/Microsoft.DataProtection/backupVaults' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml index c0c4958ef2..51d36df82c 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.applicationgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DesktopVirtualization/applicationgroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DesktopVirtualization/applicationgroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DesktopVirtualization/applicationgroups' + value: '/arm/Microsoft.DesktopVirtualization/applicationgroups' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml index f7f724d63a..1d1c49a4d2 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.hostpools.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DesktopVirtualization/hostpools/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DesktopVirtualization/hostpools/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DesktopVirtualization/hostpools' + value: '/arm/Microsoft.DesktopVirtualization/hostpools' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml index adf58c1395..d17711a4bc 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.scalingplans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DesktopVirtualization/scalingplans/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DesktopVirtualization/scalingplans/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DesktopVirtualization/scalingplans' + value: '/arm/Microsoft.DesktopVirtualization/scalingplans' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml index a850a151b3..cfad4bfdc2 100644 --- a/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.desktopvirtualization.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DesktopVirtualization/workspaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DesktopVirtualization/workspaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DesktopVirtualization/workspaces' + value: '/arm/Microsoft.DesktopVirtualization/workspaces' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml index c7e13c5efe..4966965b0b 100644 --- a/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml +++ b/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.documentdb.databaseaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.DocumentDB/databaseAccounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.DocumentDB/databaseAccounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.DocumentDB/databaseAccounts' + value: '/arm/Microsoft.DocumentDB/databaseAccounts' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/mongodb.parameters.json - - path: $(modulePath)/.deploymentTests/plain.parameters.json - - path: $(modulePath)/.deploymentTests/sqldb.parameters.json + - path: $(modulePath)/.parameters/mongodb.parameters.json + - path: $(modulePath)/.parameters/plain.parameters.json + - path: $(modulePath)/.parameters/sqldb.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml index 74b9ed4827..71a74153cf 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventgrid.systemtopics.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.EventGrid/systemTopics/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.EventGrid/systemTopics/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.EventGrid/systemTopics' + value: '/arm/Microsoft.EventGrid/systemTopics' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml index 618ee86540..76fbff905a 100644 --- a/.azuredevops/modulePipelines/ms.eventgrid.topics.yml +++ b/.azuredevops/modulePipelines/ms.eventgrid.topics.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventgrid.topics.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.EventGrid/topics/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.EventGrid/topics/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.EventGrid/topics' + value: '/arm/Microsoft.EventGrid/topics' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml index 5f2b4d4a37..b3d86604f3 100644 --- a/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.eventhub.namespaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.EventHub/namespaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.EventHub/namespaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.EventHub/namespaces' + value: '/arm/Microsoft.EventHub/namespaces' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml index 08760e0264..8e5078a82a 100644 --- a/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml +++ b/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.healthbot.healthbots.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.HealthBot/healthBots/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.HealthBot/healthBots/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.HealthBot/healthBots' + value: '/arm/Microsoft.HealthBot/healthBots' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml index 465d18b9d8..dcecbc2b6a 100644 --- a/.azuredevops/modulePipelines/ms.insights.actiongroups.yml +++ b/.azuredevops/modulePipelines/ms.insights.actiongroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.actiongroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/actionGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/actionGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/actionGroups' + value: '/arm/Microsoft.Insights/actionGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml index cffda42bac..e5de0671d3 100644 --- a/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.activitylogalerts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/activityLogAlerts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/activityLogAlerts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/activityLogAlerts' + value: '/arm/Microsoft.Insights/activityLogAlerts' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.components.yml b/.azuredevops/modulePipelines/ms.insights.components.yml index 77ced33898..129e5301e2 100644 --- a/.azuredevops/modulePipelines/ms.insights.components.yml +++ b/.azuredevops/modulePipelines/ms.insights.components.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.components.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/components/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/components/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/components' + value: '/arm/Microsoft.Insights/components' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml index aab087928e..d1407b082c 100644 --- a/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml +++ b/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.diagnosticsettings.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/diagnosticSettings/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/diagnosticSettings/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/diagnosticSettings' + value: '/arm/Microsoft.Insights/diagnosticSettings' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml index 5d3ca5ec25..a92a0c44aa 100644 --- a/.azuredevops/modulePipelines/ms.insights.metricalerts.yml +++ b/.azuredevops/modulePipelines/ms.insights.metricalerts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.metricalerts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/metricAlerts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/metricAlerts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/metricAlerts' + value: '/arm/Microsoft.Insights/metricAlerts' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml index e4d8eb0f2a..f2f22672c9 100644 --- a/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml +++ b/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.privatelinkscopes.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/privateLinkScopes/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/privateLinkScopes/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/privateLinkScopes' + value: '/arm/Microsoft.Insights/privateLinkScopes' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml index 8af9bffff7..cf0a3e7e2c 100644 --- a/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml +++ b/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.insights.scheduledqueryrules.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Insights/scheduledQueryRules/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Insights/scheduledQueryRules/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Insights/scheduledQueryRules' + value: '/arm/Microsoft.Insights/scheduledQueryRules' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml index 9defe0353a..dd9f52090d 100644 --- a/.azuredevops/modulePipelines/ms.keyvault.vaults.yml +++ b/.azuredevops/modulePipelines/ms.keyvault.vaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.keyvault.vaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.KeyVault/vaults/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.KeyVault/vaults/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.KeyVault/vaults' + value: '/arm/Microsoft.KeyVault/vaults' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml index c638da8660..6e4a9957b8 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.kubernetesconfiguration.extensions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.KubernetesConfiguration/extensions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.KubernetesConfiguration/extensions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.KubernetesConfiguration/extensions' + value: '/arm/Microsoft.KubernetesConfiguration/extensions' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml index 05c578d2e0..cc43f6e135 100644 --- a/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -1,4 +1,4 @@ -name: 'KubernetesConfiguration - FluxConfigurations' +name: 'KubernetesConfiguration: FluxConfigurations' parameters: - name: removeDeployment @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.kubernetesconfiguration.fluxconfigurations.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.KubernetesConfiguration/fluxConfigurations/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.KubernetesConfiguration/fluxConfigurations' + value: '/arm/Microsoft.KubernetesConfiguration/fluxConfigurations' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.logic.workflows.yml b/.azuredevops/modulePipelines/ms.logic.workflows.yml index 869220d3e2..661b4d355c 100644 --- a/.azuredevops/modulePipelines/ms.logic.workflows.yml +++ b/.azuredevops/modulePipelines/ms.logic.workflows.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.logic.workflows.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Logic/workflows/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Logic/workflows/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Logic/workflows' + value: '/arm/Microsoft.Logic/workflows' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml index 79dfdc2be2..d309cdb975 100644 --- a/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.machinelearningservices.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.MachineLearningServices/workspaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.MachineLearningServices/workspaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.MachineLearningServices/workspaces' + value: '/arm/Microsoft.MachineLearningServices/workspaces' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml index 05a656cf55..80121f67e5 100644 --- a/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml +++ b/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.managedidentity.userassignedidentities.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ManagedIdentity/userAssignedIdentities/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ManagedIdentity/userAssignedIdentities/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ManagedIdentity/userAssignedIdentities' + value: '/arm/Microsoft.ManagedIdentity/userAssignedIdentities' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml index 39c68df3c5..62fee30f9b 100644 --- a/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml +++ b/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.managedservices.registrationdefinitions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ManagedServices/registrationDefinitions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ManagedServices/registrationDefinitions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ManagedServices/registrationDefinitions' + value: '/arm/Microsoft.ManagedServices/registrationDefinitions' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/rg.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.management.managementgroups.yml b/.azuredevops/modulePipelines/ms.management.managementgroups.yml index 3289daddc9..308ff44dc5 100644 --- a/.azuredevops/modulePipelines/ms.management.managementgroups.yml +++ b/.azuredevops/modulePipelines/ms.management.managementgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.management.managementgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Management/managementGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Management/managementGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Management/managementGroups' + value: '/arm/Microsoft.Management/managementGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml index 7ef1d4cbb5..2b161f504d 100644 --- a/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml +++ b/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.netapp.netappaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.NetApp/netAppAccounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.NetApp/netAppAccounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.NetApp/netAppAccounts' + value: '/arm/Microsoft.NetApp/netAppAccounts' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/nfs3.parameters.json - - path: $(modulePath)/.deploymentTests/nfs41.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/nfs3.parameters.json + - path: $(modulePath)/.parameters/nfs41.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml index da48d2dac5..6225a4f68c 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.applicationgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/applicationGateways/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/applicationGateways/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/applicationGateways' + value: '/arm/Microsoft.Network/applicationGateways' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml index f959c4795a..f4e3156552 100644 --- a/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.applicationsecuritygroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/applicationSecurityGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/applicationSecurityGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/applicationSecurityGroups' + value: '/arm/Microsoft.Network/applicationSecurityGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml index 64abfd6e64..4a55274d85 100644 --- a/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml +++ b/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.azurefirewalls.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/azureFirewalls/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/azureFirewalls/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/azureFirewalls' + value: '/arm/Microsoft.Network/azureFirewalls' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml index 6746220362..a456581930 100644 --- a/.azuredevops/modulePipelines/ms.network.bastionhosts.yml +++ b/.azuredevops/modulePipelines/ms.network.bastionhosts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.bastionhosts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/bastionHosts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/bastionHosts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/bastionHosts' + value: '/arm/Microsoft.Network/bastionHosts' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.connections.yml b/.azuredevops/modulePipelines/ms.network.connections.yml index 1642c73684..2111b74e77 100644 --- a/.azuredevops/modulePipelines/ms.network.connections.yml +++ b/.azuredevops/modulePipelines/ms.network.connections.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.connections.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/connections/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/connections/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/connections' + value: '/arm/Microsoft.Network/connections' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/vnet2vnet.parameters.json + - path: $(modulePath)/.parameters/vnet2vnet.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml index 4574f81457..0f63e495bc 100644 --- a/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml +++ b/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.ddosprotectionplans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/ddosProtectionPlans/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/ddosProtectionPlans/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/ddosProtectionPlans' + value: '/arm/Microsoft.Network/ddosProtectionPlans' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml index 8f86baa36a..1fc686d50f 100644 --- a/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml +++ b/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.expressroutecircuits.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/expressRouteCircuits/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/expressRouteCircuits/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/expressRouteCircuits' + value: '/arm/Microsoft.Network/expressRouteCircuits' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml index 51a75ecb68..69a52d6e60 100644 --- a/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml +++ b/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.firewallpolicies.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/firewallPolicies/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/firewallpolicies/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,22 +30,22 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/firewallPolicies' + value: '/arm/Microsoft.Network/firewallpolicies' stages: - stage: Validation displayName: Static validation jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml - stage: Deployment displayName: Deployment validation jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.frontdoors.yml b/.azuredevops/modulePipelines/ms.network.frontdoors.yml index ec107160d9..6ef0c447e5 100644 --- a/.azuredevops/modulePipelines/ms.network.frontdoors.yml +++ b/.azuredevops/modulePipelines/ms.network.frontdoors.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.frontdoors.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/frontDoors/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/frontDoors/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/frontDoors' + value: '/arm/Microsoft.Network/frontDoors' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.ipgroups.yml b/.azuredevops/modulePipelines/ms.network.ipgroups.yml index 47ac2b187a..2cebe6016a 100644 --- a/.azuredevops/modulePipelines/ms.network.ipgroups.yml +++ b/.azuredevops/modulePipelines/ms.network.ipgroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.ipgroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/ipGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/ipGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/ipGroups' + value: '/arm/Microsoft.Network/ipGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml index cc2769f764..1ab86396d9 100644 --- a/.azuredevops/modulePipelines/ms.network.loadbalancers.yml +++ b/.azuredevops/modulePipelines/ms.network.loadbalancers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.loadbalancers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/loadBalancers/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/loadBalancers/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/loadBalancers' + value: '/arm/Microsoft.Network/loadBalancers' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/internal.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/internal.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml index 862f64a093..74c7f3f7bd 100644 --- a/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.localnetworkgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/localNetworkGateways/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/localNetworkGateways/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/localNetworkGateways' + value: '/arm/Microsoft.Network/localNetworkGateways' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.natgateways.yml b/.azuredevops/modulePipelines/ms.network.natgateways.yml index 17cd3f4bee..036aebbf69 100644 --- a/.azuredevops/modulePipelines/ms.network.natgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.natgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.natgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/natGateways/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/natGateways/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/natGateways' + value: '/arm/Microsoft.Network/natGateways' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml index ed2ff73682..ce5051d2f2 100644 --- a/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml +++ b/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networkinterfaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/networkInterfaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/networkInterfaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/networkInterfaces' + value: '/arm/Microsoft.Network/networkInterfaces' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml index a592dbf8d3..97508a03c9 100644 --- a/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml +++ b/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networksecuritygroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/networkSecurityGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/networkSecurityGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/networkSecurityGroups' + value: '/arm/Microsoft.Network/networkSecurityGroups' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml index a032607be9..e18f04f34c 100644 --- a/.azuredevops/modulePipelines/ms.network.networkwatchers.yml +++ b/.azuredevops/modulePipelines/ms.network.networkwatchers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.networkwatchers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/networkWatchers/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/networkWatchers/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/networkWatchers' + value: '/arm/Microsoft.Network/networkWatchers' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.privatednszones.yml b/.azuredevops/modulePipelines/ms.network.privatednszones.yml index d4f53eb438..9b152568fb 100644 --- a/.azuredevops/modulePipelines/ms.network.privatednszones.yml +++ b/.azuredevops/modulePipelines/ms.network.privatednszones.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.privatednszones.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/privateDnsZones/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/privateDnsZones/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/privateDnsZones' + value: '/arm/Microsoft.Network/privateDnsZones' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml index 55be935211..fd9b955ead 100644 --- a/.azuredevops/modulePipelines/ms.network.privateendpoints.yml +++ b/.azuredevops/modulePipelines/ms.network.privateendpoints.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.privateendpoints.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/privateEndpoints/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/privateEndpoints/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/privateEndpoints' + value: '/arm/Microsoft.Network/privateEndpoints' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml index eff1b0250f..2bf7ddc62e 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.publicipaddresses.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/publicIPAddresses/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/publicIPAddresses/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/publicIPAddresses' + value: '/arm/Microsoft.Network/publicIPAddresses' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml index 05a7e35e48..4b779ece81 100644 --- a/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml +++ b/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.publicipprefixes.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/publicIPPrefixes/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/publicIPPrefixes/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/publicIPPrefixes' + value: '/arm/Microsoft.Network/publicIPPrefixes' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.routetables.yml b/.azuredevops/modulePipelines/ms.network.routetables.yml index 15aeb0fff2..1aac7ed90d 100644 --- a/.azuredevops/modulePipelines/ms.network.routetables.yml +++ b/.azuredevops/modulePipelines/ms.network.routetables.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.routetables.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/routeTables/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/routeTables/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/routeTables' + value: '/arm/Microsoft.Network/routeTables' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml index a064e45548..45d8db3d5a 100644 --- a/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml +++ b/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.trafficmanagerprofiles.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/trafficmanagerprofiles/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/trafficmanagerprofiles/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/trafficmanagerprofiles' + value: '/arm/Microsoft.Network/trafficmanagerprofiles' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml index 671a6d9457..c117fae374 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualhubs.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualhubs.yml @@ -1,4 +1,4 @@ -name: 'Network - VirtualHubs' +name: 'Network: VirtualHubs' parameters: - name: removeDeployment @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualhubs.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/virtualHubs/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/virtualHubs/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/virtualHubs' + value: '/arm/Microsoft.Network/virtualHubs' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml index 7d5fa11d44..51a9c6a5a6 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualnetworkgateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/virtualNetworkGateways/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/virtualNetworkGateways/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/virtualNetworkGateways' + value: '/arm/Microsoft.Network/virtualNetworkGateways' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/expressRoute.parameters.json - - path: $(modulePath)/.deploymentTests/vpn.parameters.json + - path: $(modulePath)/.parameters/expressRoute.parameters.json + - path: $(modulePath)/.parameters/vpn.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml index c4b4a3ea0a..8d1ae7e5dc 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualnetworks.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/virtualNetworks/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/virtualNetworks/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/virtualNetworks' + value: '/arm/Microsoft.Network/virtualNetworks' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/vnetPeering.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/vnetPeering.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.virtualwans.yml b/.azuredevops/modulePipelines/ms.network.virtualwans.yml index 32bfa7afd2..b507e19983 100644 --- a/.azuredevops/modulePipelines/ms.network.virtualwans.yml +++ b/.azuredevops/modulePipelines/ms.network.virtualwans.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.virtualwans.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/virtualWans/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/virtualWans/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/virtualWans' + value: '/arm/Microsoft.Network/virtualWans' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.vpngateways.yml b/.azuredevops/modulePipelines/ms.network.vpngateways.yml index ee7ce830e8..cc2d3f9c8b 100644 --- a/.azuredevops/modulePipelines/ms.network.vpngateways.yml +++ b/.azuredevops/modulePipelines/ms.network.vpngateways.yml @@ -1,4 +1,4 @@ -name: 'Network - VPNGateways' +name: 'Network: VPNGateways' parameters: - name: removeDeployment @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.vpngateways.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/vpnGateways/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/vpnGateways/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/vpnGateways' + value: '/arm/Microsoft.Network/vpnGateways' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.network.vpnsites.yml b/.azuredevops/modulePipelines/ms.network.vpnsites.yml index c6054542cc..2c9be39166 100644 --- a/.azuredevops/modulePipelines/ms.network.vpnsites.yml +++ b/.azuredevops/modulePipelines/ms.network.vpnsites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.network.vpnsites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Network/vpnSites/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Network/vpnSites/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Network/vpnSites' + value: '/arm/Microsoft.Network/vpnSites' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml index f3b4863863..daf7fc3728 100644 --- a/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml +++ b/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.operationalinsights.workspaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.OperationalInsights/workspaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.OperationalInsights/workspaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.OperationalInsights/workspaces' + value: '/arm/Microsoft.OperationalInsights/workspaces' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml index 05d4dae6cb..483f0184d5 100644 --- a/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml +++ b/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.operationsmanagement.solutions.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.OperationsManagement/solutions/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.OperationsManagement/solutions/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.OperationsManagement/solutions' + value: '/arm/Microsoft.OperationsManagement/solutions' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/nonms.parameters.json - - path: $(modulePath)/.deploymentTests/ms.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/nonms.parameters.json + - path: $(modulePath)/.parameters/ms.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml index 416413054e..bc65e9622b 100644 --- a/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml +++ b/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.recoveryservices.vaults.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.RecoveryServices/vaults/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.RecoveryServices/vaults/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.RecoveryServices/vaults' + value: '/arm/Microsoft.RecoveryServices/vaults' stages: - stage: Validation @@ -45,11 +45,11 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/min.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json templateFilePath: $(modulePath)/deploy.bicep - - path: $(modulePath)/.deploymentTests/dr.parameters.json + - path: $(modulePath)/.parameters/dr.parameters.json templateFilePath: $(modulePath)/deploy.bicep - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml index 2f5a850bea..cd826e0c27 100644 --- a/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml +++ b/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.deploymentscripts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Resources/deploymentScripts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Resources/deploymentScripts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Resources/deploymentScripts' + value: '/arm/Microsoft.Resources/deploymentScripts' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/cli.parameters.json - - path: $(modulePath)/.deploymentTests/ps.parameters.json + - path: $(modulePath)/.parameters/cli.parameters.json + - path: $(modulePath)/.parameters/ps.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml index 03b074bdb2..9bde0ab4fc 100644 --- a/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml +++ b/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.resourcegroups.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Resources/resourceGroups/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Resources/resourceGroups/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Resources/resourceGroups' + value: '/arm/Microsoft.Resources/resourceGroups' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.resources.tags.yml b/.azuredevops/modulePipelines/ms.resources.tags.yml index 98316cfcfd..d0fe3f9404 100644 --- a/.azuredevops/modulePipelines/ms.resources.tags.yml +++ b/.azuredevops/modulePipelines/ms.resources.tags.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.resources.tags.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Resources/tags/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Resources/tags/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Resources/tags' + value: '/arm/Microsoft.Resources/tags' stages: - stage: Validation @@ -45,9 +45,9 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/rg.parameters.json - - path: $(modulePath)/.deploymentTests/sub.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/rg.parameters.json + - path: $(modulePath)/.parameters/sub.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml index 4b6046d2e8..a08f557ef1 100644 --- a/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml +++ b/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.security.azuresecuritycenter.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Security/azureSecurityCenter/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Security/azureSecurityCenter/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Security/azureSecurityCenter' + value: '/arm/Microsoft.Security/azureSecurityCenter' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml index 626e23d613..d555a10dde 100644 --- a/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml +++ b/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.servicebus.namespaces.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ServiceBus/namespaces/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ServiceBus/namespaces/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ServiceBus/namespaces' + value: '/arm/Microsoft.ServiceBus/namespaces' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml index c7e516692f..fd3e03880d 100644 --- a/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml +++ b/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.servicefabric.clusters.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.ServiceFabric/clusters/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.ServiceFabric/clusters/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,24 +30,24 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.ServiceFabric/clusters' + value: '/arm/Microsoft.ServiceFabric/clusters' stages: - stage: Validation displayName: Static validation jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml + - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml - stage: Deployment displayName: Deployment validation jobs: - - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml + - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/full.parameters.json - - path: $(modulePath)/.deploymentTests/cert.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/full.parameters.json + - path: $(modulePath)/.parameters/cert.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml index 9d49a71ba7..2a063183c0 100644 --- a/.azuredevops/modulePipelines/ms.sql.managedinstances.yml +++ b/.azuredevops/modulePipelines/ms.sql.managedinstances.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.sql.managedinstances.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Sql/managedInstances/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Sql/managedInstances/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Sql/managedInstances' + value: '/arm/Microsoft.Sql/managedInstances' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json defaultJobTimeoutInMinutes: 360 - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.sql.servers.yml b/.azuredevops/modulePipelines/ms.sql.servers.yml index 32d9b5e535..c644d3a1df 100644 --- a/.azuredevops/modulePipelines/ms.sql.servers.yml +++ b/.azuredevops/modulePipelines/ms.sql.servers.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.sql.servers.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Sql/servers/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Sql/servers/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Sql/servers' + value: '/arm/Microsoft.Sql/servers' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/admin.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/admin.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml index 62f98d6d33..51f381d312 100644 --- a/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml +++ b/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.storage.storageaccounts.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Storage/storageAccounts/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Storage/storageAccounts/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Storage/storageAccounts' + value: '/arm/Microsoft.Storage/storageAccounts' stages: - stage: Validation @@ -45,11 +45,11 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/nfs.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json - - path: $(modulePath)/.deploymentTests/v1.parameters.json - - path: $(modulePath)/.deploymentTests/encr.parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/nfs.parameters.json + - path: $(modulePath)/.parameters/parameters.json + - path: $(modulePath)/.parameters/v1.parameters.json + - path: $(modulePath)/.parameters/encr.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml index 295f5beb67..e34d190ed5 100644 --- a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml +++ b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Synapse/privateLinkHubs/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Synapse/privateLinkHubs/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Synapse/privateLinkHubs' + value: '/arm/Microsoft.Synapse/privateLinkHubs' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml index 8169a7e43d..525c02e6fb 100644 --- a/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml +++ b/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.virtualmachineimages.imagetemplates.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.VirtualMachineImages/imageTemplates/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.VirtualMachineImages/imageTemplates/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.VirtualMachineImages/imageTemplates' + value: '/arm/Microsoft.VirtualMachineImages/imageTemplates' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.connections.yml b/.azuredevops/modulePipelines/ms.web.connections.yml index 4a126a0ee8..9abaa4136d 100644 --- a/.azuredevops/modulePipelines/ms.web.connections.yml +++ b/.azuredevops/modulePipelines/ms.web.connections.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.connections.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Web/connections/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Web/connections/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Web/connections' + value: '/arm/Microsoft.Web/connections' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml index a3b6da3f80..fc2abe59b5 100644 --- a/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml +++ b/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.hostingenvironments.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Web/hostingEnvironments/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Web/hostingEnvironments/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Web/hostingEnvironments' + value: '/arm/Microsoft.Web/hostingEnvironments' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/asev2.parameters.json - - path: $(modulePath)/.deploymentTests/asev3.parameters.json + - path: $(modulePath)/.parameters/asev2.parameters.json + - path: $(modulePath)/.parameters/asev3.parameters.json defaultJobTimeoutInMinutes: 180 - stage: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.serverfarms.yml b/.azuredevops/modulePipelines/ms.web.serverfarms.yml index 48d906fedc..285b2ce94b 100644 --- a/.azuredevops/modulePipelines/ms.web.serverfarms.yml +++ b/.azuredevops/modulePipelines/ms.web.serverfarms.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.serverfarms.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Web/serverfarms/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Web/serverfarms/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Web/serverfarms' + value: '/arm/Microsoft.Web/serverfarms' stages: - stage: Validation @@ -45,7 +45,7 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.sites.yml b/.azuredevops/modulePipelines/ms.web.sites.yml index e56f5c75eb..2c7584cd63 100644 --- a/.azuredevops/modulePipelines/ms.web.sites.yml +++ b/.azuredevops/modulePipelines/ms.web.sites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.sites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Web/sites/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Web/sites/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Web/sites' + value: '/arm/Microsoft.Web/sites' stages: - stage: Validation @@ -45,10 +45,10 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/fa.min.parameters.json - - path: $(modulePath)/.deploymentTests/fa.parameters.json - - path: $(modulePath)/.deploymentTests/wa.min.parameters.json - - path: $(modulePath)/.deploymentTests/wa.parameters.json + - path: $(modulePath)/.parameters/fa.min.parameters.json + - path: $(modulePath)/.parameters/fa.parameters.json + - path: $(modulePath)/.parameters/wa.min.parameters.json + - path: $(modulePath)/.parameters/wa.parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/modulePipelines/ms.web.staticsites.yml b/.azuredevops/modulePipelines/ms.web.staticsites.yml index e408ebbb15..7784a2ce12 100644 --- a/.azuredevops/modulePipelines/ms.web.staticsites.yml +++ b/.azuredevops/modulePipelines/ms.web.staticsites.yml @@ -21,8 +21,8 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.web.staticsites.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/modules/Microsoft.Web/staticSites/*' - - '/modules/.global/global.module.tests.ps1' + - '/arm/Microsoft.Web/staticSites/*' + - '/arm/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/modules/Microsoft.Web/staticSites' + value: '/arm/Microsoft.Web/staticSites' stages: - stage: Validation @@ -45,8 +45,8 @@ stages: parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.deploymentTests/min.parameters.json - - path: $(modulePath)/.deploymentTests/parameters.json + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/parameters.json - stage: Publishing displayName: Publishing diff --git a/.azuredevops/pipelineTemplates/jobs.publishModule.yml b/.azuredevops/pipelineTemplates/jobs.publishModule.yml index f22e1761c3..622e05a8e5 100644 --- a/.azuredevops/pipelineTemplates/jobs.publishModule.yml +++ b/.azuredevops/pipelineTemplates/jobs.publishModule.yml @@ -176,7 +176,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -235,7 +235,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -295,7 +295,7 @@ jobs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] Write-Host "##[group]$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ diff --git a/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml b/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml index 8e36f369d8..9e2870a142 100644 --- a/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml +++ b/.azuredevops/pipelineTemplates/jobs.validateModulePester.yml @@ -2,7 +2,7 @@ ## VALIDATION PIPELINE ## ######################################################### ## -## This pipeline template contains the logic to validate a given module using the provided parameter file(s) +## This pipeline template contains the logic to validate a given module's ARM template using the provided parameter file(s) ## ## Enabled levels of validation ## - Resource-Group-Level @@ -30,8 +30,8 @@ ## | defaultJobTimeoutInMinutes | 120 | The timeout for the job in this pipeline | 120 | ## | checkoutRepositories | '' | An optional list of repositories to check out at the beginning of this job in addition to the source | 'Components' | ## | modulePath | '$(modulePath)' | The path to the module to deploy. E.g. [c:/KeyVault] | 'c:/KeyVault' | -## | location | '$(location)' | The location to validate with | 'France Central' | -## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to validate into. Required only for Resource-Group-Level validations | 'validation-rg' | +## | location | '$(location)' | The location to validate with | 'France Central' | +## | resourceGroupName | '$(resourceGroupName)' | The resourcegroup to validate into. Required only for Resource-Group-Level validations | 'validation-rg' | ## | subscriptionId | '$(ARM_SUBSCRIPTION_ID)' | The id of the subscription to validate with when using a Management group service connection | 'aed7c000-6387-412e-bed0-24dfddf4bbc6' | ## | managementGroupId | '$(ARM_MGMTGROUP_ID)' | The id of the management group to validate with. Required only for Management-Group-Level validations | '477c9620-cb01-454f-9ebc-fc6b1df48c14' | ## | parametersRepository | '$(Build.Repository.Name)' | The respository with the parameter files. Defaults to the triggering repository | 'Solutions' | @@ -164,14 +164,14 @@ jobs: # --------------------- # Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path (Join-Path '$(moduleRepoRoot)' 'modules' '.global' 'global.module.tests.ps1') -Data @{ + Container = New-PesterContainer -Path (Join-Path '$(moduleRepoRoot)' 'arm' '.global' 'global.module.tests.ps1') -Data @{ moduleFolderPaths = $moduleFolderPaths enforcedTokenList = $enforcedTokenList } } TestResult = @{ TestSuiteName = 'Global Module Tests' - OutputPath = 'modules/.global/global-testResults.xml' + OutputPath = 'arm/.global/global-testResults.xml' OutputFormat = 'NUnitXml' Enabled = $true } @@ -188,6 +188,6 @@ jobs: testResultsFormat: NUnit testResultsFiles: global-testResults.xml failTaskOnFailedTests: true - searchFolder: 'modules/.global' + searchFolder: 'arm/.global' continueOnError: false condition: succeededOrFailed() diff --git a/.azuredevops/platformPipelines/platform.dependencies.yml b/.azuredevops/platformPipelines/platform.dependencies.yml index dc97836ddc..33013e95ea 100644 --- a/.azuredevops/platformPipelines/platform.dependencies.yml +++ b/.azuredevops/platformPipelines/platform.dependencies.yml @@ -30,7 +30,7 @@ variables: - name: dependencyPath value: 'utilities/pipelines/dependencies' - name: modulesPath - value: 'modules' + value: 'arm' - name: defaultResourceGroupName value: 'validation-rg' diff --git a/.azuredevops/platformPipelines/platform.updateReadMe.yml b/.azuredevops/platformPipelines/platform.updateReadMe.yml index 928e74bbd2..d2eb068bf0 100644 --- a/.azuredevops/platformPipelines/platform.updateReadMe.yml +++ b/.azuredevops/platformPipelines/platform.updateReadMe.yml @@ -9,8 +9,8 @@ trigger: - main paths: include: - - 'modules/**/deploy.bicep' - - 'modules/**/deploy.json' + - 'arm/**/deploy.bicep' + - 'arm/**/deploy.json' variables: - template: '../../global.variables.yml' @@ -39,7 +39,7 @@ jobs: . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'tools' 'Set-ReadMeModuleTable.ps1') $functionInput = @{ - ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules' + ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm' FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'README.md' Organization = '$(System.CollectionUri)'.Split('/')[3] RepositoryName = '$(Build.Repository.Name)' @@ -63,8 +63,8 @@ jobs: . (Join-Path '$(System.DefaultWorkingDirectory)' 'utilities' 'tools' 'Set-ReadMeModuleTable.ps1') $functionInput = @{ - ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules' - FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'modules/README.md' + ModulesPath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm' + FilePath = Join-Path '$(System.DefaultWorkingDirectory)' 'arm/README.md' Organization = '$(System.CollectionUri)'.Split('/')[3] RepositoryName = '$(Build.Repository.Name)' ColumnsInOrder = @('Name', 'ProviderNamespace','ResourceType') diff --git a/.github/actions/templates/getParameterFiles/action.yml b/.github/actions/templates/getParameterFiles/action.yml index 1bcb50e607..cde9b10525 100644 --- a/.github/actions/templates/getParameterFiles/action.yml +++ b/.github/actions/templates/getParameterFiles/action.yml @@ -21,14 +21,14 @@ runs: # Grouping task logs Write-Output "::group::Get parameter files" # Load used functions - . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-DeploymentTestFileList.ps1') + . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-ModuleParameterFiles.ps1') $functionInput = @{ ModulePath = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.modulePath }}' } Write-Verbose "Invoke task with" -Verbose Write-Verbose ($functionInput | ConvertTo-Json | Out-String) -Verbose # Get the list of parameter file paths - $parameterFilePaths = Get-DeploymentTestFileList @functionInput -Verbose + $parameterFilePaths = Get-ModuleParameterFiles @functionInput -Verbose # Output values to be accessed by next jobs $compressedOutput = $parameterFilePaths | ConvertTo-Json -Compress if($compressedOutput -notmatch "\[.*\]") { diff --git a/.github/actions/templates/publishModule/action.yml b/.github/actions/templates/publishModule/action.yml index c88cdfcd03..cb3a327922 100644 --- a/.github/actions/templates/publishModule/action.yml +++ b/.github/actions/templates/publishModule/action.yml @@ -12,19 +12,19 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |===========================================================================================================================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |--------------------------|----------|---------|--------------------------------------------------------------------------------------------------|--------------------------------------------------------| -## | templateFilePath | true | '' | The path to the template file to publish | 'modules/Microsoft.ApiManagement/service/deploy.bicep' | -## | templateSpecsRgName | false | '' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'artifacts-rg' | -## | templateSpecsRgLocation | false | '' | Required to publish to template spec. Location of the template spec resource group | 'WestEurope' | -## | templateSpecsDescription | false | '' | Required to publish to template spec. Description of the template spec to publish to | 'This is an API-Management service template' | -## | templateSpecsDoPublish | false | 'false' | Flag to indicate whether or not to publish to template specs | 'true' | -## | bicepRegistryName | false | '' | Required to publish to private bicep registry. Name of the container registry to publish to | 'myacr' | -## | bicepRegistryRgName | false | '' | Required to publish to private bicep registry. Name of the container registry resource group | 'artifacts-rg' | -## | bicepRegistryRgLocation | false | '' | Required to publish to private bicep registry. Location of the container registry resource group | 'WestEurope' | -## | bicepRegistryDoPublish | false | 'false' | Flag to indicate whether or not to publish to the private bicep registry | 'true' | -## |===========================================================================================================================================================================================================| +## |=======================================================================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |--------------------------|----------|---------|--------------------------------------------------------------------------------------------------|----------------------------------------------------| +## | templateFilePath | true | '' | The path to the template file to publish | 'arm/Microsoft.ApiManagement/service/deploy.bicep' | +## | templateSpecsRgName | false | '' | Required to publish to template spec. ResourceGroup of the template spec to publish to | 'artifacts-rg' | +## | templateSpecsRgLocation | false | '' | Required to publish to template spec. Location of the template spec resource group | 'WestEurope' | +## | templateSpecsDescription | false | '' | Required to publish to template spec. Description of the template spec to publish to | 'This is an API-Management service template' | +## | templateSpecsDoPublish | false | 'false' | Flag to indicate whether or not to publish to template specs | 'true' | +## | bicepRegistryName | false | '' | Required to publish to private bicep registry. Name of the container registry to publish to | 'myacr' | +## | bicepRegistryRgName | false | '' | Required to publish to private bicep registry. Name of the container registry resource group | 'artifacts-rg' | +## | bicepRegistryRgLocation | false | '' | Required to publish to private bicep registry. Location of the container registry resource group | 'WestEurope' | +## | bicepRegistryDoPublish | false | 'false' | Flag to indicate whether or not to publish to the private bicep registry | 'true' | +## |=======================================================================================================================================================================================================| ## ##---------------------------------------------## name: 'Publishing' @@ -116,7 +116,7 @@ runs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] Write-Output "::group::$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ @@ -160,7 +160,7 @@ runs: # Publish the modified child resources foreach ($ModuleToPublish in $ModulesToPublish) { - $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/modules/')[-1]).Split('/deploy.')[0] + $RelPath = (($ModuleToPublish.TemplateFilePath).Split('/arm/')[-1]).Split('/deploy.')[0] Write-Output "::group::$(' - [{0}] [{1}]' -f $RelPath, $ModuleToPublish.Version)" $functionInput = @{ diff --git a/.github/actions/templates/validateModuleDeployment/action.yml b/.github/actions/templates/validateModuleDeployment/action.yml index 634e751be7..7d23efa771 100644 --- a/.github/actions/templates/validateModuleDeployment/action.yml +++ b/.github/actions/templates/validateModuleDeployment/action.yml @@ -11,18 +11,18 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |================================================================================================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |---------------------------|----------|---------|-------------------------------------------------------|-----------------------------------------------------------------------| -## | templateFilePath | true | '' | The path to the template file to use for deployment | 'modules/Microsoft.ApiManagement/service/deploy.bicep' | -## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json' | -## | location | true | '' | The location to use for deployment | 'WestEurope' | -## | resourceGroupName | false | '' | The resource group to deploy to | 'validation-rg' | -## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | -## | customParameterFileTokens | false | '' | Additional parameter file token pairs in json format. | '{"tokenName":"tokenValue"}' | -## | removeDeployment | false | 'true' | Set "true" to set module up for removal | 'true' | -## |================================================================================================================================================================================| +## |============================================================================================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |---------------------------|----------|---------|-------------------------------------------------------|-------------------------------------------------------------------| +## | templateFilePath | true | '' | The path to the template file to use for deployment | 'arm/Microsoft.ApiManagement/service/deploy.bicep' | +## | parameterFilePath | true | '' | The path to the parameter file to use for deployment | 'arm/Microsoft.ApiManagement/service/.parameters/parameters.json' | +## | location | true | '' | The location to use for deployment | 'WestEurope' | +## | resourceGroupName | false | '' | The resource group to deploy to | 'validation-rg' | +## | subscriptionId | false | '' | The subscriptionId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | managementGroupId | false | '' | The managementGroupId to deploy to | '1a97b80a-4dda-4f50-ab53-349e29344654' | +## | customParameterFileTokens | false | '' | Additional parameter file token pairs in json format. | '{"tokenName":"tokenValue"}' | +## | removeDeployment | false | 'true' | Set "true" to set module up for removal | 'true' | +## |============================================================================================================================================================================| ## ######################################################### ## diff --git a/.github/actions/templates/validateModulePester/action.yml b/.github/actions/templates/validateModulePester/action.yml index 957b94643d..2585707067 100644 --- a/.github/actions/templates/validateModulePester/action.yml +++ b/.github/actions/templates/validateModulePester/action.yml @@ -3,7 +3,7 @@ ######################################################### ## ## This composite action contains the logic to validate a module using a set of Pester tests -## The tests are implemented in file 'modules/.global/global.module.tests.ps1' +## The tests are implemented in file 'arm/.global/global.module.tests.ps1' ## ######################################################### ## @@ -11,11 +11,11 @@ ## ACTION PARAMETERS ## ##-------------------------------------------## ## -## |===============================================================================================================| -## | Parameter | Required | Default | Description | Example | -## |------------|----------|---------|---------------------------------|-------------------------------------------| -## | modulePath | true | '' | The path to the module's folder | 'modules/Microsoft.ApiManagement/service' | -## |===============================================================================================================| +## |===========================================================================================================| +## | Parameter | Required | Default | Description | Example | +## |------------|----------|---------|---------------------------------|---------------------------------------| +## | modulePath | true | '' | The path to the module's folder | 'arm/Microsoft.ApiManagement/service' | +## |===========================================================================================================| ## ##---------------------------------------------## @@ -95,14 +95,14 @@ runs: # --------------------- # Invoke-Pester -Configuration @{ Run = @{ - Container = New-PesterContainer -Path 'modules/.global/global.module.tests.ps1' -Data @{ + Container = New-PesterContainer -Path 'arm/.global/global.module.tests.ps1' -Data @{ moduleFolderPaths = $moduleFolderPaths enforcedTokenList = $enforcedTokenList } } TestResult = @{ TestSuiteName = 'Global Module Tests' - OutputPath = 'modules/.global/global-testResults.xml' + OutputPath = 'arm/.global/global-testResults.xml' OutputFormat = 'JUnitXml' Enabled = $true } @@ -115,4 +115,4 @@ runs: uses: EnricoMi/publish-unit-test-result-action@v1 if: always() with: - files: 'modules/.global/*-testResults.xml' + files: 'arm/.global/*-testResults.xml' diff --git a/.github/workflows/ms.aad.domainservices.yml b/.github/workflows/ms.aad.domainservices.yml index 9c7dc030c4..229590b5e4 100644 --- a/.github/workflows/ms.aad.domainservices.yml +++ b/.github/workflows/ms.aad.domainservices.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.aad.domainservices.yml' - - 'modules/Microsoft.AAD/DomainServices/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.AAD/DomainServices/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.AAD/DomainServices' + modulePath: 'arm/Microsoft.AAD/DomainServices' workflowPath: '.github/workflows/ms.aad.domainservices.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.analysisservices.servers.yml b/.github/workflows/ms.analysisservices.servers.yml index d89e4b0956..4330ec663a 100644 --- a/.github/workflows/ms.analysisservices.servers.yml +++ b/.github/workflows/ms.analysisservices.servers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.analysisservices.servers.yml' - - 'modules/Microsoft.AnalysisServices/servers/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.AnalysisServices/servers/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.AnalysisServices/servers' + modulePath: 'arm/Microsoft.AnalysisServices/servers' workflowPath: '.github/workflows/ms.analysisservices.servers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.apimanagement.service.yml b/.github/workflows/ms.apimanagement.service.yml index b04a8a7374..b3078cda39 100644 --- a/.github/workflows/ms.apimanagement.service.yml +++ b/.github/workflows/ms.apimanagement.service.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.apimanagement.service.yml' - - 'modules/Microsoft.ApiManagement/service/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ApiManagement/service/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ApiManagement/service' + modulePath: 'arm/Microsoft.ApiManagement/service' workflowPath: '.github/workflows/ms.apimanagement.service.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.appconfiguration.configurationstores.yml b/.github/workflows/ms.appconfiguration.configurationstores.yml index 73bc29e477..2a6e3997f9 100644 --- a/.github/workflows/ms.appconfiguration.configurationstores.yml +++ b/.github/workflows/ms.appconfiguration.configurationstores.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.appconfiguration.configurationstores.yml' - - 'modules/Microsoft.AppConfiguration/configurationStores/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.AppConfiguration/configurationStores/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.AppConfiguration/configurationStores' + modulePath: 'arm/Microsoft.AppConfiguration/configurationStores' workflowPath: '.github/workflows/ms.appconfiguration.configurationstores.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.locks.yml b/.github/workflows/ms.authorization.locks.yml index 53ae10acd3..49c6070b64 100644 --- a/.github/workflows/ms.authorization.locks.yml +++ b/.github/workflows/ms.authorization.locks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.locks.yml' - - 'modules/Microsoft.Authorization/locks/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/locks/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/locks' + modulePath: 'arm/Microsoft.Authorization/locks' workflowPath: '.github/workflows/ms.authorization.locks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policyassignments.yml b/.github/workflows/ms.authorization.policyassignments.yml index e1710d9ae2..ebb21af4a3 100644 --- a/.github/workflows/ms.authorization.policyassignments.yml +++ b/.github/workflows/ms.authorization.policyassignments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policyassignments.yml' - - 'modules/Microsoft.Authorization/policyAssignments/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/policyAssignments/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/policyAssignments' + modulePath: 'arm/Microsoft.Authorization/policyAssignments' workflowPath: '.github/workflows/ms.authorization.policyassignments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policydefinitions.yml b/.github/workflows/ms.authorization.policydefinitions.yml index f3f6b3eee5..e02a09c206 100644 --- a/.github/workflows/ms.authorization.policydefinitions.yml +++ b/.github/workflows/ms.authorization.policydefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policydefinitions.yml' - - 'modules/Microsoft.Authorization/policyDefinitions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/policyDefinitions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/policyDefinitions' + modulePath: 'arm/Microsoft.Authorization/policyDefinitions' workflowPath: '.github/workflows/ms.authorization.policydefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policyexemptions.yml b/.github/workflows/ms.authorization.policyexemptions.yml index 64d0f4c63e..cbacdd34c7 100644 --- a/.github/workflows/ms.authorization.policyexemptions.yml +++ b/.github/workflows/ms.authorization.policyexemptions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policyexemptions.yml' - - 'modules/Microsoft.Authorization/policyExemptions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/policyExemptions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/policyExemptions' + modulePath: 'arm/Microsoft.Authorization/policyExemptions' workflowPath: '.github/workflows/ms.authorization.policyexemptions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.policysetdefinitions.yml b/.github/workflows/ms.authorization.policysetdefinitions.yml index 38a3a40b79..5fee8e7ebf 100644 --- a/.github/workflows/ms.authorization.policysetdefinitions.yml +++ b/.github/workflows/ms.authorization.policysetdefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.policysetdefinitions.yml' - - 'modules/Microsoft.Authorization/policySetDefinitions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/policySetDefinitions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/policySetDefinitions' + modulePath: 'arm/Microsoft.Authorization/policySetDefinitions' workflowPath: '.github/workflows/ms.authorization.policysetdefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.roleassignments.yml b/.github/workflows/ms.authorization.roleassignments.yml index 8d0f8a65c9..e7e8c53828 100644 --- a/.github/workflows/ms.authorization.roleassignments.yml +++ b/.github/workflows/ms.authorization.roleassignments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.roleassignments.yml' - - 'modules/Microsoft.Authorization/roleAssignments/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/roleAssignments/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/roleAssignments' + modulePath: 'arm/Microsoft.Authorization/roleAssignments' workflowPath: '.github/workflows/ms.authorization.roleassignments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.authorization.roledefinitions.yml b/.github/workflows/ms.authorization.roledefinitions.yml index dfc4ff4114..95a3a5cc1d 100644 --- a/.github/workflows/ms.authorization.roledefinitions.yml +++ b/.github/workflows/ms.authorization.roledefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.authorization.roledefinitions.yml' - - 'modules/Microsoft.Authorization/roleDefinitions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Authorization/roleDefinitions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Authorization/roleDefinitions' + modulePath: 'arm/Microsoft.Authorization/roleDefinitions' workflowPath: '.github/workflows/ms.authorization.roledefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.automation.automationaccounts.yml b/.github/workflows/ms.automation.automationaccounts.yml index 223913b69a..e2a3cc2bc9 100644 --- a/.github/workflows/ms.automation.automationaccounts.yml +++ b/.github/workflows/ms.automation.automationaccounts.yml @@ -20,15 +20,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.automation.automationaccounts.yml' - - 'modules/Microsoft.Automation/automationAccounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Automation/automationAccounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Automation/automationAccounts' + modulePath: 'arm/Microsoft.Automation/automationAccounts' workflowPath: '.github/workflows/ms.automation.automationaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} diff --git a/.github/workflows/ms.batch.batchaccounts.yml b/.github/workflows/ms.batch.batchaccounts.yml index 99438c8f5e..bdab22a0fb 100644 --- a/.github/workflows/ms.batch.batchaccounts.yml +++ b/.github/workflows/ms.batch.batchaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.batch.batchaccounts.yml' - - 'modules/Microsoft.Batch/batchAccounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Batch/batchAccounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Batch/batchAccounts' + modulePath: 'arm/Microsoft.Batch/batchAccounts' workflowPath: '.github/workflows/ms.batch.batchaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.cognitiveservices.accounts.yml b/.github/workflows/ms.cognitiveservices.accounts.yml index 5ea5e69477..f320fd876d 100644 --- a/.github/workflows/ms.cognitiveservices.accounts.yml +++ b/.github/workflows/ms.cognitiveservices.accounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.cognitiveservices.accounts.yml' - - 'modules/Microsoft.CognitiveServices/accounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.CognitiveServices/accounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.CognitiveServices/accounts' + modulePath: 'arm/Microsoft.CognitiveServices/accounts' workflowPath: '.github/workflows/ms.cognitiveservices.accounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.availabilitysets.yml b/.github/workflows/ms.compute.availabilitysets.yml index 24ee9e6810..a873271346 100644 --- a/.github/workflows/ms.compute.availabilitysets.yml +++ b/.github/workflows/ms.compute.availabilitysets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.availabilitysets.yml' - - 'modules/Microsoft.Compute/availabilitySets/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/availabilitySets/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/availabilitySets' + modulePath: 'arm/Microsoft.Compute/availabilitySets' workflowPath: '.github/workflows/ms.compute.availabilitysets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.diskencryptionsets.yml b/.github/workflows/ms.compute.diskencryptionsets.yml index 2ec3d0070a..4249bc2d92 100644 --- a/.github/workflows/ms.compute.diskencryptionsets.yml +++ b/.github/workflows/ms.compute.diskencryptionsets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.diskencryptionsets.yml' - - 'modules/Microsoft.Compute/diskEncryptionSets/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/diskEncryptionSets/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/diskEncryptionSets' + modulePath: 'arm/Microsoft.Compute/diskEncryptionSets' workflowPath: '.github/workflows/ms.compute.diskencryptionsets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.disks.yml b/.github/workflows/ms.compute.disks.yml index b7e448c3f8..8495ead6ae 100644 --- a/.github/workflows/ms.compute.disks.yml +++ b/.github/workflows/ms.compute.disks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.disks.yml' - - 'modules/Microsoft.Compute/disks/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/disks/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/disks' + modulePath: 'arm/Microsoft.Compute/disks' workflowPath: '.github/workflows/ms.compute.disks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.galleries.yml b/.github/workflows/ms.compute.galleries.yml index d1253419b2..3e341e0474 100644 --- a/.github/workflows/ms.compute.galleries.yml +++ b/.github/workflows/ms.compute.galleries.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.galleries.yml' - - 'modules/Microsoft.Compute/galleries/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/galleries/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/galleries' + modulePath: 'arm/Microsoft.Compute/galleries' workflowPath: '.github/workflows/ms.compute.galleries.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml index 429badf603..1e6aefa800 100644 --- a/.github/workflows/ms.compute.images.yml +++ b/.github/workflows/ms.compute.images.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.images.yml' - - 'modules/Microsoft.Compute/images/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/images/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/images' + modulePath: 'arm/Microsoft.Compute/images' workflowPath: '.github/workflows/ms.compute.images.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.proximityplacementgroups.yml b/.github/workflows/ms.compute.proximityplacementgroups.yml index 039369a56c..8dd426e6f6 100644 --- a/.github/workflows/ms.compute.proximityplacementgroups.yml +++ b/.github/workflows/ms.compute.proximityplacementgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.proximityplacementgroups.yml' - - 'modules/Microsoft.Compute/proximityPlacementGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/proximityPlacementGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/proximityPlacementGroups' + modulePath: 'arm/Microsoft.Compute/proximityPlacementGroups' workflowPath: '.github/workflows/ms.compute.proximityplacementgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.virtualmachines.yml b/.github/workflows/ms.compute.virtualmachines.yml index 607ff5ae93..bb336d8917 100644 --- a/.github/workflows/ms.compute.virtualmachines.yml +++ b/.github/workflows/ms.compute.virtualmachines.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.virtualmachines.yml' - - 'modules/Microsoft.Compute/virtualMachines/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/virtualMachines/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/virtualMachines' + modulePath: 'arm/Microsoft.Compute/virtualMachines' workflowPath: '.github/workflows/ms.compute.virtualmachines.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.compute.virtualmachinescalesets.yml b/.github/workflows/ms.compute.virtualmachinescalesets.yml index 7a5bfa94cd..3cc180a270 100644 --- a/.github/workflows/ms.compute.virtualmachinescalesets.yml +++ b/.github/workflows/ms.compute.virtualmachinescalesets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.compute.virtualmachinescalesets.yml' - - 'modules/Microsoft.Compute/virtualMachineScaleSets/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Compute/virtualMachineScaleSets/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Compute/virtualMachineScaleSets' + modulePath: 'arm/Microsoft.Compute/virtualMachineScaleSets' workflowPath: '.github/workflows/ms.compute.virtualmachinescalesets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.consumption.budgets.yml b/.github/workflows/ms.consumption.budgets.yml index 0dcc0234b2..1050a427d8 100644 --- a/.github/workflows/ms.consumption.budgets.yml +++ b/.github/workflows/ms.consumption.budgets.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.consumption.budgets.yml' - - 'modules/Microsoft.Consumption/budgets/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Consumption/budgets/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Consumption/budgets' + modulePath: 'arm/Microsoft.Consumption/budgets' workflowPath: '.github/workflows/ms.consumption.budgets.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerinstance.containergroups.yml b/.github/workflows/ms.containerinstance.containergroups.yml index ca09181a94..b742a184d5 100644 --- a/.github/workflows/ms.containerinstance.containergroups.yml +++ b/.github/workflows/ms.containerinstance.containergroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerinstance.containergroups.yml' - - 'modules/Microsoft.ContainerInstance/containerGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ContainerInstance/containerGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ContainerInstance/containerGroups' + modulePath: 'arm/Microsoft.ContainerInstance/containerGroups' workflowPath: '.github/workflows/ms.containerinstance.containergroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerregistry.registries.yml b/.github/workflows/ms.containerregistry.registries.yml index 85bc59ab19..afbf8879e1 100644 --- a/.github/workflows/ms.containerregistry.registries.yml +++ b/.github/workflows/ms.containerregistry.registries.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerregistry.registries.yml' - - 'modules/Microsoft.ContainerRegistry/registries/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ContainerRegistry/registries/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ContainerRegistry/registries' + modulePath: 'arm/Microsoft.ContainerRegistry/registries' workflowPath: '.github/workflows/ms.containerregistry.registries.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.containerservice.managedclusters.yml b/.github/workflows/ms.containerservice.managedclusters.yml index a8ecaa5331..2198f54e26 100644 --- a/.github/workflows/ms.containerservice.managedclusters.yml +++ b/.github/workflows/ms.containerservice.managedclusters.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.containerservice.managedclusters.yml' - - 'modules/Microsoft.ContainerService/managedClusters/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ContainerService/managedClusters/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ContainerService/managedClusters' + modulePath: 'arm/Microsoft.ContainerService/managedClusters' workflowPath: '.github/workflows/ms.containerservice.managedclusters.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.databricks.workspaces.yml b/.github/workflows/ms.databricks.workspaces.yml index 74cabd195b..b8cbfab40b 100644 --- a/.github/workflows/ms.databricks.workspaces.yml +++ b/.github/workflows/ms.databricks.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.databricks.workspaces.yml' - - 'modules/Microsoft.Databricks/workspaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Databricks/workspaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Databricks/workspaces' + modulePath: 'arm/Microsoft.Databricks/workspaces' workflowPath: '.github/workflows/ms.databricks.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.datafactory.factories.yml b/.github/workflows/ms.datafactory.factories.yml index 1ae1fbb5ee..5c29c4ee5d 100644 --- a/.github/workflows/ms.datafactory.factories.yml +++ b/.github/workflows/ms.datafactory.factories.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.datafactory.factories.yml' - - 'modules/Microsoft.DataFactory/factories/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DataFactory/factories/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DataFactory/factories' + modulePath: 'arm/Microsoft.DataFactory/factories' workflowPath: '.github/workflows/ms.datafactory.factories.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.dataprotection.backupvaults.yml b/.github/workflows/ms.dataprotection.backupvaults.yml index c56adbc3f1..58e5749b5e 100644 --- a/.github/workflows/ms.dataprotection.backupvaults.yml +++ b/.github/workflows/ms.dataprotection.backupvaults.yml @@ -1,39 +1,39 @@ -name: 'DataProtection: BackupVaults' +name: "DataProtection: BackupVaults" on: workflow_dispatch: inputs: removeDeployment: type: boolean - description: 'Remove deployed module' + description: "Remove deployed module" required: false default: true prerelease: type: boolean - description: 'Publish prerelease module' + description: "Publish prerelease module" required: false default: false push: branches: - main paths: - - '.github/actions/templates/**' - - '.github/workflows/ms.dataprotection.backupvaults.yml' - - 'modules/Microsoft.DataProtection/backupVaults/**' - - 'modules/.global/global.module.tests.ps1' - - '!*/**/readme.md' - - 'utilities/pipelines/**' - - '!utilities/pipelines/dependencies/**' + - ".github/actions/templates/**" + - ".github/workflows/ms.dataprotection.backupvaults.yml" + - "arm/Microsoft.DataProtection/backupVaults/**" + - "arm/.global/global.module.tests.ps1" + - "!*/**/readme.md" + - "utilities/pipelines/**" + - "!utilities/pipelines/dependencies/**" env: - variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DataProtection/backupVaults' - workflowPath: '.github/workflows/ms.dataprotection.backupvaults.yml' + variablesPath: "global.variables.yml" + modulePath: "arm/Microsoft.DataProtection/backupVaults" + workflowPath: ".github/workflows/ms.dataprotection.backupvaults.yml" AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} - ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' - ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' - DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + ARM_SUBSCRIPTION_ID: "${{ secrets.ARM_SUBSCRIPTION_ID }}" + ARM_MGMTGROUP_ID: "${{ secrets.ARM_MGMTGROUP_ID }}" + ARM_TENANT_ID: "${{ secrets.ARM_TENANT_ID }}" + DEPLOYMENT_SP_ID: "${{ secrets.DEPLOYMENT_SP_ID }}" jobs: ########################### @@ -41,22 +41,22 @@ jobs: ########################### job_initialize_pipeline: runs-on: ubuntu-20.04 - name: 'Initialize pipeline' + name: "Initialize pipeline" steps: - - name: 'Checkout' + - name: "Checkout" uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Set input parameters to output variables' + - name: "Set input parameters to output variables" id: get-workflow-param uses: ./.github/actions/templates/getWorkflowInput with: - workflowPath: '${{ env.workflowPath}}' - - name: 'Get parameter file paths' + workflowPath: "${{ env.workflowPath}}" + - name: "Get parameter file paths" id: get-parameter-file-paths uses: ./.github/actions/templates/getParameterFiles with: - modulePath: '${{ env.modulePath }}' + modulePath: "${{ env.modulePath }}" outputs: removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} @@ -66,23 +66,23 @@ jobs: ######################### job_module_pester_validation: runs-on: ubuntu-20.04 - name: 'Static validation' + name: "Static validation" steps: - - name: 'Checkout' + - name: "Checkout" uses: actions/checkout@v2 with: fetch-depth: 0 - - name: 'Run tests' + - name: "Run tests" uses: ./.github/actions/templates/validateModulePester with: - modulePath: '${{ env.modulePath }}' + modulePath: "${{ env.modulePath }}" ############################# # Deployment validation # ############################# job_module_deploy_validation: runs-on: ubuntu-20.04 - name: 'Deployment validation' + name: "Deployment validation" needs: - job_initialize_pipeline - job_module_pester_validation @@ -91,7 +91,7 @@ jobs: matrix: parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} steps: - - name: 'Checkout' + - name: "Checkout" uses: actions/checkout@v2 with: fetch-depth: 0 @@ -99,28 +99,28 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + - name: "Using parameter file [${{ matrix.parameterFilePaths }}]" uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' - location: '${{ env.location }}' - resourceGroupName: '${{ env.resourceGroupName }}' - subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' - managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' - removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + templateFilePath: "${{ env.modulePath }}/deploy.bicep" + parameterFilePath: "${{ env.modulePath }}/${{ matrix.parameterFilePaths }}" + location: "${{ env.location }}" + resourceGroupName: "${{ env.resourceGroupName }}" + subscriptionId: "${{ secrets.ARM_SUBSCRIPTION_ID }}" + managementGroupId: "${{ secrets.ARM_MGMTGROUP_ID }}" + removeDeployment: "${{ needs.job_initialize_pipeline.outputs.removeDeployment }}" ################## # Publishing # ################## job_publish_module: - name: 'Publishing' + name: "Publishing" if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' runs-on: ubuntu-20.04 needs: - job_module_deploy_validation steps: - - name: 'Checkout' + - name: "Checkout" uses: actions/checkout@v2 with: fetch-depth: 0 @@ -128,15 +128,15 @@ jobs: uses: ./.github/actions/templates/setEnvironmentVariables with: variablesPath: ${{ env.variablesPath }} - - name: 'Publishing' + - name: "Publishing" uses: ./.github/actions/templates/publishModule with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - templateSpecsRGName: '${{ env.templateSpecsRGName }}' - templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' - templateSpecsDescription: '${{ env.templateSpecsDescription }}' - templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' - bicepRegistryName: '${{ env.bicepRegistryName }}' - bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' - bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' - bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + templateFilePath: "${{ env.modulePath }}/deploy.bicep" + templateSpecsRGName: "${{ env.templateSpecsRGName }}" + templateSpecsRGLocation: "${{ env.templateSpecsRGLocation }}" + templateSpecsDescription: "${{ env.templateSpecsDescription }}" + templateSpecsDoPublish: "${{ env.templateSpecsDoPublish }}" + bicepRegistryName: "${{ env.bicepRegistryName }}" + bicepRegistryRGName: "${{ env.bicepRegistryRGName }}" + bicepRegistryRgLocation: "${{ env.bicepRegistryRgLocation }}" + bicepRegistryDoPublish: "${{ env.bicepRegistryDoPublish }}" \ No newline at end of file diff --git a/.github/workflows/ms.desktopvirtualization.applicationgroups.yml b/.github/workflows/ms.desktopvirtualization.applicationgroups.yml index 08233297a9..33ce312ca1 100644 --- a/.github/workflows/ms.desktopvirtualization.applicationgroups.yml +++ b/.github/workflows/ms.desktopvirtualization.applicationgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.applicationgroups.yml' - - 'modules/Microsoft.DesktopVirtualization/applicationgroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DesktopVirtualization/applicationgroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DesktopVirtualization/applicationgroups' + modulePath: 'arm/Microsoft.DesktopVirtualization/applicationgroups' workflowPath: '.github/workflows/ms.desktopvirtualization.applicationgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.hostpools.yml b/.github/workflows/ms.desktopvirtualization.hostpools.yml index e9467fc5f2..32848ee2b7 100644 --- a/.github/workflows/ms.desktopvirtualization.hostpools.yml +++ b/.github/workflows/ms.desktopvirtualization.hostpools.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.hostpools.yml' - - 'modules/Microsoft.DesktopVirtualization/hostpools/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DesktopVirtualization/hostpools/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DesktopVirtualization/hostpools' + modulePath: 'arm/Microsoft.DesktopVirtualization/hostpools' workflowPath: '.github/workflows/ms.desktopvirtualization.hostpools.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.scalingplans.yml b/.github/workflows/ms.desktopvirtualization.scalingplans.yml index 2be99b6d5c..fab5ecae6b 100644 --- a/.github/workflows/ms.desktopvirtualization.scalingplans.yml +++ b/.github/workflows/ms.desktopvirtualization.scalingplans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.scalingplans.yml' - - 'modules/Microsoft.DesktopVirtualization/scalingplans/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DesktopVirtualization/scalingplans/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DesktopVirtualization/scalingplans' + modulePath: 'arm/Microsoft.DesktopVirtualization/scalingplans' workflowPath: '.github/workflows/ms.desktopvirtualization.scalingplans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.desktopvirtualization.workspaces.yml b/.github/workflows/ms.desktopvirtualization.workspaces.yml index c5598aa7af..7cfaa3e7be 100644 --- a/.github/workflows/ms.desktopvirtualization.workspaces.yml +++ b/.github/workflows/ms.desktopvirtualization.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.desktopvirtualization.workspaces.yml' - - 'modules/Microsoft.DesktopVirtualization/workspaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DesktopVirtualization/workspaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DesktopVirtualization/workspaces' + modulePath: 'arm/Microsoft.DesktopVirtualization/workspaces' workflowPath: '.github/workflows/ms.desktopvirtualization.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.documentdb.databaseaccounts.yml b/.github/workflows/ms.documentdb.databaseaccounts.yml index bf98c479d8..c61a97e61d 100644 --- a/.github/workflows/ms.documentdb.databaseaccounts.yml +++ b/.github/workflows/ms.documentdb.databaseaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.documentdb.databaseaccounts.yml' - - 'modules/Microsoft.DocumentDB/databaseAccounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.DocumentDB/databaseAccounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.DocumentDB/databaseAccounts' + modulePath: 'arm/Microsoft.DocumentDB/databaseAccounts' workflowPath: '.github/workflows/ms.documentdb.databaseaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventgrid.systemtopics.yml b/.github/workflows/ms.eventgrid.systemtopics.yml index f4f5ab3a06..27a694db1f 100644 --- a/.github/workflows/ms.eventgrid.systemtopics.yml +++ b/.github/workflows/ms.eventgrid.systemtopics.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventgrid.systemtopics.yml' - - 'modules/Microsoft.EventGrid/systemTopics/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.EventGrid/systemTopics/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.EventGrid/systemTopics' + modulePath: 'arm/Microsoft.EventGrid/systemTopics' workflowPath: '.github/workflows/ms.eventgrid.systemtopics.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventgrid.topics.yml b/.github/workflows/ms.eventgrid.topics.yml index 16a7384c71..84cc1e4c19 100644 --- a/.github/workflows/ms.eventgrid.topics.yml +++ b/.github/workflows/ms.eventgrid.topics.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventgrid.topics.yml' - - 'modules/Microsoft.EventGrid/topics/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.EventGrid/topics/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.EventGrid/topics' + modulePath: 'arm/Microsoft.EventGrid/topics' workflowPath: '.github/workflows/ms.eventgrid.topics.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.eventhub.namespaces.yml b/.github/workflows/ms.eventhub.namespaces.yml index 1a75f805fe..a7582951bc 100644 --- a/.github/workflows/ms.eventhub.namespaces.yml +++ b/.github/workflows/ms.eventhub.namespaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.eventhub.namespaces.yml' - - 'modules/Microsoft.EventHub/namespaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.EventHub/namespaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.EventHub/namespaces' + modulePath: 'arm/Microsoft.EventHub/namespaces' workflowPath: '.github/workflows/ms.eventhub.namespaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.healthbot.healthbots.yml b/.github/workflows/ms.healthbot.healthbots.yml index 43530361a9..59e4f32200 100644 --- a/.github/workflows/ms.healthbot.healthbots.yml +++ b/.github/workflows/ms.healthbot.healthbots.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.healthbot.healthbots.yml' - - 'modules/Microsoft.HealthBot/healthBots/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.HealthBot/healthBots/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.HealthBot/healthBots' + modulePath: 'arm/Microsoft.HealthBot/healthBots' workflowPath: '.github/workflows/ms.healthbot.healthbots.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.actiongroups.yml b/.github/workflows/ms.insights.actiongroups.yml index d388901c80..b9758fd8aa 100644 --- a/.github/workflows/ms.insights.actiongroups.yml +++ b/.github/workflows/ms.insights.actiongroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.actiongroups.yml' - - 'modules/Microsoft.Insights/actionGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/actionGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/actionGroups' + modulePath: 'arm/Microsoft.Insights/actionGroups' workflowPath: '.github/workflows/ms.insights.actiongroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.activitylogalerts.yml b/.github/workflows/ms.insights.activitylogalerts.yml index 97e287c8fd..3f1f01f514 100644 --- a/.github/workflows/ms.insights.activitylogalerts.yml +++ b/.github/workflows/ms.insights.activitylogalerts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.activitylogalerts.yml' - - 'modules/Microsoft.Insights/activityLogAlerts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/activityLogAlerts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/activityLogAlerts' + modulePath: 'arm/Microsoft.Insights/activityLogAlerts' workflowPath: '.github/workflows/ms.insights.activitylogalerts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.components.yml b/.github/workflows/ms.insights.components.yml index ad8569778e..ed559d1c8e 100644 --- a/.github/workflows/ms.insights.components.yml +++ b/.github/workflows/ms.insights.components.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.components.yml' - - 'modules/Microsoft.Insights/components/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/components/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/components' + modulePath: 'arm/Microsoft.Insights/components' workflowPath: '.github/workflows/ms.insights.components.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.diagnosticsettings.yml b/.github/workflows/ms.insights.diagnosticsettings.yml index 556e6d95af..b49863642c 100644 --- a/.github/workflows/ms.insights.diagnosticsettings.yml +++ b/.github/workflows/ms.insights.diagnosticsettings.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.diagnosticsettings.yml' - - 'modules/Microsoft.Insights/diagnosticsettings/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/diagnosticsettings/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/diagnosticSettings' + modulePath: 'arm/Microsoft.Insights/diagnosticSettings' workflowPath: '.github/workflows/ms.insights.diagnosticsettings.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.metricalerts.yml b/.github/workflows/ms.insights.metricalerts.yml index c238711b06..7f4e64a2b7 100644 --- a/.github/workflows/ms.insights.metricalerts.yml +++ b/.github/workflows/ms.insights.metricalerts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.metricalerts.yml' - - 'modules/Microsoft.Insights/metricAlerts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/metricAlerts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/metricAlerts' + modulePath: 'arm/Microsoft.Insights/metricAlerts' workflowPath: '.github/workflows/ms.insights.metricalerts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.privatelinkscopes.yml b/.github/workflows/ms.insights.privatelinkscopes.yml index c342b41a94..35e362059b 100644 --- a/.github/workflows/ms.insights.privatelinkscopes.yml +++ b/.github/workflows/ms.insights.privatelinkscopes.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.privatelinkscopes.yml' - - 'modules/Microsoft.Insights/privateLinkScopes/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/privateLinkScopes/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/privateLinkScopes' + modulePath: 'arm/Microsoft.Insights/privateLinkScopes' workflowPath: '.github/workflows/ms.insights.privatelinkscopes.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.insights.scheduledqueryrules.yml b/.github/workflows/ms.insights.scheduledqueryrules.yml index f94d3e3fe9..3ac293149b 100644 --- a/.github/workflows/ms.insights.scheduledqueryrules.yml +++ b/.github/workflows/ms.insights.scheduledqueryrules.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.insights.scheduledqueryrules.yml' - - 'modules/Microsoft.Insights/scheduledQueryRules/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Insights/scheduledQueryRules/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Insights/scheduledQueryRules' + modulePath: 'arm/Microsoft.Insights/scheduledQueryRules' workflowPath: '.github/workflows/ms.insights.scheduledqueryrules.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index 1067ceab94..a428a0e48a 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.keyvault.vaults.yml' - - 'modules/Microsoft.KeyVault/vaults/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.KeyVault/vaults/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.KeyVault/vaults' + modulePath: 'arm/Microsoft.KeyVault/vaults' workflowPath: '.github/workflows/ms.keyvault.vaults.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.kubernetesconfiguration.extensions.yml b/.github/workflows/ms.kubernetesconfiguration.extensions.yml index 03163a781c..cb6c3b7664 100644 --- a/.github/workflows/ms.kubernetesconfiguration.extensions.yml +++ b/.github/workflows/ms.kubernetesconfiguration.extensions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.kubernetesconfiguration.extensions.yml' - - 'modules/Microsoft.KubernetesConfiguration/extensions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.KubernetesConfiguration/extensions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.KubernetesConfiguration/extensions' + modulePath: 'arm/Microsoft.KubernetesConfiguration/extensions' workflowPath: '.github/workflows/ms.kubernetesconfiguration.extensions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml index 9d6e7ae21c..47ec3b2fc6 100644 --- a/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml +++ b/.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml' - - 'modules/Microsoft.KubernetesConfiguration/fluxConfigurations/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.KubernetesConfiguration/fluxConfigurations/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.KubernetesConfiguration/fluxConfigurations' + modulePath: 'arm/Microsoft.KubernetesConfiguration/fluxConfigurations' workflowPath: '.github/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.logic.workflows.yml b/.github/workflows/ms.logic.workflows.yml index 19a4d65ea3..03e09b6410 100644 --- a/.github/workflows/ms.logic.workflows.yml +++ b/.github/workflows/ms.logic.workflows.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.logic.workflows.yml' - - 'modules/Microsoft.Logic/workflows/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Logic/workflows/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Logic/workflows' + modulePath: 'arm/Microsoft.Logic/workflows' workflowPath: '.github/workflows/ms.logic.workflows.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.machinelearningservices.workspaces.yml b/.github/workflows/ms.machinelearningservices.workspaces.yml index 5df607c47b..aab2efcaeb 100644 --- a/.github/workflows/ms.machinelearningservices.workspaces.yml +++ b/.github/workflows/ms.machinelearningservices.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.machinelearningservices.workspaces.yml' - - 'modules/Microsoft.MachineLearningServices/workspaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.MachineLearningServices/workspaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.MachineLearningServices/workspaces' + modulePath: 'arm/Microsoft.MachineLearningServices/workspaces' workflowPath: '.github/workflows/ms.machinelearningservices.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.managedidentity.userassignedidentities.yml b/.github/workflows/ms.managedidentity.userassignedidentities.yml index d0c233a4c4..e85f71f65a 100644 --- a/.github/workflows/ms.managedidentity.userassignedidentities.yml +++ b/.github/workflows/ms.managedidentity.userassignedidentities.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.managedidentity.userassignedidentities.yml' - - 'modules/Microsoft.ManagedIdentity/userAssignedIdentities/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ManagedIdentity/userAssignedIdentities/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ManagedIdentity/userAssignedIdentities' + modulePath: 'arm/Microsoft.ManagedIdentity/userAssignedIdentities' workflowPath: '.github/workflows/ms.managedidentity.userassignedidentities.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.managedservices.registrationdefinitions.yml b/.github/workflows/ms.managedservices.registrationdefinitions.yml index 9825845d2a..174cdf5a4d 100644 --- a/.github/workflows/ms.managedservices.registrationdefinitions.yml +++ b/.github/workflows/ms.managedservices.registrationdefinitions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.managedservices.registrationdefinitions.yml' - - 'modules/Microsoft.ManagedServices/registrationDefinitions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ManagedServices/registrationDefinitions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ManagedServices/registrationDefinitions' + modulePath: 'arm/Microsoft.ManagedServices/registrationDefinitions' workflowPath: '.github/workflows/ms.managedservices.registrationdefinitions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.management.managementgroups.yml b/.github/workflows/ms.management.managementgroups.yml index ff7edf7a55..00860c6205 100644 --- a/.github/workflows/ms.management.managementgroups.yml +++ b/.github/workflows/ms.management.managementgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.management.managementgroups.yml' - - 'modules/Microsoft.Management/managementGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Management/managementGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Management/managementGroups' + modulePath: 'arm/Microsoft.Management/managementGroups' workflowPath: '.github/workflows/ms.management.managementgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.netapp.netappaccounts.yml b/.github/workflows/ms.netapp.netappaccounts.yml index 0c1aa8555b..0aa8dc46b1 100644 --- a/.github/workflows/ms.netapp.netappaccounts.yml +++ b/.github/workflows/ms.netapp.netappaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.netapp.netappaccounts.yml' - - 'modules/Microsoft.NetApp/netAppAccounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.NetApp/netAppAccounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.NetApp/netAppAccounts' + modulePath: 'arm/Microsoft.NetApp/netAppAccounts' workflowPath: '.github/workflows/ms.netapp.netappaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.applicationgateways.yml b/.github/workflows/ms.network.applicationgateways.yml index 930f387bce..4e8aa732e5 100644 --- a/.github/workflows/ms.network.applicationgateways.yml +++ b/.github/workflows/ms.network.applicationgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.applicationgateways.yml' - - 'modules/Microsoft.Network/applicationGateways/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/applicationGateways/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/applicationGateways' + modulePath: 'arm/Microsoft.Network/applicationGateways' workflowPath: '.github/workflows/ms.network.applicationgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.applicationsecuritygroups.yml b/.github/workflows/ms.network.applicationsecuritygroups.yml index 49f9bb3071..a4f3df798d 100644 --- a/.github/workflows/ms.network.applicationsecuritygroups.yml +++ b/.github/workflows/ms.network.applicationsecuritygroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.applicationsecuritygroups.yml' - - 'modules/Microsoft.Network/applicationSecurityGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/applicationSecurityGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/applicationSecurityGroups' + modulePath: 'arm/Microsoft.Network/applicationSecurityGroups' workflowPath: '.github/workflows/ms.network.applicationsecuritygroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.azurefirewalls.yml b/.github/workflows/ms.network.azurefirewalls.yml index 2de448b7af..93bffd1e5b 100644 --- a/.github/workflows/ms.network.azurefirewalls.yml +++ b/.github/workflows/ms.network.azurefirewalls.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.azurefirewalls.yml' - - 'modules/Microsoft.Network/azureFirewalls/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/azureFirewalls/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/azureFirewalls' + modulePath: 'arm/Microsoft.Network/azureFirewalls' workflowPath: '.github/workflows/ms.network.azurefirewalls.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.bastionhosts.yml b/.github/workflows/ms.network.bastionhosts.yml index 7bb3d48b6a..4737fe021a 100644 --- a/.github/workflows/ms.network.bastionhosts.yml +++ b/.github/workflows/ms.network.bastionhosts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.bastionhosts.yml' - - 'modules/Microsoft.Network/bastionHosts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/bastionHosts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/bastionHosts' + modulePath: 'arm/Microsoft.Network/bastionHosts' workflowPath: '.github/workflows/ms.network.bastionhosts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.connections.yml b/.github/workflows/ms.network.connections.yml index 76bb4cd9bd..e37af7123d 100644 --- a/.github/workflows/ms.network.connections.yml +++ b/.github/workflows/ms.network.connections.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.connections.yml' - - 'modules/Microsoft.Network/connections/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/connections/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/connections' + modulePath: 'arm/Microsoft.Network/connections' workflowPath: '.github/workflows/ms.network.connections.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.ddosprotectionplans.yml b/.github/workflows/ms.network.ddosprotectionplans.yml index 4582c415a7..0f83af3940 100644 --- a/.github/workflows/ms.network.ddosprotectionplans.yml +++ b/.github/workflows/ms.network.ddosprotectionplans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.ddosprotectionplans.yml' - - 'modules/Microsoft.Network/ddosProtectionPlans/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/ddosProtectionPlans/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/ddosProtectionPlans' + modulePath: 'arm/Microsoft.Network/ddosProtectionPlans' workflowPath: '.github/workflows/ms.network.ddosprotectionplans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.expressroutecircuits.yml b/.github/workflows/ms.network.expressroutecircuits.yml index 4f1d1c87f1..a8bc58510a 100644 --- a/.github/workflows/ms.network.expressroutecircuits.yml +++ b/.github/workflows/ms.network.expressroutecircuits.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.expressroutecircuits.yml' - - 'modules/Microsoft.Network/expressRouteCircuits/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/expressRouteCircuits/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/expressRouteCircuits' + modulePath: 'arm/Microsoft.Network/expressRouteCircuits' workflowPath: '.github/workflows/ms.network.expressroutecircuits.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.firewallpolicies.yml b/.github/workflows/ms.network.firewallpolicies.yml index fab9e32a34..6137b0212f 100644 --- a/.github/workflows/ms.network.firewallpolicies.yml +++ b/.github/workflows/ms.network.firewallpolicies.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.firewallpolicies.yml' - - 'modules/Microsoft.Network/firewallPolicies/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/firewallPolicies/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/firewallPolicies' + modulePath: 'arm/Microsoft.Network/firewallPolicies' workflowPath: '.github/workflows/ms.network.firewallpolicies.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.frontdoors.yml b/.github/workflows/ms.network.frontdoors.yml index 65d1960ddc..5e511cae0b 100644 --- a/.github/workflows/ms.network.frontdoors.yml +++ b/.github/workflows/ms.network.frontdoors.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.frontdoors.yml' - - 'modules/Microsoft.Network/frontDoors/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/frontDoors/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/frontDoors' + modulePath: 'arm/Microsoft.Network/frontDoors' workflowPath: '.github/workflows/ms.network.frontdoors.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.ipgroups.yml b/.github/workflows/ms.network.ipgroups.yml index c2e71a6c59..3a13b6d30b 100644 --- a/.github/workflows/ms.network.ipgroups.yml +++ b/.github/workflows/ms.network.ipgroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.ipgroups.yml' - - 'modules/Microsoft.Network/ipGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/ipGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/ipGroups' + modulePath: 'arm/Microsoft.Network/ipGroups' workflowPath: '.github/workflows/ms.network.ipgroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.loadbalancers.yml b/.github/workflows/ms.network.loadbalancers.yml index 6eb3b3acf4..3d23e74394 100644 --- a/.github/workflows/ms.network.loadbalancers.yml +++ b/.github/workflows/ms.network.loadbalancers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.loadbalancers.yml' - - 'modules/Microsoft.Network/loadBalancers/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/loadBalancers/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/loadBalancers' + modulePath: 'arm/Microsoft.Network/loadBalancers' workflowPath: '.github/workflows/ms.network.loadbalancers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.localnetworkgateways.yml b/.github/workflows/ms.network.localnetworkgateways.yml index 704d6dc29c..be05683a4b 100644 --- a/.github/workflows/ms.network.localnetworkgateways.yml +++ b/.github/workflows/ms.network.localnetworkgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.localnetworkgateways.yml' - - 'modules/Microsoft.Network/localNetworkGateways/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/localNetworkGateways/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/localNetworkGateways' + modulePath: 'arm/Microsoft.Network/localNetworkGateways' workflowPath: '.github/workflows/ms.network.localnetworkgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.natgateways.yml b/.github/workflows/ms.network.natgateways.yml index fd3b0b0f4c..ebdd539815 100644 --- a/.github/workflows/ms.network.natgateways.yml +++ b/.github/workflows/ms.network.natgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.natgateways.yml' - - 'modules/Microsoft.Network/natGateways/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/natGateways/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/natGateways' + modulePath: 'arm/Microsoft.Network/natGateways' workflowPath: '.github/workflows/ms.network.natgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networkinterfaces.yml b/.github/workflows/ms.network.networkinterfaces.yml index 3351651662..feda3575e3 100644 --- a/.github/workflows/ms.network.networkinterfaces.yml +++ b/.github/workflows/ms.network.networkinterfaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkinterfaces.yml' - - 'modules/Microsoft.Network/networkInterfaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/networkInterfaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/networkInterfaces' + modulePath: 'arm/Microsoft.Network/networkInterfaces' workflowPath: '.github/workflows/ms.network.networkinterfaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networksecuritygroups.yml b/.github/workflows/ms.network.networksecuritygroups.yml index ec4143097d..186a49f9c6 100644 --- a/.github/workflows/ms.network.networksecuritygroups.yml +++ b/.github/workflows/ms.network.networksecuritygroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networksecuritygroups.yml' - - 'modules/Microsoft.Network/networkSecurityGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/networkSecurityGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/networkSecurityGroups' + modulePath: 'arm/Microsoft.Network/networkSecurityGroups' workflowPath: '.github/workflows/ms.network.networksecuritygroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.networkwatchers.yml b/.github/workflows/ms.network.networkwatchers.yml index 1f1773ba2e..3728a63e58 100644 --- a/.github/workflows/ms.network.networkwatchers.yml +++ b/.github/workflows/ms.network.networkwatchers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.networkwatchers.yml' - - 'modules/Microsoft.Network/networkWatchers/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/networkWatchers/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/networkWatchers' + modulePath: 'arm/Microsoft.Network/networkWatchers' workflowPath: '.github/workflows/ms.network.networkwatchers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.privatednszones.yml b/.github/workflows/ms.network.privatednszones.yml index 5186987b00..3afa12980f 100644 --- a/.github/workflows/ms.network.privatednszones.yml +++ b/.github/workflows/ms.network.privatednszones.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.privatednszones.yml' - - 'modules/Microsoft.Network/privateDnsZones/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/privateDnsZones/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/privateDnsZones' + modulePath: 'arm/Microsoft.Network/privateDnsZones' workflowPath: '.github/workflows/ms.network.privatednszones.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.privateendpoints.yml b/.github/workflows/ms.network.privateendpoints.yml index b7fed464dd..06132ed4a2 100644 --- a/.github/workflows/ms.network.privateendpoints.yml +++ b/.github/workflows/ms.network.privateendpoints.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.privateendpoints.yml' - - 'modules/Microsoft.Network/privateEndpoints/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/privateEndpoints/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/privateEndpoints' + modulePath: 'arm/Microsoft.Network/privateEndpoints' workflowPath: '.github/workflows/ms.network.privateendpoints.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.publicipaddresses.yml b/.github/workflows/ms.network.publicipaddresses.yml index b1e9fbcc11..ff2e212f7b 100644 --- a/.github/workflows/ms.network.publicipaddresses.yml +++ b/.github/workflows/ms.network.publicipaddresses.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.publicipaddresses.yml' - - 'modules/Microsoft.Network/publicIPAddresses/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/publicIPAddresses/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/publicIPAddresses' + modulePath: 'arm/Microsoft.Network/publicIPAddresses' workflowPath: '.github/workflows/ms.network.publicipaddresses.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.publicipprefixes.yml b/.github/workflows/ms.network.publicipprefixes.yml index 714bc5bdb2..7ee726e778 100644 --- a/.github/workflows/ms.network.publicipprefixes.yml +++ b/.github/workflows/ms.network.publicipprefixes.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.publicipprefixes.yml' - - 'modules/Microsoft.Network/publicIPPrefixes/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/publicIPPrefixes/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/publicIPPrefixes' + modulePath: 'arm/Microsoft.Network/publicIPPrefixes' workflowPath: '.github/workflows/ms.network.publicipprefixes.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.routetables.yml b/.github/workflows/ms.network.routetables.yml index 9f4bb512c4..c64d0c4b61 100644 --- a/.github/workflows/ms.network.routetables.yml +++ b/.github/workflows/ms.network.routetables.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.routetables.yml' - - 'modules/Microsoft.Network/routeTables/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/routeTables/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/routeTables' + modulePath: 'arm/Microsoft.Network/routeTables' workflowPath: '.github/workflows/ms.network.routetables.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.trafficmanagerprofiles.yml b/.github/workflows/ms.network.trafficmanagerprofiles.yml index d1a0a6b561..38e8f66a8c 100644 --- a/.github/workflows/ms.network.trafficmanagerprofiles.yml +++ b/.github/workflows/ms.network.trafficmanagerprofiles.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.trafficmanagerprofiles.yml' - - 'modules/Microsoft.Network/trafficmanagerprofiles/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/trafficmanagerprofiles/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/trafficmanagerprofiles' + modulePath: 'arm/Microsoft.Network/trafficmanagerprofiles' workflowPath: '.github/workflows/ms.network.trafficmanagerprofiles.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualhubs.yml b/.github/workflows/ms.network.virtualhubs.yml index 9e2221dff4..cf5d3d8db7 100644 --- a/.github/workflows/ms.network.virtualhubs.yml +++ b/.github/workflows/ms.network.virtualhubs.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualhubs.yml' - - 'modules/Microsoft.Network/virtualHubs/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/virtualHubs/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/virtualHubs' + modulePath: 'arm/Microsoft.Network/virtualHubs' workflowPath: '.github/workflows/ms.network.virtualhubs.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualnetworkgateways.yml b/.github/workflows/ms.network.virtualnetworkgateways.yml index a96f19b58f..d0ad36a1fa 100644 --- a/.github/workflows/ms.network.virtualnetworkgateways.yml +++ b/.github/workflows/ms.network.virtualnetworkgateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualnetworkgateways.yml' - - 'modules/Microsoft.Network/virtualNetworkGateways/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/virtualNetworkGateways/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/virtualNetworkGateways' + modulePath: 'arm/Microsoft.Network/virtualNetworkGateways' workflowPath: '.github/workflows/ms.network.virtualnetworkgateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualnetworks.yml b/.github/workflows/ms.network.virtualnetworks.yml index 8ffde5c19e..b1445fc3ce 100644 --- a/.github/workflows/ms.network.virtualnetworks.yml +++ b/.github/workflows/ms.network.virtualnetworks.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualnetworks.yml' - - 'modules/Microsoft.Network/virtualNetworks/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/virtualNetworks/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/virtualNetworks' + modulePath: 'arm/Microsoft.Network/virtualNetworks' workflowPath: '.github/workflows/ms.network.virtualnetworks.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.virtualwans.yml b/.github/workflows/ms.network.virtualwans.yml index 911e6fe50a..af84aa61d6 100644 --- a/.github/workflows/ms.network.virtualwans.yml +++ b/.github/workflows/ms.network.virtualwans.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.virtualwans.yml' - - 'modules/Microsoft.Network/virtualWans/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/virtualWans/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/virtualWans' + modulePath: 'arm/Microsoft.Network/virtualWans' workflowPath: '.github/workflows/ms.network.virtualwans.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.vpngateways.yml b/.github/workflows/ms.network.vpngateways.yml index 2fb8cc1797..a478903089 100644 --- a/.github/workflows/ms.network.vpngateways.yml +++ b/.github/workflows/ms.network.vpngateways.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.vpngateways.yml' - - 'modules/Microsoft.Network/vpnGateways/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/vpnGateways/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/vpnGateways' + modulePath: 'arm/Microsoft.Network/vpnGateways' workflowPath: '.github/workflows/ms.network.vpngateways.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.network.vpnsites.yml b/.github/workflows/ms.network.vpnsites.yml index b72ddae6e1..fb0f8c8d3f 100644 --- a/.github/workflows/ms.network.vpnsites.yml +++ b/.github/workflows/ms.network.vpnsites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.network.vpnsites.yml' - - 'modules/Microsoft.Network/vpnSites/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Network/vpnSites/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Network/vpnSites' + modulePath: 'arm/Microsoft.Network/vpnSites' workflowPath: '.github/workflows/ms.network.vpnsites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.operationalinsights.workspaces.yml b/.github/workflows/ms.operationalinsights.workspaces.yml index fd0c3c685a..9ddfc177f5 100644 --- a/.github/workflows/ms.operationalinsights.workspaces.yml +++ b/.github/workflows/ms.operationalinsights.workspaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.operationalinsights.workspaces.yml' - - 'modules/Microsoft.OperationalInsights/workspaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.OperationalInsights/workspaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.OperationalInsights/workspaces' + modulePath: 'arm/Microsoft.OperationalInsights/workspaces' workflowPath: '.github/workflows/ms.operationalinsights.workspaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.operationsmanagement.solutions.yml b/.github/workflows/ms.operationsmanagement.solutions.yml index da92a74b21..db74fec086 100644 --- a/.github/workflows/ms.operationsmanagement.solutions.yml +++ b/.github/workflows/ms.operationsmanagement.solutions.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.operationsmanagement.solutions.yml' - - 'modules/Microsoft.OperationsManagement/solutions/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.OperationsManagement/solutions/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.OperationsManagement/solutions' + modulePath: 'arm/Microsoft.OperationsManagement/solutions' workflowPath: '.github/workflows/ms.operationsmanagement.solutions.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.recoveryservices.vaults.yml b/.github/workflows/ms.recoveryservices.vaults.yml index 275e0498de..15e09441c3 100644 --- a/.github/workflows/ms.recoveryservices.vaults.yml +++ b/.github/workflows/ms.recoveryservices.vaults.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.recoveryservices.vaults.yml' - - 'modules/Microsoft.RecoveryServices/vaults/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.RecoveryServices/vaults/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.RecoveryServices/vaults' + modulePath: 'arm/Microsoft.RecoveryServices/vaults' workflowPath: '.github/workflows/ms.recoveryservices.vaults.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.deploymentscripts.yml b/.github/workflows/ms.resources.deploymentscripts.yml index 32b6b0f767..967b05e4b9 100644 --- a/.github/workflows/ms.resources.deploymentscripts.yml +++ b/.github/workflows/ms.resources.deploymentscripts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.deploymentscripts.yml' - - 'modules/Microsoft.Resources/deploymentScripts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Resources/deploymentScripts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Resources/deploymentScripts' + modulePath: 'arm/Microsoft.Resources/deploymentScripts' workflowPath: '.github/workflows/ms.resources.deploymentscripts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.resourcegroups.yml b/.github/workflows/ms.resources.resourcegroups.yml index 60de42f8b8..392cd5740b 100644 --- a/.github/workflows/ms.resources.resourcegroups.yml +++ b/.github/workflows/ms.resources.resourcegroups.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.resourcegroups.yml' - - 'modules/Microsoft.Resources/resourceGroups/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Resources/resourceGroups/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Resources/resourceGroups' + modulePath: 'arm/Microsoft.Resources/resourceGroups' workflowPath: '.github/workflows/ms.resources.resourcegroups.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.resources.tags.yml b/.github/workflows/ms.resources.tags.yml index fb54367126..c35776cb2d 100644 --- a/.github/workflows/ms.resources.tags.yml +++ b/.github/workflows/ms.resources.tags.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.resources.tags.yml' - - 'modules/Microsoft.Resources/tags/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Resources/tags/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Resources/tags' + modulePath: 'arm/Microsoft.Resources/tags' workflowPath: '.github/workflows/ms.resources.tags.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.security.azuresecuritycenter.yml b/.github/workflows/ms.security.azuresecuritycenter.yml index bca0ebedff..0eab54dc73 100644 --- a/.github/workflows/ms.security.azuresecuritycenter.yml +++ b/.github/workflows/ms.security.azuresecuritycenter.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.security.azuresecuritycenter.yml' - - 'modules/Microsoft.Security/azureSecurityCenter/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Security/azureSecurityCenter/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Security/azureSecurityCenter' + modulePath: 'arm/Microsoft.Security/azureSecurityCenter' workflowPath: '.github/workflows/ms.security.azuresecuritycenter.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.servicebus.namespaces.yml b/.github/workflows/ms.servicebus.namespaces.yml index fb84ab7ccd..e290a78302 100644 --- a/.github/workflows/ms.servicebus.namespaces.yml +++ b/.github/workflows/ms.servicebus.namespaces.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.servicebus.namespaces.yml' - - 'modules/Microsoft.ServiceBus/namespaces/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ServiceBus/namespaces/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ServiceBus/namespaces' + modulePath: 'arm/Microsoft.ServiceBus/namespaces' workflowPath: '.github/workflows/ms.servicebus.namespaces.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.servicefabric.clusters.yml b/.github/workflows/ms.servicefabric.clusters.yml index 9895c4f192..d53258695c 100644 --- a/.github/workflows/ms.servicefabric.clusters.yml +++ b/.github/workflows/ms.servicefabric.clusters.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.servicefabric.clusters.yml' - - 'modules/Microsoft.ServiceFabric/clusters/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.ServiceFabric/clusters/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.ServiceFabric/clusters' + modulePath: 'arm/Microsoft.ServiceFabric/clusters' workflowPath: '.github/workflows/ms.servicefabric.clusters.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.sql.managedinstances.yml b/.github/workflows/ms.sql.managedinstances.yml index e3c6df7041..70cacaaaaf 100644 --- a/.github/workflows/ms.sql.managedinstances.yml +++ b/.github/workflows/ms.sql.managedinstances.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.sql.managedinstances.yml' - - 'modules/Microsoft.Sql/managedInstances/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Sql/managedInstances/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Sql/managedInstances' + modulePath: 'arm/Microsoft.Sql/managedInstances' workflowPath: '.github/workflows/ms.sql.managedinstances.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.sql.servers.yml b/.github/workflows/ms.sql.servers.yml index 61623e9bfb..c2b15642ee 100644 --- a/.github/workflows/ms.sql.servers.yml +++ b/.github/workflows/ms.sql.servers.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.sql.servers.yml' - - 'modules/Microsoft.Sql/servers/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Sql/servers/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Sql/servers' + modulePath: 'arm/Microsoft.Sql/servers' workflowPath: '.github/workflows/ms.sql.servers.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.storage.storageaccounts.yml b/.github/workflows/ms.storage.storageaccounts.yml index dfd7c811fc..25ca93d427 100644 --- a/.github/workflows/ms.storage.storageaccounts.yml +++ b/.github/workflows/ms.storage.storageaccounts.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.storage.storageaccounts.yml' - - 'modules/Microsoft.Storage/storageAccounts/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Storage/storageAccounts/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Storage/storageAccounts' + modulePath: 'arm/Microsoft.Storage/storageAccounts' workflowPath: '.github/workflows/ms.storage.storageaccounts.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.synapse.privatelinkhubs.yml b/.github/workflows/ms.synapse.privatelinkhubs.yml index d0287ac8d3..7c70983ae5 100644 --- a/.github/workflows/ms.synapse.privatelinkhubs.yml +++ b/.github/workflows/ms.synapse.privatelinkhubs.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.synapse.privatelinkhubs.yml' - - 'modules/Microsoft.Synapse/privateLinkHubs/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Synapse/privateLinkHubs/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Synapse/privateLinkHubs' + modulePath: 'arm/Microsoft.Synapse/privateLinkHubs' workflowPath: '.github/workflows/ms.synapse.privatelinkhubs.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.virtualmachineimages.imagetemplates.yml b/.github/workflows/ms.virtualmachineimages.imagetemplates.yml index 7d1c122891..1a586bcf64 100644 --- a/.github/workflows/ms.virtualmachineimages.imagetemplates.yml +++ b/.github/workflows/ms.virtualmachineimages.imagetemplates.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.virtualmachineimages.imagetemplates.yml' - - 'modules/Microsoft.VirtualMachineImages/imageTemplates/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.VirtualMachineImages/imageTemplates/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.VirtualMachineImages/imageTemplates' + modulePath: 'arm/Microsoft.VirtualMachineImages/imageTemplates' workflowPath: '.github/workflows/ms.virtualmachineimages.imagetemplates.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.connections.yml b/.github/workflows/ms.web.connections.yml index 24a5452946..e32df8e3c9 100644 --- a/.github/workflows/ms.web.connections.yml +++ b/.github/workflows/ms.web.connections.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.connections.yml' - - 'modules/Microsoft.Web/connections/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Web/connections/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Web/connections' + modulePath: 'arm/Microsoft.Web/connections' workflowPath: '.github/workflows/ms.web.connections.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.hostingenvironments.yml b/.github/workflows/ms.web.hostingenvironments.yml index cc7f884c27..0d926983ec 100644 --- a/.github/workflows/ms.web.hostingenvironments.yml +++ b/.github/workflows/ms.web.hostingenvironments.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.hostingenvironments.yml' - - 'modules/Microsoft.Web/hostingEnvironments/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Web/hostingEnvironments/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Web/hostingEnvironments' + modulePath: 'arm/Microsoft.Web/hostingEnvironments' workflowPath: '.github/workflows/ms.web.hostingenvironments.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.serverfarms.yml b/.github/workflows/ms.web.serverfarms.yml index d0d6a3a41d..1ba700cf21 100644 --- a/.github/workflows/ms.web.serverfarms.yml +++ b/.github/workflows/ms.web.serverfarms.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.serverfarms.yml' - - 'modules/Microsoft.Web/serverfarms/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Web/serverfarms/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Web/serverfarms' + modulePath: 'arm/Microsoft.Web/serverfarms' workflowPath: '.github/workflows/ms.web.serverfarms.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.sites.yml b/.github/workflows/ms.web.sites.yml index 5f69a15df6..a83b5659d2 100644 --- a/.github/workflows/ms.web.sites.yml +++ b/.github/workflows/ms.web.sites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.sites.yml' - - 'modules/Microsoft.Web/sites/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Web/sites/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Web/sites' + modulePath: 'arm/Microsoft.Web/sites' workflowPath: '.github/workflows/ms.web.sites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/ms.web.staticsites.yml b/.github/workflows/ms.web.staticsites.yml index b387de58ae..bc0920919b 100644 --- a/.github/workflows/ms.web.staticsites.yml +++ b/.github/workflows/ms.web.staticsites.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.web.staticsites.yml' - - 'modules/Microsoft.Web/staticSites/**' - - 'modules/.global/global.module.tests.ps1' + - 'arm/Microsoft.Web/staticSites/**' + - 'arm/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'modules/Microsoft.Web/staticSites' + modulePath: 'arm/Microsoft.Web/staticSites' workflowPath: '.github/workflows/ms.web.staticsites.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/.github/workflows/platform.convertToArmTemplate.tests.yml b/.github/workflows/platform.convertToArmTemplate.tests.yml index a17478ce75..abbce2b938 100644 --- a/.github/workflows/platform.convertToArmTemplate.tests.yml +++ b/.github/workflows/platform.convertToArmTemplate.tests.yml @@ -1,7 +1,6 @@ name: '.Platform: Test - ConvertTo-ARMTemplate.ps1' on: - workflow_dispatch: push: branches: - main diff --git a/.github/workflows/platform.dependencies.yml b/.github/workflows/platform.dependencies.yml index a1addb1653..1754c3c32c 100644 --- a/.github/workflows/platform.dependencies.yml +++ b/.github/workflows/platform.dependencies.yml @@ -43,8 +43,7 @@ jobs: strategy: fail-fast: false matrix: - parameterFilePaths: - ['validation.parameters.json', 'locks.parameters.json'] + parameterFilePaths: ['validation.parameters.json', 'locks.parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -53,7 +52,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -81,7 +80,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -112,7 +111,7 @@ jobs: id: deploy_msi uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -151,7 +150,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -179,7 +178,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -207,7 +206,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -235,7 +234,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -254,12 +253,7 @@ jobs: fail-fast: false matrix: parameterFilePaths: - [ - 'appi.parameters.json', - 'aut.parameters.json', - 'sol.parameters.json', - 'parameters.json', - ] + ['appi.parameters.json', 'aut.parameters.json', 'sol.parameters.json', 'parameters.json'] steps: - name: 'Checkout' uses: actions/checkout@v2 @@ -269,7 +263,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -298,7 +292,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -406,7 +400,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -440,7 +434,7 @@ jobs: id: deploy_imgt uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -603,7 +597,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -631,7 +625,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -659,7 +653,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -688,7 +682,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -725,7 +719,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -756,7 +750,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -784,7 +778,7 @@ jobs: 'lb.parameters.json', 'lb.min.parameters.json', 'fw.parameters.json', - 'fw.additional.parameters.json', + 'fw.additional.parameters.json' ] steps: - name: 'Checkout' @@ -795,7 +789,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -825,7 +819,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -855,7 +849,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -885,7 +879,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -916,7 +910,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -949,7 +943,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1129,7 +1123,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1251,7 +1245,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1279,7 +1273,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/subscription/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/subscription/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1312,7 +1306,7 @@ jobs: '11.azfw.parameters.json', '12.bastion.parameters.json', '13.bastion.parameters.json', - 'parameters.json', + 'parameters.json' ] steps: - name: 'Checkout' @@ -1323,7 +1317,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1353,7 +1347,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1381,7 +1375,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1411,7 +1405,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' @@ -1439,7 +1433,7 @@ jobs: - name: 'Deploy module' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: 'modules/${{ env.namespace }}/deploy.bicep' + templateFilePath: 'arm/${{ env.namespace }}/deploy.bicep' parameterFilePath: '${{ env.dependencyPath }}/${{ env.namespace }}/parameters/${{ matrix.parameterFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.defaultResourceGroupName }}' diff --git a/.github/workflows/platform.updateReadMe.yml b/.github/workflows/platform.updateReadMe.yml index 9e3d0dfcf2..829dd17ae6 100644 --- a/.github/workflows/platform.updateReadMe.yml +++ b/.github/workflows/platform.updateReadMe.yml @@ -10,8 +10,8 @@ on: branches: - main paths: - - 'modules/**/deploy.bicep' - - 'modules/**/deploy.json' + - 'arm/**/deploy.bicep' + - 'arm/**/deploy.json' env: pipelinePrincipalGitUserName: 'CARMLPipelinePrincipal' @@ -34,7 +34,7 @@ jobs: . "$env:GITHUB_WORKSPACE/utilities/tools/Set-ReadMeModuleTable.ps1" $functionInput = @{ - ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'modules' + ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'arm' FilePath = Join-Path $env:GITHUB_WORKSPACE 'README.md' Organization = ($env:GITHUB_REPOSITORY).split('/')[0] RepositoryName = ($env:GITHUB_REPOSITORY).split('/')[1] @@ -55,8 +55,8 @@ jobs: . "$env:GITHUB_WORKSPACE/utilities/tools/Set-ReadMeModuleTable.ps1" $functionInput = @{ - ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'modules' - FilePath = Join-Path $env:GITHUB_WORKSPACE 'modules/README.md' + ModulesPath = Join-Path $env:GITHUB_WORKSPACE 'arm' + FilePath = Join-Path $env:GITHUB_WORKSPACE 'arm/README.md' Organization = ($env:GITHUB_REPOSITORY).split('/')[0] RepositoryName = ($env:GITHUB_REPOSITORY).split('/')[1] ColumnsInOrder = @('Name', 'ProviderNamespace','ResourceType') diff --git a/README.md b/README.md index 2f4ae8107d..7d4e4a6241 100644 --- a/README.md +++ b/README.md @@ -29,107 +29,107 @@ The CI environment supports both ARM and Bicep and can be leveraged using GitHub | Name | Status | | - | - | -| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | [!['Insights: ActionGroups'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActionGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.actiongroups.yml) | -| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | [!['Insights: ActivityLogAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActivityLogAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.activitylogalerts.yml) | -| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | [!['Insights: DiagnosticSettings'](https://github.com/Azure/ResourceModules/workflows/Insights:%20DiagnosticSettings/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.diagnosticsettings.yml) | -| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | [!['AnalysisServices: Servers'](https://github.com/Azure/ResourceModules/workflows/AnalysisServices:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.analysisservices.servers.yml) | -| [API Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | [!['Web: Connections'](https://github.com/Azure/ResourceModules/workflows/Web:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.connections.yml) | -| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | [!['ApiManagement: Service'](https://github.com/Azure/ResourceModules/workflows/ApiManagement:%20Service/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.apimanagement.service.yml) | -| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | [!['AppConfiguration: ConfigurationStores'](https://github.com/Azure/ResourceModules/workflows/AppConfiguration:%20ConfigurationStores/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.appconfiguration.configurationstores.yml) | -| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | [!['Web: HostingEnvironments'](https://github.com/Azure/ResourceModules/workflows/Web:%20HostingEnvironments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.hostingenvironments.yml) | -| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | [!['Web: Serverfarms'](https://github.com/Azure/ResourceModules/workflows/Web:%20Serverfarms/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.serverfarms.yml) | -| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | [!['Insights: Components'](https://github.com/Azure/ResourceModules/workflows/Insights:%20Components/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.components.yml) | -| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | [!['Network: ApplicationSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationsecuritygroups.yml) | -| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | [!['Authorization: Locks'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20Locks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.locks.yml) | -| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | [!['Automation: AutomationAccounts'](https://github.com/Azure/ResourceModules/workflows/Automation:%20AutomationAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.automation.automationaccounts.yml) | -| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | [!['Compute: AvailabilitySets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20AvailabilitySets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.availabilitysets.yml) | -| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | [!['DesktopVirtualization: ApplicationGroups'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20ApplicationGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.applicationgroups.yml) | -| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | [!['DesktopVirtualization: HostPools'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20HostPools/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.hostpools.yml) | -| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | [!['DesktopVirtualization: Scalingplans'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Scalingplans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.scalingplans.yml) | -| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | [!['DesktopVirtualization: Workspaces'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.workspaces.yml) | -| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | [!['AAD: DomainServices'](https://github.com/Azure/ResourceModules/workflows/AAD:%20DomainServices/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.aad.domainservices.yml) | -| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | [!['Compute: Galleries'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Galleries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.galleries.yml) | -| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | [!['Databricks: Workspaces'](https://github.com/Azure/ResourceModules/workflows/Databricks:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.databricks.workspaces.yml) | -| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | [!['Network: AzureFirewalls'](https://github.com/Azure/ResourceModules/workflows/Network:%20AzureFirewalls/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.azurefirewalls.yml) | -| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | [!['HealthBot: HealthBots'](https://github.com/Azure/ResourceModules/workflows/HealthBot:%20HealthBots/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.healthbot.healthbots.yml) | -| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | [!['ContainerService: ManagedClusters'](https://github.com/Azure/ResourceModules/workflows/ContainerService:%20ManagedClusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerservice.managedclusters.yml) | -| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | [!['Insights: PrivateLinkScopes'](https://github.com/Azure/ResourceModules/workflows/Insights:%20PrivateLinkScopes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.privatelinkscopes.yml) | -| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | [!['NetApp: NetAppAccounts'](https://github.com/Azure/ResourceModules/workflows/NetApp:%20NetAppAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.netapp.netappaccounts.yml) | -| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | [!['Security: AzureSecurityCenter'](https://github.com/Azure/ResourceModules/workflows/Security:%20AzureSecurityCenter/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.security.azuresecuritycenter.yml) | -| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | [!['Synapse: PrivateLinkHubs'](https://github.com/Azure/ResourceModules/workflows/Synapse:%20PrivateLinkHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.synapse.privatelinkhubs.yml) | -| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | [!['Network: BastionHosts'](https://github.com/Azure/ResourceModules/workflows/Network:%20BastionHosts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.bastionhosts.yml) | -| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | [!['Batch: BatchAccounts'](https://github.com/Azure/ResourceModules/workflows/Batch:%20BatchAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.batch.batchaccounts.yml) | -| [Budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | [!['Consumption: Budgets'](https://github.com/Azure/ResourceModules/workflows/Consumption:%20Budgets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.consumption.budgets.yml) | -| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | [!['CognitiveServices: Accounts'](https://github.com/Azure/ResourceModules/workflows/CognitiveServices:%20Accounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.cognitiveservices.accounts.yml) | -| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | [!['Compute: Disks'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Disks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.disks.yml) | -| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | [!['ContainerInstance: ContainerGroups'](https://github.com/Azure/ResourceModules/workflows/ContainerInstance:%20ContainerGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerinstance.containergroups.yml) | -| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | [!['ContainerRegistry: Registries'](https://github.com/Azure/ResourceModules/workflows/ContainerRegistry:%20Registries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerregistry.registries.yml) | -| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | [!['DataFactory: Factories'](https://github.com/Azure/ResourceModules/workflows/DataFactory:%20Factories/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.datafactory.factories.yml) | -| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | [![DataProtection: BackupVaults](https://github.com/Azure/ResourceModules/workflows/DataProtection:%20BackupVaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.dataprotection.backupvaults.yml) | -| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | [!['Network: DdosProtectionPlans'](https://github.com/Azure/ResourceModules/workflows/Network:%20DdosProtectionPlans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ddosprotectionplans.yml) | -| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | [!['Resources: DeploymentScripts'](https://github.com/Azure/ResourceModules/workflows/Resources:%20DeploymentScripts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.deploymentscripts.yml) | -| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | [!['Compute: DiskEncryptionSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20DiskEncryptionSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.diskencryptionsets.yml) | -| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | [!['DocumentDB: DatabaseAccounts'](https://github.com/Azure/ResourceModules/workflows/DocumentDB:%20DatabaseAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.documentdb.databaseaccounts.yml) | -| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | [!['EventGrid: System Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20System%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.systemtopics.yml) | -| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | [!['EventGrid: Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.topics.yml) | -| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | [!['EventHub: Namespaces'](https://github.com/Azure/ResourceModules/workflows/EventHub:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventhub.namespaces.yml) | -| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | [!['Network: ExpressRouteCircuits'](https://github.com/Azure/ResourceModules/workflows/Network:%20ExpressRouteCircuits/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.expressroutecircuits.yml) | -| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | [!['Network: FirewallPolicies'](https://github.com/Azure/ResourceModules/workflows/Network:%20FirewallPolicies/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.firewallpolicies.yml) | -| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | [!['Network: Frontdoors'](https://github.com/Azure/ResourceModules/workflows/Network:%20Frontdoors/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.frontdoors.yml) | -| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | [!['VirtualMachineImages: ImageTemplates'](https://github.com/Azure/ResourceModules/workflows/VirtualMachineImages:%20ImageTemplates/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.virtualmachineimages.imagetemplates.yml) | -| [Images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | [!['Compute: Images'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Images/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.images.yml) | -| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | [!['Network: IpGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20IpGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ipgroups.yml) | -| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | [!['KeyVault: Vaults'](https://github.com/Azure/ResourceModules/workflows/KeyVault:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.keyvault.vaults.yml) | -| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | [!['KubernetesConfiguration: Extensions'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20Extensions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.extensions.yml) | -| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | [!['KubernetesConfiguration: FluxConfigurations'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20FluxConfigurations/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml) | -| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | [!['Network: LoadBalancers'](https://github.com/Azure/ResourceModules/workflows/Network:%20LoadBalancers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.loadbalancers.yml) | -| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | [!['Network: LocalNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20LocalNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.localnetworkgateways.yml) | -| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | [!['OperationalInsights: Workspaces'](https://github.com/Azure/ResourceModules/workflows/OperationalInsights:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationalinsights.workspaces.yml) | -| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | [!['Logic: Workflows'](https://github.com/Azure/ResourceModules/workflows/Logic:%20Workflows/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.logic.workflows.yml) | -| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | [!['MachineLearningServices: Workspaces'](https://github.com/Azure/ResourceModules/workflows/MachineLearningServices:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.machinelearningservices.workspaces.yml) | -| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | [!['Management: ManagementGroups'](https://github.com/Azure/ResourceModules/workflows/Management:%20ManagementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.management.managementgroups.yml) | -| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | [!['Insights: MetricAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20MetricAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.metricalerts.yml) | -| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | [!['Network: NatGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20NatGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.natgateways.yml) | -| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | [!['Network: ApplicationGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationgateways.yml) | -| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | [!['Network: NetworkInterfaces'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkInterfaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkinterfaces.yml) | -| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | [!['Network: NetworkSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networksecuritygroups.yml) | -| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | [!['Network: NetworkWatchers'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkWatchers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkwatchers.yml) | -| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | [!['OperationsManagement: Solutions'](https://github.com/Azure/ResourceModules/workflows/OperationsManagement:%20Solutions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationsmanagement.solutions.yml) | -| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | [!['Authorization: PolicyAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyassignments.yml) | -| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | [!['Authorization: PolicyDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policydefinitions.yml) | -| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | [!['Authorization: PolicyExemptions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyExemptions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyexemptions.yml) | -| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | [!['Authorization: PolicySetDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicySetDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policysetdefinitions.yml) | -| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | [!['Network: PrivateDnsZones'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateDnsZones/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privatednszones.yml) | -| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | [!['Network: PrivateEndpoints'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateEndpoints/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privateendpoints.yml) | -| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | [!['Compute: ProximityPlacementGroups'](https://github.com/Azure/ResourceModules/workflows/Compute:%20ProximityPlacementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.proximityplacementgroups.yml) | -| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | [!['Network: PublicIpAddresses'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpAddresses/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipaddresses.yml) | -| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | [!['Network: PublicIpPrefixes'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpPrefixes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipprefixes.yml) | -| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | [!['RecoveryServices: Vaults'](https://github.com/Azure/ResourceModules/workflows/RecoveryServices:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.recoveryservices.vaults.yml) | -| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | [!['ManagedServices: RegistrationDefinitions'](https://github.com/Azure/ResourceModules/workflows/ManagedServices:%20RegistrationDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedservices.registrationdefinitions.yml) | -| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | [!['Resources: ResourceGroups'](https://github.com/Azure/ResourceModules/workflows/Resources:%20ResourceGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.resourcegroups.yml) | -| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | [!['Resources: Tags'](https://github.com/Azure/ResourceModules/workflows/Resources:%20Tags/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.tags.yml) | -| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | [!['Authorization: RoleAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roleassignments.yml) | -| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | [!['Authorization: RoleDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roledefinitions.yml) | -| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | [!['Network: RouteTables'](https://github.com/Azure/ResourceModules/workflows/Network:%20RouteTables/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.routetables.yml) | -| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | [!['Insights: ScheduledQueryRules'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ScheduledQueryRules/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.scheduledqueryrules.yml) | -| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | [!['ServiceBus: Namespaces'](https://github.com/Azure/ResourceModules/workflows/ServiceBus:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicebus.namespaces.yml) | -| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | [!['Service Fabric: Clusters'](https://github.com/Azure/ResourceModules/workflows/Service%20Fabric:%20Clusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicefabric.clusters.yml) | -| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | [!['Sql: ManagedInstances'](https://github.com/Azure/ResourceModules/workflows/Sql:%20ManagedInstances/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml) | -| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | [!['Sql: Servers'](https://github.com/Azure/ResourceModules/workflows/Sql:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.servers.yml) | -| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | [!['Web: StaticSites'](https://github.com/Azure/ResourceModules/workflows/Web:%20StaticSites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.staticsites.yml) | -| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | [!['Storage: StorageAccounts'](https://github.com/Azure/ResourceModules/workflows/Storage:%20StorageAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml) | -| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | [!['Network: TrafficManagerProfiles'](https://github.com/Azure/ResourceModules/workflows/Network:%20TrafficManagerProfiles/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | -| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | [!['ManagedIdentity: UserAssignedIdentities'](https://github.com/Azure/ResourceModules/workflows/ManagedIdentity:%20UserAssignedIdentities/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml) | -| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | [!['Network: VirtualHubs'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualhubs.yml) | -| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | [!['Compute: VirtualMachineScaleSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachineScaleSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml) | -| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | [!['Compute: VirtualMachines'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachines/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml) | -| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | [!['Network: Connections'](https://github.com/Azure/ResourceModules/workflows/Network:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.connections.yml) | -| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | [!['Network: VirtualNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworkgateways.yml) | -| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | [!['Network: VirtualNetworks'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworks.yml) | -| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | [!['Network: VirtualWans'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualWans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualwans.yml) | -| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | [!['Network: VPNGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPNGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpngateways.yml) | -| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | [!['Network: VPN Sites'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPN%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpnsites.yml) | -| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | [!['Web: Sites'](https://github.com/Azure/ResourceModules/workflows/Web:%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.sites.yml) | +| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/actionGroups) | [!['Insights: ActionGroups'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActionGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.actiongroups.yml) | +| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/activityLogAlerts) | [!['Insights: ActivityLogAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ActivityLogAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.activitylogalerts.yml) | +| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/diagnosticSettings) | [!['Insights: DiagnosticSettings'](https://github.com/Azure/ResourceModules/workflows/Insights:%20DiagnosticSettings/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.diagnosticsettings.yml) | +| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AnalysisServices/servers) | [!['AnalysisServices: Servers'](https://github.com/Azure/ResourceModules/workflows/AnalysisServices:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.analysisservices.servers.yml) | +| [API Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/connections) | [!['Web: Connections'](https://github.com/Azure/ResourceModules/workflows/Web:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.connections.yml) | +| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ApiManagement/service) | [!['ApiManagement: Service'](https://github.com/Azure/ResourceModules/workflows/ApiManagement:%20Service/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.apimanagement.service.yml) | +| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AppConfiguration/configurationStores) | [!['AppConfiguration: ConfigurationStores'](https://github.com/Azure/ResourceModules/workflows/AppConfiguration:%20ConfigurationStores/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.appconfiguration.configurationstores.yml) | +| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/hostingEnvironments) | [!['Web: HostingEnvironments'](https://github.com/Azure/ResourceModules/workflows/Web:%20HostingEnvironments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.hostingenvironments.yml) | +| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/serverfarms) | [!['Web: Serverfarms'](https://github.com/Azure/ResourceModules/workflows/Web:%20Serverfarms/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.serverfarms.yml) | +| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/components) | [!['Insights: Components'](https://github.com/Azure/ResourceModules/workflows/Insights:%20Components/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.components.yml) | +| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationSecurityGroups) | [!['Network: ApplicationSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationsecuritygroups.yml) | +| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/locks) | [!['Authorization: Locks'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20Locks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.locks.yml) | +| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Automation/automationAccounts) | [!['Automation: AutomationAccounts'](https://github.com/Azure/ResourceModules/workflows/Automation:%20AutomationAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.automation.automationaccounts.yml) | +| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/availabilitySets) | [!['Compute: AvailabilitySets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20AvailabilitySets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.availabilitysets.yml) | +| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/applicationgroups) | [!['DesktopVirtualization: ApplicationGroups'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20ApplicationGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.applicationgroups.yml) | +| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/hostpools) | [!['DesktopVirtualization: HostPools'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20HostPools/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.hostpools.yml) | +| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/scalingplans) | [!['DesktopVirtualization: Scalingplans'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Scalingplans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.scalingplans.yml) | +| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DesktopVirtualization/workspaces) | [!['DesktopVirtualization: Workspaces'](https://github.com/Azure/ResourceModules/workflows/DesktopVirtualization:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.desktopvirtualization.workspaces.yml) | +| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.AAD/DomainServices) | [!['AAD: DomainServices'](https://github.com/Azure/ResourceModules/workflows/AAD:%20DomainServices/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.aad.domainservices.yml) | +| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/galleries) | [!['Compute: Galleries'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Galleries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.galleries.yml) | +| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Databricks/workspaces) | [!['Databricks: Workspaces'](https://github.com/Azure/ResourceModules/workflows/Databricks:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.databricks.workspaces.yml) | +| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/azureFirewalls) | [!['Network: AzureFirewalls'](https://github.com/Azure/ResourceModules/workflows/Network:%20AzureFirewalls/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.azurefirewalls.yml) | +| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.HealthBot/healthBots) | [!['HealthBot: HealthBots'](https://github.com/Azure/ResourceModules/workflows/HealthBot:%20HealthBots/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.healthbot.healthbots.yml) | +| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerService/managedClusters) | [!['ContainerService: ManagedClusters'](https://github.com/Azure/ResourceModules/workflows/ContainerService:%20ManagedClusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerservice.managedclusters.yml) | +| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/privateLinkScopes) | [!['Insights: PrivateLinkScopes'](https://github.com/Azure/ResourceModules/workflows/Insights:%20PrivateLinkScopes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.privatelinkscopes.yml) | +| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.NetApp/netAppAccounts) | [!['NetApp: NetAppAccounts'](https://github.com/Azure/ResourceModules/workflows/NetApp:%20NetAppAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.netapp.netappaccounts.yml) | +| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Security/azureSecurityCenter) | [!['Security: AzureSecurityCenter'](https://github.com/Azure/ResourceModules/workflows/Security:%20AzureSecurityCenter/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.security.azuresecuritycenter.yml) | +| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Synapse/privateLinkHubs) | [!['Synapse: PrivateLinkHubs'](https://github.com/Azure/ResourceModules/workflows/Synapse:%20PrivateLinkHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.synapse.privatelinkhubs.yml) | +| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/bastionHosts) | [!['Network: BastionHosts'](https://github.com/Azure/ResourceModules/workflows/Network:%20BastionHosts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.bastionhosts.yml) | +| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Batch/batchAccounts) | [!['Batch: BatchAccounts'](https://github.com/Azure/ResourceModules/workflows/Batch:%20BatchAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.batch.batchaccounts.yml) | +| [Budgets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Consumption/budgets) | [!['Consumption: Budgets'](https://github.com/Azure/ResourceModules/workflows/Consumption:%20Budgets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.consumption.budgets.yml) | +| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.CognitiveServices/accounts) | [!['CognitiveServices: Accounts'](https://github.com/Azure/ResourceModules/workflows/CognitiveServices:%20Accounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.cognitiveservices.accounts.yml) | +| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/disks) | [!['Compute: Disks'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Disks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.disks.yml) | +| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerInstance/containerGroups) | [!['ContainerInstance: ContainerGroups'](https://github.com/Azure/ResourceModules/workflows/ContainerInstance:%20ContainerGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerinstance.containergroups.yml) | +| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ContainerRegistry/registries) | [!['ContainerRegistry: Registries'](https://github.com/Azure/ResourceModules/workflows/ContainerRegistry:%20Registries/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.containerregistry.registries.yml) | +| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataFactory/factories) | [!['DataFactory: Factories'](https://github.com/Azure/ResourceModules/workflows/DataFactory:%20Factories/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.datafactory.factories.yml) | +| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DataProtection/backupVaults) | [![DataProtection: BackupVaults](https://github.com/Azure/ResourceModules/workflows/DataProtection:%20BackupVaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.dataprotection.backupvaults.yml) | +| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ddosProtectionPlans) | [!['Network: DdosProtectionPlans'](https://github.com/Azure/ResourceModules/workflows/Network:%20DdosProtectionPlans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ddosprotectionplans.yml) | +| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/deploymentScripts) | [!['Resources: DeploymentScripts'](https://github.com/Azure/ResourceModules/workflows/Resources:%20DeploymentScripts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.deploymentscripts.yml) | +| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/diskEncryptionSets) | [!['Compute: DiskEncryptionSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20DiskEncryptionSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.diskencryptionsets.yml) | +| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.DocumentDB/databaseAccounts) | [!['DocumentDB: DatabaseAccounts'](https://github.com/Azure/ResourceModules/workflows/DocumentDB:%20DatabaseAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.documentdb.databaseaccounts.yml) | +| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/systemTopics) | [!['EventGrid: System Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20System%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.systemtopics.yml) | +| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventGrid/topics) | [!['EventGrid: Topics'](https://github.com/Azure/ResourceModules/workflows/EventGrid:%20Topics/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventgrid.topics.yml) | +| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.EventHub/namespaces) | [!['EventHub: Namespaces'](https://github.com/Azure/ResourceModules/workflows/EventHub:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.eventhub.namespaces.yml) | +| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/expressRouteCircuits) | [!['Network: ExpressRouteCircuits'](https://github.com/Azure/ResourceModules/workflows/Network:%20ExpressRouteCircuits/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.expressroutecircuits.yml) | +| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/firewallPolicies) | [!['Network: FirewallPolicies'](https://github.com/Azure/ResourceModules/workflows/Network:%20FirewallPolicies/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.firewallpolicies.yml) | +| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/frontDoors) | [!['Network: Frontdoors'](https://github.com/Azure/ResourceModules/workflows/Network:%20Frontdoors/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.frontdoors.yml) | +| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.VirtualMachineImages/imageTemplates) | [!['VirtualMachineImages: ImageTemplates'](https://github.com/Azure/ResourceModules/workflows/VirtualMachineImages:%20ImageTemplates/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.virtualmachineimages.imagetemplates.yml) | +| [Images](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/images) | [!['Compute: Images'](https://github.com/Azure/ResourceModules/workflows/Compute:%20Images/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.images.yml) | +| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/ipGroups) | [!['Network: IpGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20IpGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.ipgroups.yml) | +| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KeyVault/vaults) | [!['KeyVault: Vaults'](https://github.com/Azure/ResourceModules/workflows/KeyVault:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.keyvault.vaults.yml) | +| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/extensions) | [!['KubernetesConfiguration: Extensions'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20Extensions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.extensions.yml) | +| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.KubernetesConfiguration/fluxConfigurations) | [!['KubernetesConfiguration: FluxConfigurations'](https://github.com/Azure/ResourceModules/workflows/KubernetesConfiguration:%20FluxConfigurations/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.kubernetesconfiguration.fluxconfigurations.yml) | +| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/loadBalancers) | [!['Network: LoadBalancers'](https://github.com/Azure/ResourceModules/workflows/Network:%20LoadBalancers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.loadbalancers.yml) | +| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/localNetworkGateways) | [!['Network: LocalNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20LocalNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.localnetworkgateways.yml) | +| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationalInsights/workspaces) | [!['OperationalInsights: Workspaces'](https://github.com/Azure/ResourceModules/workflows/OperationalInsights:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationalinsights.workspaces.yml) | +| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Logic/workflows) | [!['Logic: Workflows'](https://github.com/Azure/ResourceModules/workflows/Logic:%20Workflows/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.logic.workflows.yml) | +| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.MachineLearningServices/workspaces) | [!['MachineLearningServices: Workspaces'](https://github.com/Azure/ResourceModules/workflows/MachineLearningServices:%20Workspaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.machinelearningservices.workspaces.yml) | +| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Management/managementGroups) | [!['Management: ManagementGroups'](https://github.com/Azure/ResourceModules/workflows/Management:%20ManagementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.management.managementgroups.yml) | +| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/metricAlerts) | [!['Insights: MetricAlerts'](https://github.com/Azure/ResourceModules/workflows/Insights:%20MetricAlerts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.metricalerts.yml) | +| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/natGateways) | [!['Network: NatGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20NatGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.natgateways.yml) | +| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/applicationGateways) | [!['Network: ApplicationGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20ApplicationGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.applicationgateways.yml) | +| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkInterfaces) | [!['Network: NetworkInterfaces'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkInterfaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkinterfaces.yml) | +| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkSecurityGroups) | [!['Network: NetworkSecurityGroups'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkSecurityGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networksecuritygroups.yml) | +| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/networkWatchers) | [!['Network: NetworkWatchers'](https://github.com/Azure/ResourceModules/workflows/Network:%20NetworkWatchers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.networkwatchers.yml) | +| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.OperationsManagement/solutions) | [!['OperationsManagement: Solutions'](https://github.com/Azure/ResourceModules/workflows/OperationsManagement:%20Solutions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.operationsmanagement.solutions.yml) | +| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyAssignments) | [!['Authorization: PolicyAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyassignments.yml) | +| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyDefinitions) | [!['Authorization: PolicyDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policydefinitions.yml) | +| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policyExemptions) | [!['Authorization: PolicyExemptions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicyExemptions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policyexemptions.yml) | +| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/policySetDefinitions) | [!['Authorization: PolicySetDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20PolicySetDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.policysetdefinitions.yml) | +| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateDnsZones) | [!['Network: PrivateDnsZones'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateDnsZones/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privatednszones.yml) | +| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/privateEndpoints) | [!['Network: PrivateEndpoints'](https://github.com/Azure/ResourceModules/workflows/Network:%20PrivateEndpoints/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.privateendpoints.yml) | +| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/proximityPlacementGroups) | [!['Compute: ProximityPlacementGroups'](https://github.com/Azure/ResourceModules/workflows/Compute:%20ProximityPlacementGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.proximityplacementgroups.yml) | +| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPAddresses) | [!['Network: PublicIpAddresses'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpAddresses/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipaddresses.yml) | +| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/publicIPPrefixes) | [!['Network: PublicIpPrefixes'](https://github.com/Azure/ResourceModules/workflows/Network:%20PublicIpPrefixes/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.publicipprefixes.yml) | +| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.RecoveryServices/vaults) | [!['RecoveryServices: Vaults'](https://github.com/Azure/ResourceModules/workflows/RecoveryServices:%20Vaults/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.recoveryservices.vaults.yml) | +| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedServices/registrationDefinitions) | [!['ManagedServices: RegistrationDefinitions'](https://github.com/Azure/ResourceModules/workflows/ManagedServices:%20RegistrationDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedservices.registrationdefinitions.yml) | +| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/resourceGroups) | [!['Resources: ResourceGroups'](https://github.com/Azure/ResourceModules/workflows/Resources:%20ResourceGroups/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.resourcegroups.yml) | +| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Resources/tags) | [!['Resources: Tags'](https://github.com/Azure/ResourceModules/workflows/Resources:%20Tags/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.resources.tags.yml) | +| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleAssignments) | [!['Authorization: RoleAssignments'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleAssignments/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roleassignments.yml) | +| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Authorization/roleDefinitions) | [!['Authorization: RoleDefinitions'](https://github.com/Azure/ResourceModules/workflows/Authorization:%20RoleDefinitions/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.authorization.roledefinitions.yml) | +| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/routeTables) | [!['Network: RouteTables'](https://github.com/Azure/ResourceModules/workflows/Network:%20RouteTables/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.routetables.yml) | +| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Insights/scheduledQueryRules) | [!['Insights: ScheduledQueryRules'](https://github.com/Azure/ResourceModules/workflows/Insights:%20ScheduledQueryRules/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.insights.scheduledqueryrules.yml) | +| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceBus/namespaces) | [!['ServiceBus: Namespaces'](https://github.com/Azure/ResourceModules/workflows/ServiceBus:%20Namespaces/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicebus.namespaces.yml) | +| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ServiceFabric/clusters) | [!['Service Fabric: Clusters'](https://github.com/Azure/ResourceModules/workflows/Service%20Fabric:%20Clusters/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.servicefabric.clusters.yml) | +| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/managedInstances) | [!['Sql: ManagedInstances'](https://github.com/Azure/ResourceModules/workflows/Sql:%20ManagedInstances/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.managedinstances.yml) | +| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Sql/servers) | [!['Sql: Servers'](https://github.com/Azure/ResourceModules/workflows/Sql:%20Servers/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.sql.servers.yml) | +| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/staticSites) | [!['Web: StaticSites'](https://github.com/Azure/ResourceModules/workflows/Web:%20StaticSites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.staticsites.yml) | +| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Storage/storageAccounts) | [!['Storage: StorageAccounts'](https://github.com/Azure/ResourceModules/workflows/Storage:%20StorageAccounts/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.storage.storageaccounts.yml) | +| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/trafficmanagerprofiles) | [!['Network: TrafficManagerProfiles'](https://github.com/Azure/ResourceModules/workflows/Network:%20TrafficManagerProfiles/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.trafficmanagerprofiles.yml) | +| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.ManagedIdentity/userAssignedIdentities) | [!['ManagedIdentity: UserAssignedIdentities'](https://github.com/Azure/ResourceModules/workflows/ManagedIdentity:%20UserAssignedIdentities/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.managedidentity.userassignedidentities.yml) | +| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualHubs) | [!['Network: VirtualHubs'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualHubs/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualhubs.yml) | +| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachineScaleSets) | [!['Compute: VirtualMachineScaleSets'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachineScaleSets/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachinescalesets.yml) | +| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Compute/virtualMachines) | [!['Compute: VirtualMachines'](https://github.com/Azure/ResourceModules/workflows/Compute:%20VirtualMachines/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.compute.virtualmachines.yml) | +| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/connections) | [!['Network: Connections'](https://github.com/Azure/ResourceModules/workflows/Network:%20Connections/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.connections.yml) | +| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworkGateways) | [!['Network: VirtualNetworkGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworkGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworkgateways.yml) | +| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualNetworks) | [!['Network: VirtualNetworks'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualNetworks/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualnetworks.yml) | +| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/virtualWans) | [!['Network: VirtualWans'](https://github.com/Azure/ResourceModules/workflows/Network:%20VirtualWans/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.virtualwans.yml) | +| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnGateways) | [!['Network: VPNGateways'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPNGateways/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpngateways.yml) | +| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Network/vpnSites) | [!['Network: VPN Sites'](https://github.com/Azure/ResourceModules/workflows/Network:%20VPN%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.network.vpnsites.yml) | +| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/arm/Microsoft.Web/sites) | [!['Web: Sites'](https://github.com/Azure/ResourceModules/workflows/Web:%20Sites/badge.svg)](https://github.com/Azure/ResourceModules/actions/workflows/ms.web.sites.yml) | ## Tooling diff --git a/modules/.global/global.module.tests.ps1 b/arm/.global/global.module.tests.ps1 similarity index 96% rename from modules/.global/global.module.tests.ps1 rename to arm/.global/global.module.tests.ps1 index 11507d46ca..049c61f1fa 100644 --- a/modules/.global/global.module.tests.ps1 +++ b/arm/.global/global.module.tests.ps1 @@ -38,9 +38,9 @@ Describe 'File/folder tests' -Tag Modules { $moduleFolderTestCases = [System.Collections.ArrayList] @() foreach ($moduleFolderPath in $moduleFolderPaths) { $moduleFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] moduleFolderPath = $moduleFolderPath - isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Split('/').Count -eq 2 # / + isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1].Split('/').Count -eq 2 # / } } @@ -89,10 +89,10 @@ Describe 'File/folder tests' -Tag Modules { (Test-Path (Join-Path -Path $moduleFolderPath 'readme.md')) | Should -Be $true } - It '[] Module should contain a [.deploymentTests] folder' -TestCases ($moduleFolderTestCases | Where-Object { $_.isTopLevelModule }) { + It '[] Module should contain a [.parameters] folder' -TestCases ($moduleFolderTestCases | Where-Object { $_.isTopLevelModule }) { param( [string] $moduleFolderPath ) - Test-Path (Join-Path -Path $moduleFolderPath '.deploymentTests') | Should -Be $true + Test-Path (Join-Path -Path $moduleFolderPath '.parameters') | Should -Be $true } It '[] Module should contain a [version.json] file' -TestCases $moduleFolderTestCases { @@ -102,13 +102,13 @@ Describe 'File/folder tests' -Tag Modules { } } - Context '.deploymentTests folder' { + Context '.parameters folder' { $folderTestCases = [System.Collections.ArrayList]@() foreach ($moduleFolderPath in $moduleFolderPaths) { - if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { + if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { $folderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] moduleFolderPath = $moduleFolderPath } } @@ -120,17 +120,17 @@ Describe 'File/folder tests' -Tag Modules { [string] $moduleFolderName, $moduleFolderPath ) - $parameterFolderPath = Join-Path $moduleFolderPath '.deploymentTests' + $parameterFolderPath = Join-Path $moduleFolderPath '.parameters' (Get-ChildItem $parameterFolderPath -Filter '*parameters.json' -Force).Count | Should -BeGreaterThan 0 } $parameterFolderFilesTestCases = [System.Collections.ArrayList] @() foreach ($moduleFolderPath in $moduleFolderPaths) { - $parameterFolderPath = Join-Path $moduleFolderPath '.deploymentTests' + $parameterFolderPath = Join-Path $moduleFolderPath '.parameters' if (Test-Path $parameterFolderPath) { foreach ($parameterFile in (Get-ChildItem $parameterFolderPath -Filter '*parameters.json' -Force)) { $parameterFolderFilesTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] parameterFilePath = $parameterFile.FullName } } @@ -156,7 +156,7 @@ Describe 'Readme tests' -Tag Readme { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -185,13 +185,13 @@ Describe 'Readme tests' -Tag Readme { } $readmeFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] moduleFolderPath = $moduleFolderPath templateContent = $templateContent templateFilePath = $templateFilePath readMeFilePath = Join-Path -Path $moduleFolderPath 'readme.md' readMeContent = Get-Content (Join-Path -Path $moduleFolderPath 'readme.md') - isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Split('/').Count -eq 2 # / + isTopLevelModule = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1].Split('/').Count -eq 2 # / } } @@ -471,7 +471,7 @@ Describe 'Deployment template tests' -Tag Template { foreach ($moduleFolderPath in $moduleFolderPaths) { # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' @@ -505,8 +505,8 @@ Describe 'Deployment template tests' -Tag Template { $TemplateFile_AllParameterNames = $templateFile_Parameters.Keys | Sort-Object $TemplateFile_RequiredParametersNames = ($templateFile_Parameters.Keys | Where-Object { -not $templateFile_Parameters[$_].ContainsKey('defaultValue') }) | Sort-Object - if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { - $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.deploymentTests' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName + if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { + $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.parameters' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName foreach ($ParameterFilePath in $ParameterFilePaths) { $parameterFile_AllParameterNames = ((Get-Content $ParameterFilePath) | ConvertFrom-Json -AsHashtable).parameters.Keys | Sort-Object $parameterFileTestCases += @{ @@ -522,7 +522,7 @@ Describe 'Deployment template tests' -Tag Template { # Test file setup $deploymentFolderTestCases += @{ - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] templateContent = $templateContent templateFilePath = $templateFilePath parameterFileTestCases = $parameterFileTestCases @@ -740,7 +740,7 @@ Describe 'Deployment template tests' -Tag Template { $outputs = $templateContent.outputs - $primaryResourceType = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/modules/')[1] + $primaryResourceType = (Split-Path $TemplateFilePath -Parent).Replace('\', '/').split('/arm/')[1] $primaryResourceTypeResource = $templateContent.resources | Where-Object { $_.type -eq $primaryResourceType } if ($primaryResourceTypeResource.keys -contains 'location' -and $primaryResourceTypeResource.location -ne 'global') { @@ -777,7 +777,7 @@ Describe 'Deployment template tests' -Tag Template { ) # check if module contains a 'primary' resource we could draw a name from - $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/modules/')[1] -Parent) -replace '\\', '/' + $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/arm/')[1] -Parent) -replace '\\', '/' if ($templateContent.resources.type -notcontains $moduleResourceType) { Set-ItResult -Skipped -Because 'the module template has no primary resource to fetch a name from.' return @@ -797,7 +797,7 @@ Describe 'Deployment template tests' -Tag Template { ) # check if module contains a 'primary' resource we could draw a name from - $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/modules/')[1] -Parent) -replace '\\', '/' + $moduleResourceType = (Split-Path (($templateFilePath -replace '\\', '/') -split '/arm/')[1] -Parent) -replace '\\', '/' if ($templateContent.resources.type -notcontains $moduleResourceType) { Set-ItResult -Skipped -Because 'the module template has no primary resource to fetch a resource ID from.' return @@ -917,8 +917,8 @@ Describe 'Deployment template tests' -Tag Template { $parameterFileTokenTestCases = @() foreach ($moduleFolderPath in $moduleFolderPaths) { - if (Test-Path (Join-Path $moduleFolderPath '.deploymentTests')) { - $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.deploymentTests' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName + if (Test-Path (Join-Path $moduleFolderPath '.parameters')) { + $ParameterFilePaths = (Get-ChildItem (Join-Path -Path $moduleFolderPath -ChildPath '.parameters' -AdditionalChildPath '*parameters.json') -Recurse -Force).FullName foreach ($ParameterFilePath in $ParameterFilePaths) { foreach ($token in $enforcedTokenList.Keys) { $parameterFileTokenTestCases += @{ @@ -927,7 +927,7 @@ Describe 'Deployment template tests' -Tag Template { tokenSettings = $Settings.parameterFileTokens tokenName = $token tokenValue = $enforcedTokenList[$token] - moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] } } } @@ -960,10 +960,10 @@ Describe "API version tests [All apiVersions in the template should be 'recent'] $ApiVersions = Get-AzResourceProvider -ListAvailable foreach ($moduleFolderPath in $moduleFolderPaths) { - $moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1] + $moduleFolderName = $moduleFolderPath.Replace('\', '/').Split('/arm/')[1] # For runtime purposes, we cache the compiled template in a hashtable that uses a formatted relative module path as a key - $moduleFolderPathKey = $moduleFolderPath.Replace('\', '/').Split('/modules/')[1].Trim('/').Replace('/', '-') + $moduleFolderPathKey = $moduleFolderPath.Split('arm')[1].Replace('\', '/').Trim('/').Replace('/', '-') if (-not ($convertedTemplates.Keys -contains $moduleFolderPathKey)) { if (Test-Path (Join-Path $moduleFolderPath 'deploy.bicep')) { $templateFilePath = Join-Path $moduleFolderPath 'deploy.bicep' diff --git a/modules/.global/shared/helper.psm1 b/arm/.global/shared/helper.psm1 similarity index 100% rename from modules/.global/shared/helper.psm1 rename to arm/.global/shared/helper.psm1 diff --git a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.AAD/DomainServices/.deploymentTests/parameters.json b/arm/Microsoft.AAD/DomainServices/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.AAD/DomainServices/.deploymentTests/parameters.json rename to arm/Microsoft.AAD/DomainServices/.parameters/parameters.json diff --git a/modules/Microsoft.AAD/DomainServices/deploy.bicep b/arm/Microsoft.AAD/DomainServices/deploy.bicep similarity index 100% rename from modules/Microsoft.AAD/DomainServices/deploy.bicep rename to arm/Microsoft.AAD/DomainServices/deploy.bicep diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/arm/Microsoft.AAD/DomainServices/readme.md similarity index 100% rename from modules/Microsoft.AAD/DomainServices/readme.md rename to arm/Microsoft.AAD/DomainServices/readme.md diff --git a/modules/Microsoft.AAD/DomainServices/version.json b/arm/Microsoft.AAD/DomainServices/version.json similarity index 100% rename from modules/Microsoft.AAD/DomainServices/version.json rename to arm/Microsoft.AAD/DomainServices/version.json diff --git a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.AnalysisServices/servers/.deploymentTests/max.parameters.json b/arm/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.deploymentTests/max.parameters.json rename to arm/Microsoft.AnalysisServices/servers/.parameters/max.parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/.deploymentTests/min.parameters.json b/arm/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.deploymentTests/min.parameters.json rename to arm/Microsoft.AnalysisServices/servers/.parameters/min.parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/.deploymentTests/parameters.json b/arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/.deploymentTests/parameters.json rename to arm/Microsoft.AnalysisServices/servers/.parameters/parameters.json diff --git a/modules/Microsoft.AnalysisServices/servers/deploy.bicep b/arm/Microsoft.AnalysisServices/servers/deploy.bicep similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/deploy.bicep rename to arm/Microsoft.AnalysisServices/servers/deploy.bicep diff --git a/modules/Microsoft.AnalysisServices/servers/readme.md b/arm/Microsoft.AnalysisServices/servers/readme.md similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/readme.md rename to arm/Microsoft.AnalysisServices/servers/readme.md diff --git a/modules/Microsoft.AnalysisServices/servers/version.json b/arm/Microsoft.AnalysisServices/servers/version.json similarity index 100% rename from modules/Microsoft.AnalysisServices/servers/version.json rename to arm/Microsoft.AnalysisServices/servers/version.json diff --git a/modules/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep b/arm/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep rename to arm/Microsoft.ApiManagement/service/.bicep/nested_authorizationServers.bicep diff --git a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.ApiManagement/service/.deploymentTests/max.parameters.json b/arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.deploymentTests/max.parameters.json rename to arm/Microsoft.ApiManagement/service/.parameters/max.parameters.json diff --git a/modules/Microsoft.ApiManagement/service/.deploymentTests/min.parameters.json b/arm/Microsoft.ApiManagement/service/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.deploymentTests/min.parameters.json rename to arm/Microsoft.ApiManagement/service/.parameters/min.parameters.json diff --git a/modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json b/arm/Microsoft.ApiManagement/service/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/.deploymentTests/parameters.json rename to arm/Microsoft.ApiManagement/service/.parameters/parameters.json diff --git a/modules/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep b/arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep rename to arm/Microsoft.ApiManagement/service/apiVersionSets/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/apiVersionSets/readme.md b/arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/apiVersionSets/readme.md rename to arm/Microsoft.ApiManagement/service/apiVersionSets/readme.md diff --git a/modules/Microsoft.ApiManagement/service/apiVersionSets/version.json b/arm/Microsoft.ApiManagement/service/apiVersionSets/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/apiVersionSets/version.json rename to arm/Microsoft.ApiManagement/service/apiVersionSets/version.json diff --git a/modules/Microsoft.ApiManagement/service/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/deploy.bicep rename to arm/Microsoft.ApiManagement/service/apis/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/apis/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/policies/deploy.bicep rename to arm/Microsoft.ApiManagement/service/apis/policies/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/apis/policies/readme.md b/arm/Microsoft.ApiManagement/service/apis/policies/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/policies/readme.md rename to arm/Microsoft.ApiManagement/service/apis/policies/readme.md diff --git a/modules/Microsoft.ApiManagement/service/apis/policies/version.json b/arm/Microsoft.ApiManagement/service/apis/policies/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/policies/version.json rename to arm/Microsoft.ApiManagement/service/apis/policies/version.json diff --git a/modules/Microsoft.ApiManagement/service/apis/readme.md b/arm/Microsoft.ApiManagement/service/apis/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/readme.md rename to arm/Microsoft.ApiManagement/service/apis/readme.md diff --git a/modules/Microsoft.ApiManagement/service/apis/version.json b/arm/Microsoft.ApiManagement/service/apis/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/apis/version.json rename to arm/Microsoft.ApiManagement/service/apis/version.json diff --git a/modules/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep b/arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep rename to arm/Microsoft.ApiManagement/service/authorizationServers/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/authorizationServers/readme.md b/arm/Microsoft.ApiManagement/service/authorizationServers/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/authorizationServers/readme.md rename to arm/Microsoft.ApiManagement/service/authorizationServers/readme.md diff --git a/modules/Microsoft.ApiManagement/service/authorizationServers/version.json b/arm/Microsoft.ApiManagement/service/authorizationServers/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/authorizationServers/version.json rename to arm/Microsoft.ApiManagement/service/authorizationServers/version.json diff --git a/modules/Microsoft.ApiManagement/service/backends/deploy.bicep b/arm/Microsoft.ApiManagement/service/backends/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/backends/deploy.bicep rename to arm/Microsoft.ApiManagement/service/backends/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/backends/readme.md b/arm/Microsoft.ApiManagement/service/backends/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/backends/readme.md rename to arm/Microsoft.ApiManagement/service/backends/readme.md diff --git a/modules/Microsoft.ApiManagement/service/backends/version.json b/arm/Microsoft.ApiManagement/service/backends/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/backends/version.json rename to arm/Microsoft.ApiManagement/service/backends/version.json diff --git a/modules/Microsoft.ApiManagement/service/caches/deploy.bicep b/arm/Microsoft.ApiManagement/service/caches/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/caches/deploy.bicep rename to arm/Microsoft.ApiManagement/service/caches/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/caches/readme.md b/arm/Microsoft.ApiManagement/service/caches/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/caches/readme.md rename to arm/Microsoft.ApiManagement/service/caches/readme.md diff --git a/modules/Microsoft.ApiManagement/service/caches/version.json b/arm/Microsoft.ApiManagement/service/caches/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/caches/version.json rename to arm/Microsoft.ApiManagement/service/caches/version.json diff --git a/modules/Microsoft.ApiManagement/service/deploy.bicep b/arm/Microsoft.ApiManagement/service/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/deploy.bicep rename to arm/Microsoft.ApiManagement/service/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/identityProviders/deploy.bicep b/arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/identityProviders/deploy.bicep rename to arm/Microsoft.ApiManagement/service/identityProviders/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/identityProviders/readme.md b/arm/Microsoft.ApiManagement/service/identityProviders/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/identityProviders/readme.md rename to arm/Microsoft.ApiManagement/service/identityProviders/readme.md diff --git a/modules/Microsoft.ApiManagement/service/identityProviders/version.json b/arm/Microsoft.ApiManagement/service/identityProviders/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/identityProviders/version.json rename to arm/Microsoft.ApiManagement/service/identityProviders/version.json diff --git a/modules/Microsoft.ApiManagement/service/namedValues/deploy.bicep b/arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/namedValues/deploy.bicep rename to arm/Microsoft.ApiManagement/service/namedValues/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/namedValues/readme.md b/arm/Microsoft.ApiManagement/service/namedValues/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/namedValues/readme.md rename to arm/Microsoft.ApiManagement/service/namedValues/readme.md diff --git a/modules/Microsoft.ApiManagement/service/namedValues/version.json b/arm/Microsoft.ApiManagement/service/namedValues/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/namedValues/version.json rename to arm/Microsoft.ApiManagement/service/namedValues/version.json diff --git a/modules/Microsoft.ApiManagement/service/policies/deploy.bicep b/arm/Microsoft.ApiManagement/service/policies/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/policies/deploy.bicep rename to arm/Microsoft.ApiManagement/service/policies/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/policies/readme.md b/arm/Microsoft.ApiManagement/service/policies/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/policies/readme.md rename to arm/Microsoft.ApiManagement/service/policies/readme.md diff --git a/modules/Microsoft.ApiManagement/service/policies/version.json b/arm/Microsoft.ApiManagement/service/policies/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/policies/version.json rename to arm/Microsoft.ApiManagement/service/policies/version.json diff --git a/modules/Microsoft.ApiManagement/service/portalsettings/deploy.bicep b/arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/portalsettings/deploy.bicep rename to arm/Microsoft.ApiManagement/service/portalsettings/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/portalsettings/readme.md b/arm/Microsoft.ApiManagement/service/portalsettings/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/portalsettings/readme.md rename to arm/Microsoft.ApiManagement/service/portalsettings/readme.md diff --git a/modules/Microsoft.ApiManagement/service/portalsettings/version.json b/arm/Microsoft.ApiManagement/service/portalsettings/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/portalsettings/version.json rename to arm/Microsoft.ApiManagement/service/portalsettings/version.json diff --git a/modules/Microsoft.ApiManagement/service/products/apis/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/apis/deploy.bicep rename to arm/Microsoft.ApiManagement/service/products/apis/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/products/apis/readme.md b/arm/Microsoft.ApiManagement/service/products/apis/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/apis/readme.md rename to arm/Microsoft.ApiManagement/service/products/apis/readme.md diff --git a/modules/Microsoft.ApiManagement/service/products/apis/version.json b/arm/Microsoft.ApiManagement/service/products/apis/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/apis/version.json rename to arm/Microsoft.ApiManagement/service/products/apis/version.json diff --git a/modules/Microsoft.ApiManagement/service/products/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/deploy.bicep rename to arm/Microsoft.ApiManagement/service/products/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/products/groups/deploy.bicep b/arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/groups/deploy.bicep rename to arm/Microsoft.ApiManagement/service/products/groups/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/products/groups/readme.md b/arm/Microsoft.ApiManagement/service/products/groups/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/groups/readme.md rename to arm/Microsoft.ApiManagement/service/products/groups/readme.md diff --git a/modules/Microsoft.ApiManagement/service/products/groups/version.json b/arm/Microsoft.ApiManagement/service/products/groups/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/groups/version.json rename to arm/Microsoft.ApiManagement/service/products/groups/version.json diff --git a/modules/Microsoft.ApiManagement/service/products/readme.md b/arm/Microsoft.ApiManagement/service/products/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/readme.md rename to arm/Microsoft.ApiManagement/service/products/readme.md diff --git a/modules/Microsoft.ApiManagement/service/products/version.json b/arm/Microsoft.ApiManagement/service/products/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/products/version.json rename to arm/Microsoft.ApiManagement/service/products/version.json diff --git a/modules/Microsoft.ApiManagement/service/readme.md b/arm/Microsoft.ApiManagement/service/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/readme.md rename to arm/Microsoft.ApiManagement/service/readme.md diff --git a/modules/Microsoft.ApiManagement/service/subscriptions/deploy.bicep b/arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep similarity index 100% rename from modules/Microsoft.ApiManagement/service/subscriptions/deploy.bicep rename to arm/Microsoft.ApiManagement/service/subscriptions/deploy.bicep diff --git a/modules/Microsoft.ApiManagement/service/subscriptions/readme.md b/arm/Microsoft.ApiManagement/service/subscriptions/readme.md similarity index 100% rename from modules/Microsoft.ApiManagement/service/subscriptions/readme.md rename to arm/Microsoft.ApiManagement/service/subscriptions/readme.md diff --git a/modules/Microsoft.ApiManagement/service/subscriptions/version.json b/arm/Microsoft.ApiManagement/service/subscriptions/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/subscriptions/version.json rename to arm/Microsoft.ApiManagement/service/subscriptions/version.json diff --git a/modules/Microsoft.ApiManagement/service/version.json b/arm/Microsoft.ApiManagement/service/version.json similarity index 100% rename from modules/Microsoft.ApiManagement/service/version.json rename to arm/Microsoft.ApiManagement/service/version.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/min.parameters.json b/arm/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/min.parameters.json rename to arm/Microsoft.AppConfiguration/configurationStores/.parameters/min.parameters.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/parameters.json b/arm/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/.deploymentTests/parameters.json rename to arm/Microsoft.AppConfiguration/configurationStores/.parameters/parameters.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep rename to arm/Microsoft.AppConfiguration/configurationStores/deploy.bicep diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep b/arm/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep rename to arm/Microsoft.AppConfiguration/configurationStores/keyValues/deploy.bicep diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md b/arm/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md rename to arm/Microsoft.AppConfiguration/configurationStores/keyValues/readme.md diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/version.json b/arm/Microsoft.AppConfiguration/configurationStores/keyValues/version.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/keyValues/version.json rename to arm/Microsoft.AppConfiguration/configurationStores/keyValues/version.json diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/arm/Microsoft.AppConfiguration/configurationStores/readme.md similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/readme.md rename to arm/Microsoft.AppConfiguration/configurationStores/readme.md diff --git a/modules/Microsoft.AppConfiguration/configurationStores/version.json b/arm/Microsoft.AppConfiguration/configurationStores/version.json similarity index 100% rename from modules/Microsoft.AppConfiguration/configurationStores/version.json rename to arm/Microsoft.AppConfiguration/configurationStores/version.json diff --git a/modules/Microsoft.Authorization/locks/.deploymentTests/rg.parameters.json b/arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/locks/.deploymentTests/rg.parameters.json rename to arm/Microsoft.Authorization/locks/.parameters/rg.parameters.json diff --git a/modules/Microsoft.Authorization/locks/deploy.bicep b/arm/Microsoft.Authorization/locks/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/locks/deploy.bicep rename to arm/Microsoft.Authorization/locks/deploy.bicep diff --git a/modules/Microsoft.Authorization/locks/readme.md b/arm/Microsoft.Authorization/locks/readme.md similarity index 100% rename from modules/Microsoft.Authorization/locks/readme.md rename to arm/Microsoft.Authorization/locks/readme.md diff --git a/modules/Microsoft.Authorization/locks/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/locks/resourceGroup/deploy.bicep rename to arm/Microsoft.Authorization/locks/resourceGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/locks/resourceGroup/readme.md b/arm/Microsoft.Authorization/locks/resourceGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/locks/resourceGroup/readme.md rename to arm/Microsoft.Authorization/locks/resourceGroup/readme.md diff --git a/modules/Microsoft.Authorization/locks/resourceGroup/version.json b/arm/Microsoft.Authorization/locks/resourceGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/locks/resourceGroup/version.json rename to arm/Microsoft.Authorization/locks/resourceGroup/version.json diff --git a/modules/Microsoft.Authorization/locks/subscription/deploy.bicep b/arm/Microsoft.Authorization/locks/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/locks/subscription/deploy.bicep rename to arm/Microsoft.Authorization/locks/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/locks/subscription/readme.md b/arm/Microsoft.Authorization/locks/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/locks/subscription/readme.md rename to arm/Microsoft.Authorization/locks/subscription/readme.md diff --git a/modules/Microsoft.Authorization/locks/subscription/version.json b/arm/Microsoft.Authorization/locks/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/locks/subscription/version.json rename to arm/Microsoft.Authorization/locks/subscription/version.json diff --git a/modules/Microsoft.Authorization/locks/version.json b/arm/Microsoft.Authorization/locks/version.json similarity index 100% rename from modules/Microsoft.Authorization/locks/version.json rename to arm/Microsoft.Authorization/locks/version.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.min.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.min.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/rg.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/rg.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/policyAssignments/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policyAssignments/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/deploy.bicep rename to arm/Microsoft.Authorization/policyAssignments/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md rename to arm/Microsoft.Authorization/policyAssignments/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/version.json b/arm/Microsoft.Authorization/policyAssignments/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/managementGroup/version.json rename to arm/Microsoft.Authorization/policyAssignments/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/policyAssignments/readme.md b/arm/Microsoft.Authorization/policyAssignments/readme.md similarity index 99% rename from modules/Microsoft.Authorization/policyAssignments/readme.md rename to arm/Microsoft.Authorization/policyAssignments/readme.md index f0d77958d9..8d335f9300 100644 --- a/modules/Microsoft.Authorization/policyAssignments/readme.md +++ b/arm/Microsoft.Authorization/policyAssignments/readme.md @@ -154,7 +154,7 @@ module policyassignment 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.aut ``` **Local Path Reference** ```bicep -module policyassignment 'yourpath/modules/Microsoft.Authorization.policyAssignments/subscription/deploy.bicep' = {} +module policyassignment 'yourpath/arm/Microsoft.Authorization.policyAssignments/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep rename to arm/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md b/arm/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md rename to arm/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/version.json b/arm/Microsoft.Authorization/policyAssignments/resourceGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/resourceGroup/version.json rename to arm/Microsoft.Authorization/policyAssignments/resourceGroup/version.json diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep rename to arm/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md b/arm/Microsoft.Authorization/policyAssignments/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/subscription/readme.md rename to arm/Microsoft.Authorization/policyAssignments/subscription/readme.md diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/version.json b/arm/Microsoft.Authorization/policyAssignments/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/subscription/version.json rename to arm/Microsoft.Authorization/policyAssignments/subscription/version.json diff --git a/modules/Microsoft.Authorization/policyAssignments/version.json b/arm/Microsoft.Authorization/policyAssignments/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyAssignments/version.json rename to arm/Microsoft.Authorization/policyAssignments/version.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/policyDefinitions/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/policyDefinitions/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/deploy.bicep rename to arm/Microsoft.Authorization/policyDefinitions/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/policyDefinitions/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md rename to arm/Microsoft.Authorization/policyDefinitions/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/policyDefinitions/managementGroup/version.json b/arm/Microsoft.Authorization/policyDefinitions/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/managementGroup/version.json rename to arm/Microsoft.Authorization/policyDefinitions/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/readme.md b/arm/Microsoft.Authorization/policyDefinitions/readme.md similarity index 99% rename from modules/Microsoft.Authorization/policyDefinitions/readme.md rename to arm/Microsoft.Authorization/policyDefinitions/readme.md index 8f340ddb14..c99b0e65da 100644 --- a/modules/Microsoft.Authorization/policyDefinitions/readme.md +++ b/arm/Microsoft.Authorization/policyDefinitions/readme.md @@ -113,7 +113,7 @@ module policydefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.aut ``` **Local Path Reference** ```bicep -module policydefinition 'yourpath/modules/Microsoft.Authorization.policyDefinitions/subscription/deploy.bicep' = {} +module policydefinition 'yourpath/arm/Microsoft.Authorization.policyDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep rename to arm/Microsoft.Authorization/policyDefinitions/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/subscription/readme.md rename to arm/Microsoft.Authorization/policyDefinitions/subscription/readme.md diff --git a/modules/Microsoft.Authorization/policyDefinitions/subscription/version.json b/arm/Microsoft.Authorization/policyDefinitions/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/subscription/version.json rename to arm/Microsoft.Authorization/policyDefinitions/subscription/version.json diff --git a/modules/Microsoft.Authorization/policyDefinitions/version.json b/arm/Microsoft.Authorization/policyDefinitions/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyDefinitions/version.json rename to arm/Microsoft.Authorization/policyDefinitions/version.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.min.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.min.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/rg.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/rg.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/policyExemptions/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policyExemptions/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/deploy.bicep rename to arm/Microsoft.Authorization/policyExemptions/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/policyExemptions/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyExemptions/managementGroup/readme.md b/arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/managementGroup/readme.md rename to arm/Microsoft.Authorization/policyExemptions/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/policyExemptions/managementGroup/version.json b/arm/Microsoft.Authorization/policyExemptions/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/managementGroup/version.json rename to arm/Microsoft.Authorization/policyExemptions/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/policyExemptions/readme.md b/arm/Microsoft.Authorization/policyExemptions/readme.md similarity index 99% rename from modules/Microsoft.Authorization/policyExemptions/readme.md rename to arm/Microsoft.Authorization/policyExemptions/readme.md index d2cb79de7e..e561b3d1ae 100644 --- a/modules/Microsoft.Authorization/policyExemptions/readme.md +++ b/arm/Microsoft.Authorization/policyExemptions/readme.md @@ -132,7 +132,7 @@ module policyexemption 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.auth ``` **Local Path Reference** ```bicep -module policyexemption 'yourpath/modules/Microsoft.Authorization.policyExemptions/subscription/deploy.bicep' = {} +module policyexemption 'yourpath/arm/Microsoft.Authorization.policyExemptions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep rename to arm/Microsoft.Authorization/policyExemptions/resourceGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md b/arm/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md rename to arm/Microsoft.Authorization/policyExemptions/resourceGroup/readme.md diff --git a/modules/Microsoft.Authorization/policyExemptions/resourceGroup/version.json b/arm/Microsoft.Authorization/policyExemptions/resourceGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/resourceGroup/version.json rename to arm/Microsoft.Authorization/policyExemptions/resourceGroup/version.json diff --git a/modules/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep rename to arm/Microsoft.Authorization/policyExemptions/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/policyExemptions/subscription/readme.md b/arm/Microsoft.Authorization/policyExemptions/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/subscription/readme.md rename to arm/Microsoft.Authorization/policyExemptions/subscription/readme.md diff --git a/modules/Microsoft.Authorization/policyExemptions/subscription/version.json b/arm/Microsoft.Authorization/policyExemptions/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/subscription/version.json rename to arm/Microsoft.Authorization/policyExemptions/subscription/version.json diff --git a/modules/Microsoft.Authorization/policyExemptions/version.json b/arm/Microsoft.Authorization/policyExemptions/version.json similarity index 100% rename from modules/Microsoft.Authorization/policyExemptions/version.json rename to arm/Microsoft.Authorization/policyExemptions/version.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/policySetDefinitions/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/policySetDefinitions/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/deploy.bicep rename to arm/Microsoft.Authorization/policySetDefinitions/deploy.bicep diff --git a/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/policySetDefinitions/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md rename to arm/Microsoft.Authorization/policySetDefinitions/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json b/arm/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json rename to arm/Microsoft.Authorization/policySetDefinitions/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/readme.md similarity index 99% rename from modules/Microsoft.Authorization/policySetDefinitions/readme.md rename to arm/Microsoft.Authorization/policySetDefinitions/readme.md index 8479158522..c46a00edb0 100644 --- a/modules/Microsoft.Authorization/policySetDefinitions/readme.md +++ b/arm/Microsoft.Authorization/policySetDefinitions/readme.md @@ -116,7 +116,7 @@ module policysetdefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft. ``` **Local Path Reference** ```bicep -module policysetdefinition 'yourpath/modules/Microsoft.Authorization.policySetDefinitions/subscription/deploy.bicep' = {} +module policysetdefinition 'yourpath/arm/Microsoft.Authorization.policySetDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep rename to arm/Microsoft.Authorization/policySetDefinitions/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/policySetDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/subscription/readme.md rename to arm/Microsoft.Authorization/policySetDefinitions/subscription/readme.md diff --git a/modules/Microsoft.Authorization/policySetDefinitions/subscription/version.json b/arm/Microsoft.Authorization/policySetDefinitions/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/subscription/version.json rename to arm/Microsoft.Authorization/policySetDefinitions/subscription/version.json diff --git a/modules/Microsoft.Authorization/policySetDefinitions/version.json b/arm/Microsoft.Authorization/policySetDefinitions/version.json similarity index 100% rename from modules/Microsoft.Authorization/policySetDefinitions/version.json rename to arm/Microsoft.Authorization/policySetDefinitions/version.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.min.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.min.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/rg.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/rg.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/roleAssignments/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/roleAssignments/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/deploy.bicep rename to arm/Microsoft.Authorization/roleAssignments/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md rename to arm/Microsoft.Authorization/roleAssignments/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/version.json b/arm/Microsoft.Authorization/roleAssignments/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/managementGroup/version.json rename to arm/Microsoft.Authorization/roleAssignments/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/roleAssignments/readme.md b/arm/Microsoft.Authorization/roleAssignments/readme.md similarity index 99% rename from modules/Microsoft.Authorization/roleAssignments/readme.md rename to arm/Microsoft.Authorization/roleAssignments/readme.md index 0c05aa9723..c1833b7c3d 100644 --- a/modules/Microsoft.Authorization/roleAssignments/readme.md +++ b/arm/Microsoft.Authorization/roleAssignments/readme.md @@ -150,7 +150,7 @@ module roleassignment 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.autho ``` **Local Path Reference** ```bicep -module roleassignment 'yourpath/modules/Microsoft.Authorization.roleAssignments/subscription/deploy.bicep' = {} +module roleassignment 'yourpath/arm/Microsoft.Authorization.roleAssignments/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep rename to arm/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md b/arm/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md rename to arm/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/version.json b/arm/Microsoft.Authorization/roleAssignments/resourceGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/resourceGroup/version.json rename to arm/Microsoft.Authorization/roleAssignments/resourceGroup/version.json diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep rename to arm/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md b/arm/Microsoft.Authorization/roleAssignments/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/subscription/readme.md rename to arm/Microsoft.Authorization/roleAssignments/subscription/readme.md diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/version.json b/arm/Microsoft.Authorization/roleAssignments/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/subscription/version.json rename to arm/Microsoft.Authorization/roleAssignments/subscription/version.json diff --git a/modules/Microsoft.Authorization/roleAssignments/version.json b/arm/Microsoft.Authorization/roleAssignments/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleAssignments/version.json rename to arm/Microsoft.Authorization/roleAssignments/version.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.min.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.min.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/mg.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/mg.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.min.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.min.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/rg.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/rg.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.min.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.min.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.min.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.parameters.json b/arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/.deploymentTests/sub.parameters.json rename to arm/Microsoft.Authorization/roleDefinitions/.parameters/sub.parameters.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/deploy.bicep rename to arm/Microsoft.Authorization/roleDefinitions/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep rename to arm/Microsoft.Authorization/roleDefinitions/managementGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md rename to arm/Microsoft.Authorization/roleDefinitions/managementGroup/readme.md diff --git a/modules/Microsoft.Authorization/roleDefinitions/managementGroup/version.json b/arm/Microsoft.Authorization/roleDefinitions/managementGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/managementGroup/version.json rename to arm/Microsoft.Authorization/roleDefinitions/managementGroup/version.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/readme.md b/arm/Microsoft.Authorization/roleDefinitions/readme.md similarity index 99% rename from modules/Microsoft.Authorization/roleDefinitions/readme.md rename to arm/Microsoft.Authorization/roleDefinitions/readme.md index a7566ea2e3..187065a59a 100644 --- a/modules/Microsoft.Authorization/roleDefinitions/readme.md +++ b/arm/Microsoft.Authorization/roleDefinitions/readme.md @@ -150,7 +150,7 @@ module roledefinition 'br:bicepregistry.azurecr.io/bicep/modules/microsoft.autho ``` **Local Path Reference** ```bicep -module roledefinition 'yourpath/modules/Microsoft.Authorization.roleDefinitions/subscription/deploy.bicep' = {} +module roledefinition 'yourpath/arm/Microsoft.Authorization.roleDefinitions/subscription/deploy.bicep' = {} ``` ## Outputs diff --git a/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep rename to arm/Microsoft.Authorization/roleDefinitions/resourceGroup/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md b/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md rename to arm/Microsoft.Authorization/roleDefinitions/resourceGroup/readme.md diff --git a/modules/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json b/arm/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json rename to arm/Microsoft.Authorization/roleDefinitions/resourceGroup/version.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep b/arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep rename to arm/Microsoft.Authorization/roleDefinitions/subscription/deploy.bicep diff --git a/modules/Microsoft.Authorization/roleDefinitions/subscription/readme.md b/arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/subscription/readme.md rename to arm/Microsoft.Authorization/roleDefinitions/subscription/readme.md diff --git a/modules/Microsoft.Authorization/roleDefinitions/subscription/version.json b/arm/Microsoft.Authorization/roleDefinitions/subscription/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/subscription/version.json rename to arm/Microsoft.Authorization/roleDefinitions/subscription/version.json diff --git a/modules/Microsoft.Authorization/roleDefinitions/version.json b/arm/Microsoft.Authorization/roleDefinitions/version.json similarity index 100% rename from modules/Microsoft.Authorization/roleDefinitions/version.json rename to arm/Microsoft.Authorization/roleDefinitions/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/.deploymentTests/encr.parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.deploymentTests/encr.parameters.json rename to arm/Microsoft.Automation/automationAccounts/.parameters/encr.parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/.deploymentTests/min.parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.deploymentTests/min.parameters.json rename to arm/Microsoft.Automation/automationAccounts/.parameters/min.parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/.deploymentTests/parameters.json b/arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/.deploymentTests/parameters.json rename to arm/Microsoft.Automation/automationAccounts/.parameters/parameters.json diff --git a/modules/Microsoft.Automation/automationAccounts/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md b/arm/Microsoft.Automation/automationAccounts/jobSchedules/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md rename to arm/Microsoft.Automation/automationAccounts/jobSchedules/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/jobSchedules/version.json b/arm/Microsoft.Automation/automationAccounts/jobSchedules/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/jobSchedules/version.json rename to arm/Microsoft.Automation/automationAccounts/jobSchedules/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/modules/deploy.bicep similarity index 96% rename from modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/modules/deploy.bicep index 4e9ce28d86..2927c87e94 100644 --- a/modules/Microsoft.Automation/automationAccounts/modules/deploy.bicep +++ b/arm/Microsoft.Automation/automationAccounts/modules/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Conditional. The name of the parent Automation Account. Required if the template is used in a standalone deployment.') param automationAccountName string -@description('Required. Module package URI, e.g. https://www.powershellgallery.com/api/v2/package.') +@description('Required. Module package uri, e.g. https://www.powershellgallery.com/api/v2/package.') param uri string @description('Optional. Module version or specify latest to get the latest version.') diff --git a/modules/Microsoft.Automation/automationAccounts/modules/readme.md b/arm/Microsoft.Automation/automationAccounts/modules/readme.md similarity index 97% rename from modules/Microsoft.Automation/automationAccounts/modules/readme.md rename to arm/Microsoft.Automation/automationAccounts/modules/readme.md index 9eb4ee8a5c..c593272a90 100644 --- a/modules/Microsoft.Automation/automationAccounts/modules/readme.md +++ b/arm/Microsoft.Automation/automationAccounts/modules/readme.md @@ -20,7 +20,7 @@ This module deploys an Azure Automation Account Module. | Parameter Name | Type | Description | | :-- | :-- | :-- | | `name` | string | Name of the Automation Account module. | -| `uri` | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | +| `uri` | string | Module package uri, e.g. https://www.powershellgallery.com/api/v2/package. | **Conditional parameters** | Parameter Name | Type | Description | diff --git a/modules/Microsoft.Automation/automationAccounts/modules/version.json b/arm/Microsoft.Automation/automationAccounts/modules/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/modules/version.json rename to arm/Microsoft.Automation/automationAccounts/modules/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/arm/Microsoft.Automation/automationAccounts/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/readme.md rename to arm/Microsoft.Automation/automationAccounts/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/runbooks/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/runbooks/readme.md b/arm/Microsoft.Automation/automationAccounts/runbooks/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/runbooks/readme.md rename to arm/Microsoft.Automation/automationAccounts/runbooks/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/runbooks/version.json b/arm/Microsoft.Automation/automationAccounts/runbooks/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/runbooks/version.json rename to arm/Microsoft.Automation/automationAccounts/runbooks/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/schedules/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/schedules/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/schedules/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/schedules/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/schedules/readme.md b/arm/Microsoft.Automation/automationAccounts/schedules/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/schedules/readme.md rename to arm/Microsoft.Automation/automationAccounts/schedules/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/schedules/version.json b/arm/Microsoft.Automation/automationAccounts/schedules/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/schedules/version.json rename to arm/Microsoft.Automation/automationAccounts/schedules/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md b/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md rename to arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json b/arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json rename to arm/Microsoft.Automation/automationAccounts/softwareUpdateConfigurations/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/variables/deploy.bicep b/arm/Microsoft.Automation/automationAccounts/variables/deploy.bicep similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/variables/deploy.bicep rename to arm/Microsoft.Automation/automationAccounts/variables/deploy.bicep diff --git a/modules/Microsoft.Automation/automationAccounts/variables/readme.md b/arm/Microsoft.Automation/automationAccounts/variables/readme.md similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/variables/readme.md rename to arm/Microsoft.Automation/automationAccounts/variables/readme.md diff --git a/modules/Microsoft.Automation/automationAccounts/variables/version.json b/arm/Microsoft.Automation/automationAccounts/variables/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/variables/version.json rename to arm/Microsoft.Automation/automationAccounts/variables/version.json diff --git a/modules/Microsoft.Automation/automationAccounts/version.json b/arm/Microsoft.Automation/automationAccounts/version.json similarity index 100% rename from modules/Microsoft.Automation/automationAccounts/version.json rename to arm/Microsoft.Automation/automationAccounts/version.json diff --git a/modules/Microsoft.Batch/batchAccounts/.deploymentTests/min.parameters.json b/arm/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.deploymentTests/min.parameters.json rename to arm/Microsoft.Batch/batchAccounts/.parameters/min.parameters.json diff --git a/modules/Microsoft.Batch/batchAccounts/.deploymentTests/parameters.json b/arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.deploymentTests/parameters.json rename to arm/Microsoft.Batch/batchAccounts/.parameters/parameters.json diff --git a/modules/Microsoft.Batch/batchAccounts/deploy.bicep b/arm/Microsoft.Batch/batchAccounts/deploy.bicep similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/deploy.bicep rename to arm/Microsoft.Batch/batchAccounts/deploy.bicep diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/arm/Microsoft.Batch/batchAccounts/readme.md similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/readme.md rename to arm/Microsoft.Batch/batchAccounts/readme.md diff --git a/modules/Microsoft.Batch/batchAccounts/version.json b/arm/Microsoft.Batch/batchAccounts/version.json similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/version.json rename to arm/Microsoft.Batch/batchAccounts/version.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/encr.parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.deploymentTests/encr.parameters.json rename to arm/Microsoft.CognitiveServices/accounts/.parameters/encr.parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/min.parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.deploymentTests/min.parameters.json rename to arm/Microsoft.CognitiveServices/accounts/.parameters/min.parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.deploymentTests/parameters.json rename to arm/Microsoft.CognitiveServices/accounts/.parameters/parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/.deploymentTests/speech.parameters.json b/arm/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/.deploymentTests/speech.parameters.json rename to arm/Microsoft.CognitiveServices/accounts/.parameters/speech.parameters.json diff --git a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep b/arm/Microsoft.CognitiveServices/accounts/deploy.bicep similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/deploy.bicep rename to arm/Microsoft.CognitiveServices/accounts/deploy.bicep diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/arm/Microsoft.CognitiveServices/accounts/readme.md similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/readme.md rename to arm/Microsoft.CognitiveServices/accounts/readme.md diff --git a/modules/Microsoft.CognitiveServices/accounts/version.json b/arm/Microsoft.CognitiveServices/accounts/version.json similarity index 100% rename from modules/Microsoft.CognitiveServices/accounts/version.json rename to arm/Microsoft.CognitiveServices/accounts/version.json diff --git a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/availabilitySets/.deploymentTests/min.parameters.json b/arm/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/.deploymentTests/min.parameters.json rename to arm/Microsoft.Compute/availabilitySets/.parameters/min.parameters.json diff --git a/modules/Microsoft.Compute/availabilitySets/.deploymentTests/parameters.json b/arm/Microsoft.Compute/availabilitySets/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/availabilitySets/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/availabilitySets/deploy.bicep b/arm/Microsoft.Compute/availabilitySets/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/deploy.bicep rename to arm/Microsoft.Compute/availabilitySets/deploy.bicep diff --git a/modules/Microsoft.Compute/availabilitySets/readme.md b/arm/Microsoft.Compute/availabilitySets/readme.md similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/readme.md rename to arm/Microsoft.Compute/availabilitySets/readme.md diff --git a/modules/Microsoft.Compute/availabilitySets/version.json b/arm/Microsoft.Compute/availabilitySets/version.json similarity index 100% rename from modules/Microsoft.Compute/availabilitySets/version.json rename to arm/Microsoft.Compute/availabilitySets/version.json diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.deploymentTests/parameters.json b/arm/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/diskEncryptionSets/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep rename to arm/Microsoft.Compute/diskEncryptionSets/deploy.bicep diff --git a/modules/Microsoft.Compute/diskEncryptionSets/readme.md b/arm/Microsoft.Compute/diskEncryptionSets/readme.md similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/readme.md rename to arm/Microsoft.Compute/diskEncryptionSets/readme.md diff --git a/modules/Microsoft.Compute/diskEncryptionSets/version.json b/arm/Microsoft.Compute/diskEncryptionSets/version.json similarity index 100% rename from modules/Microsoft.Compute/diskEncryptionSets/version.json rename to arm/Microsoft.Compute/diskEncryptionSets/version.json diff --git a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/disks/.deploymentTests/image.parameters.json b/arm/Microsoft.Compute/disks/.parameters/image.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.deploymentTests/image.parameters.json rename to arm/Microsoft.Compute/disks/.parameters/image.parameters.json diff --git a/modules/Microsoft.Compute/disks/.deploymentTests/import.parameters.json b/arm/Microsoft.Compute/disks/.parameters/import.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.deploymentTests/import.parameters.json rename to arm/Microsoft.Compute/disks/.parameters/import.parameters.json diff --git a/modules/Microsoft.Compute/disks/.deploymentTests/min.parameters.json b/arm/Microsoft.Compute/disks/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.deploymentTests/min.parameters.json rename to arm/Microsoft.Compute/disks/.parameters/min.parameters.json diff --git a/modules/Microsoft.Compute/disks/.deploymentTests/parameters.json b/arm/Microsoft.Compute/disks/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/disks/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/disks/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/disks/deploy.bicep b/arm/Microsoft.Compute/disks/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/disks/deploy.bicep rename to arm/Microsoft.Compute/disks/deploy.bicep diff --git a/modules/Microsoft.Compute/disks/readme.md b/arm/Microsoft.Compute/disks/readme.md similarity index 100% rename from modules/Microsoft.Compute/disks/readme.md rename to arm/Microsoft.Compute/disks/readme.md diff --git a/modules/Microsoft.Compute/disks/version.json b/arm/Microsoft.Compute/disks/version.json similarity index 100% rename from modules/Microsoft.Compute/disks/version.json rename to arm/Microsoft.Compute/disks/version.json diff --git a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/galleries/.deploymentTests/images.parameters.json b/arm/Microsoft.Compute/galleries/.parameters/images.parameters.json similarity index 100% rename from modules/Microsoft.Compute/galleries/.deploymentTests/images.parameters.json rename to arm/Microsoft.Compute/galleries/.parameters/images.parameters.json diff --git a/modules/Microsoft.Compute/galleries/.deploymentTests/parameters.json b/arm/Microsoft.Compute/galleries/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/galleries/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/galleries/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/galleries/deploy.bicep b/arm/Microsoft.Compute/galleries/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/galleries/deploy.bicep rename to arm/Microsoft.Compute/galleries/deploy.bicep diff --git a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/galleries/images/deploy.bicep b/arm/Microsoft.Compute/galleries/images/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/galleries/images/deploy.bicep rename to arm/Microsoft.Compute/galleries/images/deploy.bicep diff --git a/modules/Microsoft.Compute/galleries/images/readme.md b/arm/Microsoft.Compute/galleries/images/readme.md similarity index 100% rename from modules/Microsoft.Compute/galleries/images/readme.md rename to arm/Microsoft.Compute/galleries/images/readme.md diff --git a/modules/Microsoft.Compute/galleries/images/version.json b/arm/Microsoft.Compute/galleries/images/version.json similarity index 100% rename from modules/Microsoft.Compute/galleries/images/version.json rename to arm/Microsoft.Compute/galleries/images/version.json diff --git a/modules/Microsoft.Compute/galleries/readme.md b/arm/Microsoft.Compute/galleries/readme.md similarity index 100% rename from modules/Microsoft.Compute/galleries/readme.md rename to arm/Microsoft.Compute/galleries/readme.md diff --git a/modules/Microsoft.Compute/galleries/version.json b/arm/Microsoft.Compute/galleries/version.json similarity index 100% rename from modules/Microsoft.Compute/galleries/version.json rename to arm/Microsoft.Compute/galleries/version.json diff --git a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/images/.deploymentTests/parameters.json b/arm/Microsoft.Compute/images/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/images/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/images/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/images/deploy.bicep b/arm/Microsoft.Compute/images/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/images/deploy.bicep rename to arm/Microsoft.Compute/images/deploy.bicep diff --git a/modules/Microsoft.Compute/images/readme.md b/arm/Microsoft.Compute/images/readme.md similarity index 100% rename from modules/Microsoft.Compute/images/readme.md rename to arm/Microsoft.Compute/images/readme.md diff --git a/modules/Microsoft.Compute/images/version.json b/arm/Microsoft.Compute/images/version.json similarity index 100% rename from modules/Microsoft.Compute/images/version.json rename to arm/Microsoft.Compute/images/version.json diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.deploymentTests/parameters.json b/arm/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/.deploymentTests/parameters.json rename to arm/Microsoft.Compute/proximityPlacementGroups/.parameters/parameters.json diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep rename to arm/Microsoft.Compute/proximityPlacementGroups/deploy.bicep diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/readme.md b/arm/Microsoft.Compute/proximityPlacementGroups/readme.md similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/readme.md rename to arm/Microsoft.Compute/proximityPlacementGroups/readme.md diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/version.json b/arm/Microsoft.Compute/proximityPlacementGroups/version.json similarity index 100% rename from modules/Microsoft.Compute/proximityPlacementGroups/version.json rename to arm/Microsoft.Compute/proximityPlacementGroups/version.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.min.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.min.parameters.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/linux.parameters.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/linux.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.min.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.min.parameters.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.parameters.json b/arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.deploymentTests/windows.parameters.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/.parameters/windows.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep rename to arm/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep rename to arm/Microsoft.Compute/virtualMachineScaleSets/extensions/deploy.bicep diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md rename to arm/Microsoft.Compute/virtualMachineScaleSets/extensions/readme.md diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json b/arm/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/extensions/version.json diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md b/arm/Microsoft.Compute/virtualMachineScaleSets/readme.md similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/readme.md rename to arm/Microsoft.Compute/virtualMachineScaleSets/readme.md diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/version.json b/arm/Microsoft.Compute/virtualMachineScaleSets/version.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/version.json rename to arm/Microsoft.Compute/virtualMachineScaleSets/version.json diff --git a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep rename to arm/Microsoft.Compute/virtualMachines/.bicep/nested_networkInterface.bicep diff --git a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.autmg.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.autmg.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/linux.autmg.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.min.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.min.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/linux.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/linux.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/linux.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.autmg.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.autmg.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/windows.autmg.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.min.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.min.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/windows.min.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.parameters.json b/arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/.deploymentTests/windows.parameters.json rename to arm/Microsoft.Compute/virtualMachines/.parameters/windows.parameters.json diff --git a/modules/Microsoft.Compute/virtualMachines/deploy.bicep b/arm/Microsoft.Compute/virtualMachines/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/deploy.bicep rename to arm/Microsoft.Compute/virtualMachines/deploy.bicep diff --git a/modules/Microsoft.Compute/virtualMachines/extensions/deploy.bicep b/arm/Microsoft.Compute/virtualMachines/extensions/deploy.bicep similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/extensions/deploy.bicep rename to arm/Microsoft.Compute/virtualMachines/extensions/deploy.bicep diff --git a/modules/Microsoft.Compute/virtualMachines/extensions/readme.md b/arm/Microsoft.Compute/virtualMachines/extensions/readme.md similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/extensions/readme.md rename to arm/Microsoft.Compute/virtualMachines/extensions/readme.md diff --git a/modules/Microsoft.Compute/virtualMachines/extensions/version.json b/arm/Microsoft.Compute/virtualMachines/extensions/version.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/extensions/version.json rename to arm/Microsoft.Compute/virtualMachines/extensions/version.json diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/arm/Microsoft.Compute/virtualMachines/readme.md similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/readme.md rename to arm/Microsoft.Compute/virtualMachines/readme.md diff --git a/modules/Microsoft.Compute/virtualMachines/version.json b/arm/Microsoft.Compute/virtualMachines/version.json similarity index 100% rename from modules/Microsoft.Compute/virtualMachines/version.json rename to arm/Microsoft.Compute/virtualMachines/version.json diff --git a/modules/Microsoft.Consumption/budgets/.deploymentTests/parameters.json b/arm/Microsoft.Consumption/budgets/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Consumption/budgets/.deploymentTests/parameters.json rename to arm/Microsoft.Consumption/budgets/.parameters/parameters.json diff --git a/modules/Microsoft.Consumption/budgets/deploy.bicep b/arm/Microsoft.Consumption/budgets/deploy.bicep similarity index 100% rename from modules/Microsoft.Consumption/budgets/deploy.bicep rename to arm/Microsoft.Consumption/budgets/deploy.bicep diff --git a/modules/Microsoft.Consumption/budgets/readme.md b/arm/Microsoft.Consumption/budgets/readme.md similarity index 100% rename from modules/Microsoft.Consumption/budgets/readme.md rename to arm/Microsoft.Consumption/budgets/readme.md diff --git a/modules/Microsoft.Consumption/budgets/version.json b/arm/Microsoft.Consumption/budgets/version.json similarity index 100% rename from modules/Microsoft.Consumption/budgets/version.json rename to arm/Microsoft.Consumption/budgets/version.json diff --git a/modules/Microsoft.ContainerInstance/containerGroups/.deploymentTests/parameters.json b/arm/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.ContainerInstance/containerGroups/.deploymentTests/parameters.json rename to arm/Microsoft.ContainerInstance/containerGroups/.parameters/parameters.json diff --git a/modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep b/arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerInstance/containerGroups/deploy.bicep rename to arm/Microsoft.ContainerInstance/containerGroups/deploy.bicep diff --git a/modules/Microsoft.ContainerInstance/containerGroups/readme.md b/arm/Microsoft.ContainerInstance/containerGroups/readme.md similarity index 100% rename from modules/Microsoft.ContainerInstance/containerGroups/readme.md rename to arm/Microsoft.ContainerInstance/containerGroups/readme.md diff --git a/modules/Microsoft.ContainerInstance/containerGroups/version.json b/arm/Microsoft.ContainerInstance/containerGroups/version.json similarity index 100% rename from modules/Microsoft.ContainerInstance/containerGroups/version.json rename to arm/Microsoft.ContainerInstance/containerGroups/version.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/encr.parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.deploymentTests/encr.parameters.json rename to arm/Microsoft.ContainerRegistry/registries/.parameters/encr.parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/min.parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.deploymentTests/min.parameters.json rename to arm/Microsoft.ContainerRegistry/registries/.parameters/min.parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/.deploymentTests/parameters.json b/arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/.deploymentTests/parameters.json rename to arm/Microsoft.ContainerRegistry/registries/.parameters/parameters.json diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/deploy.bicep rename to arm/Microsoft.ContainerRegistry/registries/deploy.bicep diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/arm/Microsoft.ContainerRegistry/registries/readme.md similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/readme.md rename to arm/Microsoft.ContainerRegistry/registries/readme.md diff --git a/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep rename to arm/Microsoft.ContainerRegistry/registries/replications/deploy.bicep diff --git a/modules/Microsoft.ContainerRegistry/registries/replications/readme.md b/arm/Microsoft.ContainerRegistry/registries/replications/readme.md similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/replications/readme.md rename to arm/Microsoft.ContainerRegistry/registries/replications/readme.md diff --git a/modules/Microsoft.ContainerRegistry/registries/replications/version.json b/arm/Microsoft.ContainerRegistry/registries/replications/version.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/replications/version.json rename to arm/Microsoft.ContainerRegistry/registries/replications/version.json diff --git a/modules/Microsoft.ContainerRegistry/registries/version.json b/arm/Microsoft.ContainerRegistry/registries/version.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/version.json rename to arm/Microsoft.ContainerRegistry/registries/version.json diff --git a/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep b/arm/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep rename to arm/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep diff --git a/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md b/arm/Microsoft.ContainerRegistry/registries/webhooks/readme.md similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md rename to arm/Microsoft.ContainerRegistry/registries/webhooks/readme.md diff --git a/modules/Microsoft.ContainerRegistry/registries/webhooks/version.json b/arm/Microsoft.ContainerRegistry/registries/webhooks/version.json similarity index 100% rename from modules/Microsoft.ContainerRegistry/registries/webhooks/version.json rename to arm/Microsoft.ContainerRegistry/registries/webhooks/version.json diff --git a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.ContainerService/managedClusters/.deploymentTests/azure.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/.deploymentTests/azure.parameters.json rename to arm/Microsoft.ContainerService/managedClusters/.parameters/azure.parameters.json diff --git a/modules/Microsoft.ContainerService/managedClusters/.deploymentTests/kubenet.parameters.json b/arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/.deploymentTests/kubenet.parameters.json rename to arm/Microsoft.ContainerService/managedClusters/.parameters/kubenet.parameters.json diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep rename to arm/Microsoft.ContainerService/managedClusters/agentPools/deploy.bicep diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md b/arm/Microsoft.ContainerService/managedClusters/agentPools/readme.md similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md rename to arm/Microsoft.ContainerService/managedClusters/agentPools/readme.md diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/version.json b/arm/Microsoft.ContainerService/managedClusters/agentPools/version.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/agentPools/version.json rename to arm/Microsoft.ContainerService/managedClusters/agentPools/version.json diff --git a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep b/arm/Microsoft.ContainerService/managedClusters/deploy.bicep similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/deploy.bicep rename to arm/Microsoft.ContainerService/managedClusters/deploy.bicep diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/arm/Microsoft.ContainerService/managedClusters/readme.md similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/readme.md rename to arm/Microsoft.ContainerService/managedClusters/readme.md diff --git a/modules/Microsoft.ContainerService/managedClusters/version.json b/arm/Microsoft.ContainerService/managedClusters/version.json similarity index 100% rename from modules/Microsoft.ContainerService/managedClusters/version.json rename to arm/Microsoft.ContainerService/managedClusters/version.json diff --git a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DataFactory/factories/.deploymentTests/parameters.json b/arm/Microsoft.DataFactory/factories/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.DataFactory/factories/.deploymentTests/parameters.json rename to arm/Microsoft.DataFactory/factories/.parameters/parameters.json diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/arm/Microsoft.DataFactory/factories/deploy.bicep similarity index 100% rename from modules/Microsoft.DataFactory/factories/deploy.bicep rename to arm/Microsoft.DataFactory/factories/deploy.bicep diff --git a/modules/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep b/arm/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep similarity index 100% rename from modules/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep rename to arm/Microsoft.DataFactory/factories/integrationRuntime/deploy.bicep diff --git a/modules/Microsoft.DataFactory/factories/integrationRuntime/readme.md b/arm/Microsoft.DataFactory/factories/integrationRuntime/readme.md similarity index 100% rename from modules/Microsoft.DataFactory/factories/integrationRuntime/readme.md rename to arm/Microsoft.DataFactory/factories/integrationRuntime/readme.md diff --git a/modules/Microsoft.DataFactory/factories/integrationRuntime/version.json b/arm/Microsoft.DataFactory/factories/integrationRuntime/version.json similarity index 100% rename from modules/Microsoft.DataFactory/factories/integrationRuntime/version.json rename to arm/Microsoft.DataFactory/factories/integrationRuntime/version.json diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep b/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep similarity index 100% rename from modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep rename to arm/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md b/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md similarity index 100% rename from modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md rename to arm/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json b/arm/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json similarity index 100% rename from modules/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json rename to arm/Microsoft.DataFactory/factories/managedVirtualNetwork/version.json diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/arm/Microsoft.DataFactory/factories/readme.md similarity index 100% rename from modules/Microsoft.DataFactory/factories/readme.md rename to arm/Microsoft.DataFactory/factories/readme.md diff --git a/modules/Microsoft.DataFactory/factories/version.json b/arm/Microsoft.DataFactory/factories/version.json similarity index 100% rename from modules/Microsoft.DataFactory/factories/version.json rename to arm/Microsoft.DataFactory/factories/version.json diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep similarity index 89% rename from modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep index 02cd494ea4..2f52129333 100644 --- a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep +++ b/arm/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep @@ -27,17 +27,17 @@ var builtInRoleNames = { 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') } -resource backupVault 'Microsoft.DataProtection/backupVaults@2022-03-01' existing = { +resource bv 'Microsoft.DataProtection/backupVaults@2022-03-01' existing = { name: last(split(resourceId, '/')) } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(backupVault.id, principalId, roleDefinitionIdOrName) + name: guid(bv.id, principalId, roleDefinitionIdOrName) properties: { description: description roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null } - scope: backupVault + scope: bv }] diff --git a/modules/Microsoft.DataProtection/backupVaults/.deploymentTests/min.parameters.json b/arm/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/.deploymentTests/min.parameters.json rename to arm/Microsoft.DataProtection/backupVaults/.parameters/min.parameters.json diff --git a/modules/Microsoft.DataProtection/backupVaults/.deploymentTests/parameters.json b/arm/Microsoft.DataProtection/backupVaults/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/.deploymentTests/parameters.json rename to arm/Microsoft.DataProtection/backupVaults/.parameters/parameters.json diff --git a/modules/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep b/arm/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep rename to arm/Microsoft.DataProtection/backupVaults/backupPolicies/deploy.bicep diff --git a/modules/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md b/arm/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md rename to arm/Microsoft.DataProtection/backupVaults/backupPolicies/readme.md diff --git a/modules/Microsoft.DataProtection/backupVaults/backupPolicies/version.json b/arm/Microsoft.DataProtection/backupVaults/backupPolicies/version.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/backupPolicies/version.json rename to arm/Microsoft.DataProtection/backupVaults/backupPolicies/version.json diff --git a/modules/Microsoft.DataProtection/backupVaults/deploy.bicep b/arm/Microsoft.DataProtection/backupVaults/deploy.bicep similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/deploy.bicep rename to arm/Microsoft.DataProtection/backupVaults/deploy.bicep diff --git a/modules/Microsoft.DataProtection/backupVaults/readme.md b/arm/Microsoft.DataProtection/backupVaults/readme.md similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/readme.md rename to arm/Microsoft.DataProtection/backupVaults/readme.md diff --git a/modules/Microsoft.DataProtection/backupVaults/version.json b/arm/Microsoft.DataProtection/backupVaults/version.json similarity index 100% rename from modules/Microsoft.DataProtection/backupVaults/version.json rename to arm/Microsoft.DataProtection/backupVaults/version.json diff --git a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.Databricks/workspaces/.deploymentTests/parameters.json b/arm/Microsoft.Databricks/workspaces/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.Databricks/workspaces/.deploymentTests/parameters.json rename to arm/Microsoft.Databricks/workspaces/.parameters/parameters.json diff --git a/modules/Microsoft.Databricks/workspaces/deploy.bicep b/arm/Microsoft.Databricks/workspaces/deploy.bicep similarity index 100% rename from modules/Microsoft.Databricks/workspaces/deploy.bicep rename to arm/Microsoft.Databricks/workspaces/deploy.bicep diff --git a/modules/Microsoft.Databricks/workspaces/readme.md b/arm/Microsoft.Databricks/workspaces/readme.md similarity index 100% rename from modules/Microsoft.Databricks/workspaces/readme.md rename to arm/Microsoft.Databricks/workspaces/readme.md diff --git a/modules/Microsoft.Databricks/workspaces/version.json b/arm/Microsoft.Databricks/workspaces/version.json similarity index 100% rename from modules/Microsoft.Databricks/workspaces/version.json rename to arm/Microsoft.Databricks/workspaces/version.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/min.parameters.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/min.parameters.json rename to arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/min.parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/parameters.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/.deploymentTests/parameters.json rename to arm/Microsoft.DesktopVirtualization/applicationgroups/.parameters/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep rename to arm/Microsoft.DesktopVirtualization/applicationgroups/applications/deploy.bicep diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md b/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md rename to arm/Microsoft.DesktopVirtualization/applicationgroups/applications/readme.md diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json rename to arm/Microsoft.DesktopVirtualization/applicationgroups/applications/version.json diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep rename to arm/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md rename to arm/Microsoft.DesktopVirtualization/applicationgroups/readme.md diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/version.json b/arm/Microsoft.DesktopVirtualization/applicationgroups/version.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/applicationgroups/version.json rename to arm/Microsoft.DesktopVirtualization/applicationgroups/version.json diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.deploymentTests/parameters.json b/arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/.deploymentTests/parameters.json rename to arm/Microsoft.DesktopVirtualization/hostpools/.parameters/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep rename to arm/Microsoft.DesktopVirtualization/hostpools/deploy.bicep diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md b/arm/Microsoft.DesktopVirtualization/hostpools/readme.md similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/readme.md rename to arm/Microsoft.DesktopVirtualization/hostpools/readme.md diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/version.json b/arm/Microsoft.DesktopVirtualization/hostpools/version.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/hostpools/version.json rename to arm/Microsoft.DesktopVirtualization/hostpools/version.json diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.deploymentTests/min.parameters.json b/arm/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/.deploymentTests/min.parameters.json rename to arm/Microsoft.DesktopVirtualization/scalingplans/.parameters/min.parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep b/arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep rename to arm/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md b/arm/Microsoft.DesktopVirtualization/scalingplans/readme.md similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/readme.md rename to arm/Microsoft.DesktopVirtualization/scalingplans/readme.md diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/version.json b/arm/Microsoft.DesktopVirtualization/scalingplans/version.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/scalingplans/version.json rename to arm/Microsoft.DesktopVirtualization/scalingplans/version.json diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.deploymentTests/parameters.json b/arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/.deploymentTests/parameters.json rename to arm/Microsoft.DesktopVirtualization/workspaces/.parameters/parameters.json diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep rename to arm/Microsoft.DesktopVirtualization/workspaces/deploy.bicep diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md b/arm/Microsoft.DesktopVirtualization/workspaces/readme.md similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/readme.md rename to arm/Microsoft.DesktopVirtualization/workspaces/readme.md diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/version.json b/arm/Microsoft.DesktopVirtualization/workspaces/version.json similarity index 100% rename from modules/Microsoft.DesktopVirtualization/workspaces/version.json rename to arm/Microsoft.DesktopVirtualization/workspaces/version.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/mongodb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/mongodb.parameters.json rename to arm/Microsoft.DocumentDB/databaseAccounts/.parameters/mongodb.parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/plain.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/plain.parameters.json rename to arm/Microsoft.DocumentDB/databaseAccounts/.parameters/plain.parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/sqldb.parameters.json b/arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/.deploymentTests/sqldb.parameters.json rename to arm/Microsoft.DocumentDB/databaseAccounts/.parameters/sqldb.parameters.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/deploy.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/deploy.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/readme.md diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/version.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/deploy.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/readme.md diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json b/arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json rename to arm/Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/version.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/readme.md similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/readme.md rename to arm/Microsoft.DocumentDB/databaseAccounts/readme.md diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/deploy.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readme.md diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/version.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/deploy.bicep diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/readme.md diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json b/arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json rename to arm/Microsoft.DocumentDB/databaseAccounts/sqlDatabases/version.json diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/version.json b/arm/Microsoft.DocumentDB/databaseAccounts/version.json similarity index 100% rename from modules/Microsoft.DocumentDB/databaseAccounts/version.json rename to arm/Microsoft.DocumentDB/databaseAccounts/version.json diff --git a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.EventGrid/systemTopics/.deploymentTests/min.parameters.json b/arm/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/.deploymentTests/min.parameters.json rename to arm/Microsoft.EventGrid/systemTopics/.parameters/min.parameters.json diff --git a/modules/Microsoft.EventGrid/systemTopics/.deploymentTests/parameters.json b/arm/Microsoft.EventGrid/systemTopics/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/.deploymentTests/parameters.json rename to arm/Microsoft.EventGrid/systemTopics/.parameters/parameters.json diff --git a/modules/Microsoft.EventGrid/systemTopics/deploy.bicep b/arm/Microsoft.EventGrid/systemTopics/deploy.bicep similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/deploy.bicep rename to arm/Microsoft.EventGrid/systemTopics/deploy.bicep diff --git a/modules/Microsoft.EventGrid/systemTopics/readme.md b/arm/Microsoft.EventGrid/systemTopics/readme.md similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/readme.md rename to arm/Microsoft.EventGrid/systemTopics/readme.md diff --git a/modules/Microsoft.EventGrid/systemTopics/version.json b/arm/Microsoft.EventGrid/systemTopics/version.json similarity index 100% rename from modules/Microsoft.EventGrid/systemTopics/version.json rename to arm/Microsoft.EventGrid/systemTopics/version.json diff --git a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.EventGrid/topics/.deploymentTests/parameters.json b/arm/Microsoft.EventGrid/topics/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.EventGrid/topics/.deploymentTests/parameters.json rename to arm/Microsoft.EventGrid/topics/.parameters/parameters.json diff --git a/modules/Microsoft.EventGrid/topics/deploy.bicep b/arm/Microsoft.EventGrid/topics/deploy.bicep similarity index 100% rename from modules/Microsoft.EventGrid/topics/deploy.bicep rename to arm/Microsoft.EventGrid/topics/deploy.bicep diff --git a/modules/Microsoft.EventGrid/topics/readme.md b/arm/Microsoft.EventGrid/topics/readme.md similarity index 100% rename from modules/Microsoft.EventGrid/topics/readme.md rename to arm/Microsoft.EventGrid/topics/readme.md diff --git a/modules/Microsoft.EventGrid/topics/version.json b/arm/Microsoft.EventGrid/topics/version.json similarity index 100% rename from modules/Microsoft.EventGrid/topics/version.json rename to arm/Microsoft.EventGrid/topics/version.json diff --git a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.EventHub/namespaces/.deploymentTests/min.parameters.json b/arm/Microsoft.EventHub/namespaces/.parameters/min.parameters.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/.deploymentTests/min.parameters.json rename to arm/Microsoft.EventHub/namespaces/.parameters/min.parameters.json diff --git a/modules/Microsoft.EventHub/namespaces/.deploymentTests/parameters.json b/arm/Microsoft.EventHub/namespaces/.parameters/parameters.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/.deploymentTests/parameters.json rename to arm/Microsoft.EventHub/namespaces/.parameters/parameters.json diff --git a/modules/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep b/arm/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/authorizationRules/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/authorizationRules/readme.md b/arm/Microsoft.EventHub/namespaces/authorizationRules/readme.md similarity index 100% rename from modules/Microsoft.EventHub/namespaces/authorizationRules/readme.md rename to arm/Microsoft.EventHub/namespaces/authorizationRules/readme.md diff --git a/modules/Microsoft.EventHub/namespaces/authorizationRules/version.json b/arm/Microsoft.EventHub/namespaces/authorizationRules/version.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/authorizationRules/version.json rename to arm/Microsoft.EventHub/namespaces/authorizationRules/version.json diff --git a/modules/Microsoft.EventHub/namespaces/deploy.bicep b/arm/Microsoft.EventHub/namespaces/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md b/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md similarity index 100% rename from modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md rename to arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/readme.md diff --git a/modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json b/arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json rename to arm/Microsoft.EventHub/namespaces/disasterRecoveryConfigs/version.json diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep rename to arm/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md rename to arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/readme.md diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json b/arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json rename to arm/Microsoft.EventHub/namespaces/eventhubs/authorizationRules/version.json diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md rename to arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/readme.md diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json b/arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json rename to arm/Microsoft.EventHub/namespaces/eventhubs/consumergroups/version.json diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep rename to arm/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md b/arm/Microsoft.EventHub/namespaces/eventhubs/readme.md similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/readme.md rename to arm/Microsoft.EventHub/namespaces/eventhubs/readme.md diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/version.json b/arm/Microsoft.EventHub/namespaces/eventhubs/version.json similarity index 100% rename from modules/Microsoft.EventHub/namespaces/eventhubs/version.json rename to arm/Microsoft.EventHub/namespaces/eventhubs/version.json diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json b/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json deleted file mode 100644 index 2842a912e2..0000000000 --- a/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.prefix.parameter.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vmInitialNumber": { - "value": 1 - }, - "vmNamePrefix": { - "value": "<>-vm-linux-prefix" - }, - "vmNumberOfInstances": { - "value": 3 - }, - "osType": { - "value": "Linux" - }, - "imageReference": { - "value": { - "publisher": "Canonical", - "offer": "UbuntuServer", - "sku": "18.04-LTS", - "version": "latest" - } - }, - "osDisk": { - "value": { - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "vmSize": { - "value": "Standard_B12ms" - }, - "adminUsername": { - "value": "localAdminUser" - }, - "disablePasswordAuthentication": { - "value": true - }, - "publicKeys": { - "value": [ - { - "path": "/home/localAdminUser/.ssh/authorized_keys", - "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure" - } - ] - }, - "nicConfigurations": { - "value": [ - { - "nicSuffix": "-nic-01", - "ipConfigurations": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "pipConfiguration": { - "publicIpNameSuffix": "-pip-01" - } - } - ] - } - ] - } - } -} diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json b/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json deleted file mode 100644 index c026d03d1d..0000000000 --- a/constructs/Microsoft.Compute/virtualMachinesMultiple/.deploymentTests/linux.vmnames.parameter.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "vmNames": { - "value": [ - "<>-vm-linux-vmnames-01", - "<>-vm-linux-vmnames-02", - "<>-vm-linux-vmnames-03" - ] - }, - "osType": { - "value": "Linux" - }, - "imageReference": { - "value": { - "publisher": "Canonical", - "offer": "UbuntuServer", - "sku": "18.04-LTS", - "version": "latest" - } - }, - "osDisk": { - "value": { - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "vmSize": { - "value": "Standard_B12ms" - }, - "adminUsername": { - "value": "localAdminUser" - }, - "disablePasswordAuthentication": { - "value": true - }, - "publicKeys": { - "value": [ - { - "path": "/home/localAdminUser/.ssh/authorized_keys", - "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdOir5eO28EBwxU0Dyra7g9h0HUXDyMNFp2z8PhaTUQgHjrimkMxjYRwEOG/lxnYL7+TqZk+HcPTfbZOunHBw0Wx2CITzILt6531vmIYZGfq5YyYXbxZa5MON7L/PVivoRlPj5Z/t4RhqMhyfR7EPcZ516LJ8lXPTo8dE/bkOCS+kFBEYHvPEEKAyLs19sRcK37SeHjpX04zdg62nqtuRr00Tp7oeiTXA1xn5K5mxeAswotmd8CU0lWUcJuPBWQedo649b+L2cm52kTncOBI6YChAeyEc1PDF0Tn9FmpdOWKtI9efh+S3f8qkcVEtSTXoTeroBd31nzjAunMrZeM8Ut6dre+XeQQIjT7I8oEm+ZkIuIyq0x2fls8JXP2YJDWDqu8v1+yLGTQ3Z9XVt2lMti/7bIgYxS0JvwOr5n5L4IzKvhb4fm13LLDGFa3o7Nsfe3fPb882APE0bLFCmfyIeiPh7go70WqZHakpgIr6LCWTyePez9CsI/rfWDb6eAM8= generated-by-azure" - } - ] - }, - "nicConfigurations": { - "value": [ - { - "nicSuffix": "-nic-01", - "ipConfigurations": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "pipConfiguration": { - "publicIpNameSuffix": "-pip-01" - } - } - ] - } - ] - } - } -} diff --git a/modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep b/modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep deleted file mode 100644 index 6c73af97bc..0000000000 --- a/modules/Microsoft.EventHub/namespaces/networkRuleSets/deploy.bicep +++ /dev/null @@ -1,69 +0,0 @@ -@description('Conditional. The name of the parent event hub namespace. Required if the template is used in a standalone deployment.') -param namespaceName string - -@allowed([ - 'Enabled' - 'Disabled' -]) -@description('Optional. This determines if traffic is allowed over public network. Default it is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only.') -param publicNetworkAccess string = 'Enabled' - -@allowed([ - 'Allow' - 'Deny' -]) -@description('Optional. Default Action for Network Rule Set. Default is "Allow". Will be set to "Deny" if ipRules/virtualNetworkRules or are being used. If ipRules/virtualNetworkRules are not used and PublicNetworkAccess is set to "Disabled", setting this to "Deny" would render the namespace resources inaccessible for data-plane requests.') -param defaultAction string = 'Allow' - -@description('Optional. List of IpRules. When used, defaultAction will be set to "Deny" and publicNetworkAccess will be set to "Enabled".') -param ipRules array = [] - -@allowed([ - true - false -]) -@description('Optional. Value that indicates whether Trusted Service Access is Enabled or not. Default is "true".') -param trustedServiceAccessEnabled bool = true - -@description('Optional. List VirtualNetwork Rules. When used, defaultAction will be set to "Deny" and publicNetworkAccess will be set to "Enabled".') -param virtualNetworkRules array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.EventHub/namespaces@2021-11-01' existing = { - name: namespaceName -} - -resource networkRuleSet 'Microsoft.EventHub/namespaces/networkRuleSets@2021-11-01' = { - name: 'default' - parent: namespace - properties: { - publicNetworkAccess: !empty(ipRules) || !empty(virtualNetworkRules) ? null : publicNetworkAccess - defaultAction: !empty(ipRules) || !empty(virtualNetworkRules) ? 'Deny' : defaultAction - trustedServiceAccessEnabled: trustedServiceAccessEnabled - ipRules: publicNetworkAccess == 'Disabled' ? null : ipRules - virtualNetworkRules: publicNetworkAccess == 'Disabled' ? null : virtualNetworkRules - } -} - -@description('The name of the network rule set.') -output name string = networkRuleSet.name - -@description('The resource ID of the network rule set.') -output resourceId string = networkRuleSet.id - -@description('The name of the resource group the network rule set was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md b/modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md deleted file mode 100644 index eb37dbf124..0000000000 --- a/modules/Microsoft.EventHub/namespaces/networkRuleSets/readme.md +++ /dev/null @@ -1,83 +0,0 @@ -# EventHub Namespaces NetworkRuleSets `[Microsoft.EventHub/namespaces/networkRuleSets]` - -This module deploys EventHub Namespaces NetworkRuleSets. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.EventHub/namespaces/networkRuleSets` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/networkRuleSets) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". Will be set to "Deny" if ipRules/virtualNetworkRules or are being used. If ipRules/virtualNetworkRules are not used and PublicNetworkAccess is set to "Disabled", setting this to "Deny" would render the namespace resources inaccessible for data-plane requests. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipRules` | array | `[]` | | List of IpRules. When used, defaultAction will be set to "Deny" and publicNetworkAccess will be set to "Enabled". | -| `publicNetworkAccess` | string | `'Enabled'` | `[Enabled, Disabled]` | This determines if traffic is allowed over public network. Default it is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only. | -| `trustedServiceAccessEnabled` | bool | `True` | `[True, False]` | Value that indicates whether Trusted Service Access is Enabled or not. Default is "true". | -| `virtualNetworkRules` | array | `[]` | | List VirtualNetwork Rules. When used, defaultAction will be set to "Deny" and publicNetworkAccess will be set to "Enabled". | - - -### Parameter Usage: `` - -Contains an array of subnets that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. - -```json -"virtualNetworkRules": { - "value": [ - { - "ignoreMissingVnetServiceEndpoint": true, - "subnet": { - "id": "/subscriptions/<>/resourcegroups/<>/providers/Microsoft.Network/virtualNetworks/<>/subnets/<>" - } - }, - { - "ignoreMissingVnetServiceEndpoint": false, - "subnet": { - "id": "/subscriptions/<>/resourcegroups/<>/providers/Microsoft.Network/virtualNetworks/<>/subnets/<>" - } - } - ] -} -``` - -### Parameter Usage: `` - -Contains an array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. - -```json -"ipRules": { - "value": [ - { - "action": "Allow", - "ipMask": "a.b.c.d/e" - }, - { - "action": "Allow", - "ipMask": "x.x.x.x/x" - } - ] -} -``` - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the network rule set. | -| `resourceGroupName` | string | The name of the resource group the network rule set was created in. | -| `resourceId` | string | The resource ID of the network rule set. | diff --git a/modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json b/modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.EventHub/namespaces/networkRuleSets/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.EventHub/namespaces/readme.md b/modules/Microsoft.EventHub/namespaces/readme.md deleted file mode 100644 index a948d576a2..0000000000 --- a/modules/Microsoft.EventHub/namespaces/readme.md +++ /dev/null @@ -1,596 +0,0 @@ -# Event Hub Namespaces `[Microsoft.EventHub/namespaces]` - -This module deploys an event hub namespace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.EventHub/namespaces` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces) | -| `Microsoft.EventHub/namespaces/authorizationRules` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/authorizationRules) | -| `Microsoft.EventHub/namespaces/disasterRecoveryConfigs` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/disasterRecoveryConfigs) | -| `Microsoft.EventHub/namespaces/eventhubs` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs) | -| `Microsoft.EventHub/namespaces/eventhubs/authorizationRules` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs/authorizationRules) | -| `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs/consumergroups) | -| `Microsoft.EventHub/namespaces/networkRuleSets` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/networkRuleSets) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Authorization Rules for the Event Hub namespace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ArchiveLogs, OperationalLogs, AutoScaleLogs, KafkaCoordinatorLogs, KafkaUserErrorLogs, EventHubVNetConnectionEvent, CustomerManagedKeyUserLogs, RuntimeAuditLogs, ApplicationMetricsLogs]` | `[ArchiveLogs, OperationalLogs, AutoScaleLogs, KafkaCoordinatorLogs, KafkaUserErrorLogs, EventHubVNetConnectionEvent, CustomerManagedKeyUserLogs, RuntimeAuditLogs, ApplicationMetricsLogs]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disasterRecoveryConfig` | object | `{object}` | | The disaster recovery config for this namespace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `eventHubs` | _[eventHubs](eventHubs/readme.md)_ array | `[]` | | The event hubs to deploy into this namespace. | -| `isAutoInflateEnabled` | bool | `False` | | Switch to enable the Auto Inflate feature of Event Hub. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maximumThroughputUnits` | int | `1` | | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | -| `name` | string | `''` | | The name of the event hub namespace. If no name is provided, then unique name will be created. | -| `networkRuleSets` | _[networkRuleSets](networkRuleSets/readme.md)_ object | `{object}` | | Networks ACLs, this object contains IPs/Subnets to whitelist or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints.For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | Event Hub plan scale-out capacity of the resource. | -| `skuName` | string | `'Standard'` | `[Basic, Standard]` | event hub plan SKU name. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `False` | | Switch to make the Event Hub Namespace zone redundant. | - - -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -
- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the eventspace. | -| `resourceGroupName` | string | The resource group where the namespace is deployed. | -| `resourceId` | string | The resource ID of the eventspace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} -``` - -
- -
- -via Bicep module - -```bicep -module namespaces './Microsoft.EventHub/namespaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-namespaces' - params: { - - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-evnsp-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "authorizationRules": { - "value": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "SendListenAccess", - "rights": [ - "Listen", - "Send" - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "eventHubs": { - "value": [ - { - "name": "<>-az-evh-x-001" - }, - { - "name": "<>-az-evh-x-002", - "authorizationRules": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "SendListenAccess", - "rights": [ - "Listen", - "Send" - ] - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "messageRetentionInDays": 1, - "partitionCount": 2, - "status": "Active", - "captureDescriptionEnabled": true, - "captureDescriptionEncoding": "Avro", - "captureDescriptionIntervalInSeconds": 300, - "captureDescriptionSizeLimitInBytes": 314572800, - "captureDescriptionDestinationName": "EventHubArchive.AzureBlockBlob", - "captureDescriptionDestinationStorageAccountResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "captureDescriptionDestinationBlobContainer": "eventhub", - "captureDescriptionDestinationArchiveNameFormat": "{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}", - "captureDescriptionSkipEmptyArchives": true, - "consumerGroups": [ - { - "name": "custom", - "userMetadata": "customMetadata" - } - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "namespace" - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - }, - "networkRuleSets": { - "value": { - "defaultAction": "Deny", - "ipRules": [ - { - "action": "Allow", - "ipMask": "10.10.10.10" - } - ], - "virtualNetworkRules": [ - { - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - }, - "ignoreMissingVnetServiceEndpoint": true - } - ], - "trustedServiceAccessEnabled": false - } - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module namespaces './Microsoft.EventHub/namespaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-namespaces' - params: { - name: '<>-az-evnsp-x-001' - lock: 'CanNotDelete' - authorizationRules: [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - { - name: 'SendListenAccess' - rights: [ - 'Listen' - 'Send' - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - eventHubs: [ - { - name: '<>-az-evh-x-001' - } - { - name: '<>-az-evh-x-002' - authorizationRules: [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - { - name: 'SendListenAccess' - rights: [ - 'Listen' - 'Send' - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - messageRetentionInDays: 1 - partitionCount: 2 - status: 'Active' - captureDescriptionEnabled: true - captureDescriptionEncoding: 'Avro' - captureDescriptionIntervalInSeconds: 300 - captureDescriptionSizeLimitInBytes: 314572800 - captureDescriptionDestinationName: 'EventHubArchive.AzureBlockBlob' - captureDescriptionDestinationStorageAccountResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - captureDescriptionDestinationBlobContainer: 'eventhub' - captureDescriptionDestinationArchiveNameFormat: '{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}' - captureDescriptionSkipEmptyArchives: true - consumerGroups: [ - { - name: 'custom' - userMetadata: 'customMetadata' - } - ] - } - ] - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'namespace' - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - systemAssignedIdentity: true - networkRuleSets: { - defaultAction: 'Deny' - ipRules: [ - { - action: 'Allow' - ipMask: '10.10.10.10' - } - ] - virtualNetworkRules: [ - { - subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - } - ignoreMissingVnetServiceEndpoint: true - } - ] - trustedServiceAccessEnabled: false - } - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - } -} -``` - -
-

diff --git a/modules/Microsoft.EventHub/namespaces/version.json b/modules/Microsoft.EventHub/namespaces/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.EventHub/namespaces/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 7895eb9e5a..0000000000 --- a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource healthBot 'Microsoft.HealthBot/healthBots@2021-06-10' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(healthBot.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: healthBot -}] diff --git a/modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json b/modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json deleted file mode 100644 index fef2b742de..0000000000 --- a/modules/Microsoft.HealthBot/healthBots/.deploymentTests/parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ahb-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.HealthBot/healthBots/deploy.bicep b/modules/Microsoft.HealthBot/healthBots/deploy.bicep deleted file mode 100644 index b4de7ab9c6..0000000000 --- a/modules/Microsoft.HealthBot/healthBots/deploy.bicep +++ /dev/null @@ -1,79 +0,0 @@ -@description('Required. Name of the resource.') -param name string - -@description('Optional. The resource model definition representing SKU.') -param sku string = 'F0' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource azureHealthBot 'Microsoft.HealthBot/healthBots@2020-12-08' = { - name: name - location: location - tags: tags - sku: { - name: sku - } - properties: {} -} - -resource azureHealthBot_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${azureHealthBot.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: azureHealthBot -} - -module healthBot_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-HealthBot-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: azureHealthBot.id - } -}] - -@description('The resource group the health bot was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the health bot.') -output name string = azureHealthBot.name - -@description('The resource ID of the health bot.') -output resourceId string = azureHealthBot.id - -@description('The location the resource was deployed into.') -output location string = azureHealthBot.location diff --git a/modules/Microsoft.HealthBot/healthBots/readme.md b/modules/Microsoft.HealthBot/healthBots/readme.md deleted file mode 100644 index 7b1074bea1..0000000000 --- a/modules/Microsoft.HealthBot/healthBots/readme.md +++ /dev/null @@ -1,205 +0,0 @@ -# Azure Health Bots `[Microsoft.HealthBot/healthBots]` - -This module deploys an Azure Health Bot. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.HealthBot/healthBots` | [2020-12-08](https://docs.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2020-12-08/healthBots) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the resource. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'F0'` | | The resource model definition representing SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the health bot. | -| `resourceGroupName` | string | The resource group the health bot was deployed into. | -| `resourceId` | string | The resource ID of the health bot. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ahb-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module healthBots './Microsoft.HealthBot/healthBots/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-healthBots' - params: { - name: '<>-az-ahb-x-001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.HealthBot/healthBots/version.json b/modules/Microsoft.HealthBot/healthBots/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.HealthBot/healthBots/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 476058f9a4..0000000000 --- a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f353d9bd-d4a6-484e-a77a-8050b599b867') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(actionGroup.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: actionGroup -}] diff --git a/modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json b/modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json deleted file mode 100644 index 32c9e76062..0000000000 --- a/modules/Microsoft.Insights/actionGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ag-x-001" - }, - "groupShortName": { - "value": "azagweux001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "emailReceivers": { - "value": [ - { - "name": "TestUser_-EmailAction-", - "emailAddress": "test.user@testcompany.com", - "useCommonAlertSchema": true - }, - { - "name": "TestUser2", - "emailAddress": "test.user2@testcompany.com", - "useCommonAlertSchema": true - } - ] - }, - "smsReceivers": { - "value": [ - { - "name": "TestUser_-SMSAction-", - "countryCode": "1", - "phoneNumber": "2345678901" - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/actionGroups/deploy.bicep b/modules/Microsoft.Insights/actionGroups/deploy.bicep deleted file mode 100644 index fbb29d8d19..0000000000 --- a/modules/Microsoft.Insights/actionGroups/deploy.bicep +++ /dev/null @@ -1,105 +0,0 @@ -@description('Required. The name of the action group.') -param name string - -@description('Required. The short name of the action group.') -param groupShortName string - -@description('Optional. Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications.') -param enabled bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. The list of email receivers that are part of this action group.') -param emailReceivers array = [] - -@description('Optional. The list of SMS receivers that are part of this action group.') -param smsReceivers array = [] - -@description('Optional. The list of webhook receivers that are part of this action group.') -param webhookReceivers array = [] - -@description('Optional. The list of ITSM receivers that are part of this action group.') -param itsmReceivers array = [] - -@description('Optional. The list of AzureAppPush receivers that are part of this action group.') -param azureAppPushReceivers array = [] - -@description('Optional. The list of AutomationRunbook receivers that are part of this action group.') -param automationRunbookReceivers array = [] - -@description('Optional. The list of voice receivers that are part of this action group.') -param voiceReceivers array = [] - -@description('Optional. The list of logic app receivers that are part of this action group.') -param logicAppReceivers array = [] - -@description('Optional. The list of function receivers that are part of this action group.') -param azureFunctionReceivers array = [] - -@description('Optional. The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported.') -param armRoleReceivers array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Location for all resources.') -param location string = 'global' - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' = { - name: name - location: location - tags: tags - properties: { - groupShortName: groupShortName - enabled: enabled - emailReceivers: (empty(emailReceivers) ? null : emailReceivers) - smsReceivers: (empty(smsReceivers) ? null : smsReceivers) - webhookReceivers: (empty(webhookReceivers) ? null : webhookReceivers) - itsmReceivers: (empty(itsmReceivers) ? null : itsmReceivers) - azureAppPushReceivers: (empty(azureAppPushReceivers) ? null : azureAppPushReceivers) - automationRunbookReceivers: (empty(automationRunbookReceivers) ? null : automationRunbookReceivers) - voiceReceivers: (empty(voiceReceivers) ? null : voiceReceivers) - logicAppReceivers: (empty(logicAppReceivers) ? null : logicAppReceivers) - azureFunctionReceivers: (empty(azureFunctionReceivers) ? null : azureFunctionReceivers) - armRoleReceivers: (empty(armRoleReceivers) ? null : armRoleReceivers) - } -} - -module actionGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ActionGroup-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: actionGroup.id - } -}] - -@description('The resource group the action group was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the action group .') -output name string = actionGroup.name - -@description('The resource ID of the action group .') -output resourceId string = actionGroup.id - -@description('The location the resource was deployed into.') -output location string = actionGroup.location diff --git a/modules/Microsoft.Insights/actionGroups/readme.md b/modules/Microsoft.Insights/actionGroups/readme.md deleted file mode 100644 index 5b8e41406c..0000000000 --- a/modules/Microsoft.Insights/actionGroups/readme.md +++ /dev/null @@ -1,333 +0,0 @@ -# Action Groups `[Microsoft.Insights/actionGroups]` - -This module deploys an Action Group. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `microsoft.insights/actionGroups` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-06-01/actionGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `groupShortName` | string | The short name of the action group. | -| `name` | string | The name of the action group. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `armRoleReceivers` | array | `[]` | The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. | -| `automationRunbookReceivers` | array | `[]` | The list of AutomationRunbook receivers that are part of this action group. | -| `azureAppPushReceivers` | array | `[]` | The list of AzureAppPush receivers that are part of this action group. | -| `azureFunctionReceivers` | array | `[]` | The list of function receivers that are part of this action group. | -| `emailReceivers` | array | `[]` | The list of email receivers that are part of this action group. | -| `enabled` | bool | `True` | Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `itsmReceivers` | array | `[]` | The list of ITSM receivers that are part of this action group. | -| `location` | string | `'global'` | Location for all resources. | -| `logicAppReceivers` | array | `[]` | The list of logic app receivers that are part of this action group. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smsReceivers` | array | `[]` | The list of SMS receivers that are part of this action group. | -| `tags` | object | `{object}` | Tags of the resource. | -| `voiceReceivers` | array | `[]` | The list of voice receivers that are part of this action group. | -| `webhookReceivers` | array | `[]` | The list of webhook receivers that are part of this action group. | - - -### Parameter Usage: receivers - -See [Documentation](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-06-01/actiongroups) for description of parameters usage and syntax. - -

- -Parameter JSON file - -```json -"emailReceivers": { - "value": [ - { - "name": "TestUser_-EmailAction-", - "emailAddress": "test.user@testcompany.com", - "useCommonAlertSchema": true - }, - { - "name": "TestUser2", - "emailAddress": "test.user2@testcompany.com", - "useCommonAlertSchema": true - } - ] -}, -"smsReceivers": { - "value": [ - { - "name": "TestUser_-SMSAction-", - "countryCode": "1", - "phoneNumber": "2345678901" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -emailReceivers: [ - { - name: 'TestUser_-EmailAction-' - emailAddress: 'test.user@testcompany.com' - useCommonAlertSchema: true - } - { - name: 'TestUser2' - emailAddress: 'test.user2@testcompany.com' - useCommonAlertSchema: true - } -] -smsReceivers: [ - { - name: 'TestUser_-SMSAction-' - countryCode: '1' - phoneNumber: '2345678901' - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Additional notes on parameters - -- Receiver name must be unique across the ActionGroup -- Email, SMS, Azure App push and Voice can be grouped in the same Action. To do so, the `name` field of the receivers must be in the `RecName_-ActionType-` format where: - - _RecName_ is the name you want to give to the Action - - _ActionType_ is one of the action types that can be grouped together. Possible values are: - - EmailAction - - SMSAction - - AzureAppAction - - VoiceAction -- To understand the impact of the `useCommonAlertSchema` field, see [here](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-common-schema) - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the action group . | -| `resourceGroupName` | string | The resource group the action group was deployed into. | -| `resourceId` | string | The resource ID of the action group . | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ag-x-001" - }, - "groupShortName": { - "value": "azagweux001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "emailReceivers": { - "value": [ - { - "name": "TestUser_-EmailAction-", - "emailAddress": "test.user@testcompany.com", - "useCommonAlertSchema": true - }, - { - "name": "TestUser2", - "emailAddress": "test.user2@testcompany.com", - "useCommonAlertSchema": true - } - ] - }, - "smsReceivers": { - "value": [ - { - "name": "TestUser_-SMSAction-", - "countryCode": "1", - "phoneNumber": "2345678901" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module actionGroups './Microsoft.Insights/actionGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-actionGroups' - params: { - name: '<>-az-ag-x-001' - groupShortName: 'azagweux001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - emailReceivers: [ - { - name: 'TestUser_-EmailAction-' - emailAddress: 'test.user@testcompany.com' - useCommonAlertSchema: true - } - { - name: 'TestUser2' - emailAddress: 'test.user2@testcompany.com' - useCommonAlertSchema: true - } - ] - smsReceivers: [ - { - name: 'TestUser_-SMSAction-' - countryCode: '1' - phoneNumber: '2345678901' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/actionGroups/version.json b/modules/Microsoft.Insights/actionGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/actionGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 5694033cdc..0000000000 --- a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f353d9bd-d4a6-484e-a77a-8050b599b867') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(activityLogAlert.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: activityLogAlert -}] diff --git a/modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json b/modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json deleted file mode 100644 index 8d7e3e6581..0000000000 --- a/modules/Microsoft.Insights/activityLogAlerts/.deploymentTests/parameters.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ala-x-001" - }, - "scopes": { - "value": [ - "/subscriptions/<>" - ] - }, - "conditions": { - "value": [ - { - "field": "category", - "equals": "Administrative" - }, - { - "field": "resourceType", - "equals": "microsoft.compute/virtualmachines" - }, - { - "field": "operationName", - "equals": "Microsoft.Compute/virtualMachines/performMaintenance/action" - } - ] - }, - "actions": { - "value": [ - { - "actionGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep b/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep deleted file mode 100644 index caab86e9f7..0000000000 --- a/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep +++ /dev/null @@ -1,88 +0,0 @@ -@description('Required. The name of the alert.') -param name string - -@description('Optional. Description of the alert.') -param alertDescription string = '' - -@description('Optional. Location for all resources.') -param location string = 'global' - -@description('Optional. Indicates whether this alert is enabled.') -param enabled bool = true - -@description('Required. the list of resource IDs that this metric alert is scoped to.') -param scopes array = [ - subscription().id -] - -@description('Optional. The list of actions to take when alert triggers.') -param actions array = [] - -@description('Required. The condition that will cause this alert to activate. Array of objects.') -param conditions array - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var actionGroups = [for action in actions: { - actionGroupId: contains(action, 'actionGroupId') ? action.actionGroupId : action - webhookProperties: contains(action, 'webhookProperties') ? action.webhookProperties : null -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' = { - name: name - location: location - tags: tags - properties: { - scopes: scopes - condition: { - allOf: conditions - } - actions: { - actionGroups: actionGroups - } - enabled: enabled - description: alertDescription - } -} - -module activityLogAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ActivityLogAlert-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: activityLogAlert.id - } -}] - -@description('The name of the activity log alert.') -output name string = activityLogAlert.name - -@description('The resource ID of the activity log alert.') -output resourceId string = activityLogAlert.id - -@description('The resource group the activity log alert was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = activityLogAlert.location diff --git a/modules/Microsoft.Insights/activityLogAlerts/readme.md b/modules/Microsoft.Insights/activityLogAlerts/readme.md deleted file mode 100644 index a8a08e68b0..0000000000 --- a/modules/Microsoft.Insights/activityLogAlerts/readme.md +++ /dev/null @@ -1,499 +0,0 @@ -# Activity Log Alerts `[Microsoft.Insights/activityLogAlerts]` - -This module deploys an Alert based on Activity Log. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/activityLogAlerts` | [2020-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `conditions` | array | | The condition that will cause this alert to activate. Array of objects. | -| `name` | string | | The name of the alert. | -| `scopes` | array | `[[subscription().id]]` | the list of resource IDs that this metric alert is scoped to. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | The list of actions to take when alert triggers. | -| `alertDescription` | string | `''` | Description of the alert. | -| `enabled` | bool | `True` | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `'global'` | Location for all resources. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | Tags of the resource. | - - -### Parameter Usage: actions - -

- -Parameter JSON format - -```json -"actions": { - "value": [ - { - "actionGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/actionGroupName", - "webhookProperties": {} - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -actions: [ - { - actionGroupId: '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/actionGroupName' - webhookProperties: {} - } -] -``` - -
-

- -`webhookProperties` is optional. - -If you do only want to provide actionGroupIds, a shorthand use of the parameter is available. - -

- -Parameter JSON format - -```json -"actions": { - "value": [ - "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/actionGroupName" - ] -} -``` - -
- -
- -Bicep format - -```bicep -actions: [ - '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/actionGroupName' -] -``` - -
-

- -### Parameter Usage: conditions - -**Conditions can also be combined with logical operators `allOf` and `anyOf`** - - -

- -Parameter JSON format - -```json -{ - "field": "string", - "equals": "string", - "containsAny": "array" -} -``` - -
- -
- -Bicep format - -```bicep -{ - field: 'string' - equals: 'string' - containsAny: 'array' -} -``` - -
-

- -Each condition can specify only one field between `equals` and `containsAny`. - -| Parameter Name | Type | Possible values | Description | -| :------------- | :--------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------- | -| `field` | string | `resourceId`,
`category`,
`caller`,
`level`,
`operationName`,
`resourceGroup`,
`resourceProvider`,
`status`,
`subStatus`,
`resourceType`,
or anything beginning with `properties.` | Required. The name of the field that this condition will examine. | -| `equals` | string | | Optional (Alternative to `containsAny`). The value to confront with. | -| `containsAny` | array of strings | | Optional (Alternative to `equals`). Condition will be satisfied if value of the field in the event is within one of the specified here. | - -**Sample** - -
- -Parameter JSON format - -```json -"conditions": { - "value": [ - { - "field": "category", - "equals": "Administrative" - }, - { - "field": "resourceType", - "equals": "microsoft.compute/virtualmachines" - }, - { - "field": "operationName", - "equals": "Microsoft.Compute/virtualMachines/performMaintenance/action" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -conditions: [ - { - field: 'category' - equals: 'Administrative' - } - { - field: 'resourceType' - equals: 'microsoft.compute/virtualmachines' - } - { - field: 'operationName' - equals: 'Microsoft.Compute/virtualMachines/performMaintenance/action' - } -] -``` - -
-

- -**Sample 2** - -

- -Parameter JSON format - -```json -"conditions":{ - "value": [ - { - "field": "category", - "equals": "ServiceHealth" - }, - { - "anyOf": [ - { - "field": "properties.incidentType", - "equals": "Incident" - }, - { - "field": "properties.incidentType", - "equals": "Maintenance" - } - ] - }, - { - "field": "properties.impactedServices[*].ServiceName", - "containsAny": [ - "Action Groups", - "Activity Logs & Alerts" - ] - }, - { - "field": "properties.impactedServices[*].ImpactedRegions[*].RegionName", - "containsAny": [ - "West Europe", - "Global" - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -conditions: [ - { - field: 'category' - equals: 'ServiceHealth' - } - { - anyOf: [ - { - field: 'properties.incidentType' - equals: 'Incident' - } - { - field: 'properties.incidentType' - equals: 'Maintenance' - } - ] - } - { - field: 'properties.impactedServices[*].ServiceName' - containsAny: [ - 'Action Groups' - 'Activity Logs & Alerts' - ] - } - { - field: 'properties.impactedServices[*].ImpactedRegions[*].RegionName' - containsAny: [ - 'West Europe' - 'Global' - ] - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the activity log alert. | -| `resourceGroupName` | string | The resource group the activity log alert was deployed into. | -| `resourceId` | string | The resource ID of the activity log alert. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ala-x-001" - }, - "scopes": { - "value": [ - "/subscriptions/<>" - ] - }, - "conditions": { - "value": [ - { - "field": "category", - "equals": "Administrative" - }, - { - "field": "resourceType", - "equals": "microsoft.compute/virtualmachines" - }, - { - "field": "operationName", - "equals": "Microsoft.Compute/virtualMachines/performMaintenance/action" - } - ] - }, - "actions": { - "value": [ - { - "actionGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module activityLogAlerts './Microsoft.Insights/activityLogAlerts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-activityLogAlerts' - params: { - name: '<>-az-ala-x-001' - scopes: [ - '/subscriptions/<>' - ] - conditions: [ - { - field: 'category' - equals: 'Administrative' - } - { - field: 'resourceType' - equals: 'microsoft.compute/virtualmachines' - } - { - field: 'operationName' - equals: 'Microsoft.Compute/virtualMachines/performMaintenance/action' - } - ] - actions: [ - { - actionGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/activityLogAlerts/version.json b/modules/Microsoft.Insights/activityLogAlerts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/activityLogAlerts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b95fcf74f1..0000000000 --- a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,57 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Application Insights Component Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e') - 'Application Insights Snapshot Debugger': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '08954f03-6346-4c2e-81c0-ec3a5cfae23b') - 'Data Purger': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '150f5e0c-0603-4f03-8c7f-cf70034c4e90') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') -} - -resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(appInsights.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: appInsights -}] diff --git a/modules/Microsoft.Insights/components/.deploymentTests/parameters.json b/modules/Microsoft.Insights/components/.deploymentTests/parameters.json deleted file mode 100644 index 636d9f6c7d..0000000000 --- a/modules/Microsoft.Insights/components/.deploymentTests/parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appi-x-001" - }, - "workspaceResourceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-appi-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/components/deploy.bicep b/modules/Microsoft.Insights/components/deploy.bicep deleted file mode 100644 index 3bdc2f9f3d..0000000000 --- a/modules/Microsoft.Insights/components/deploy.bicep +++ /dev/null @@ -1,116 +0,0 @@ -@description('Required. Name of the Application Insights.') -param name string - -@description('Optional. Application type.') -@allowed([ - 'web' - 'other' -]) -param appInsightsType string = 'web' - -@description('Required. Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property.') -param workspaceResourceId string - -@description('Optional. The network access type for accessing Application Insights ingestion. - Enabled or Disabled.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param publicNetworkAccessForIngestion string = 'Enabled' - -@description('Optional. The network access type for accessing Application Insights query. - Enabled or Disabled.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param publicNetworkAccessForQuery string = 'Enabled' - -@description('Optional. Retention period in days.') -@allowed([ - 30 - 60 - 90 - 120 - 180 - 270 - 365 - 550 - 730 -]) -param retentionInDays int = 365 - -@description('Optional. Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry.') -@minValue(0) -@maxValue(100) -param samplingPercentage int = 100 - -@description('Optional. The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone.') -param kind string = '' - -@description('Optional. Location for all Resources.') -param location string = resourceGroup().location - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource appInsights 'Microsoft.Insights/components@2020-02-02' = { - name: name - location: location - tags: tags - kind: kind - properties: { - Application_Type: appInsightsType - WorkspaceResourceId: workspaceResourceId - publicNetworkAccessForIngestion: publicNetworkAccessForIngestion - publicNetworkAccessForQuery: publicNetworkAccessForQuery - RetentionInDays: retentionInDays - SamplingPercentage: samplingPercentage - } -} - -module appInsights_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppInsights-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: appInsights.id - } -}] - -@description('The name of the application insights component.') -output name string = appInsights.name - -@description('The resource ID of the application insights component.') -output resourceId string = appInsights.id - -@description('The resource group the application insights component was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The application ID of the application insights component.') -output applicationId string = appInsights.properties.AppId - -@description('The location the resource was deployed into.') -output location string = appInsights.location - -@description('Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component.') -output instrumentationKey string = appInsights.properties.InstrumentationKey diff --git a/modules/Microsoft.Insights/components/readme.md b/modules/Microsoft.Insights/components/readme.md deleted file mode 100644 index 0a42f4eda2..0000000000 --- a/modules/Microsoft.Insights/components/readme.md +++ /dev/null @@ -1,209 +0,0 @@ -# Application Insights `[Microsoft.Insights/components]` - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/components` | [2020-02-02](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Insights. | -| `workspaceResourceId` | string | Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appInsightsType` | string | `'web'` | `[web, other]` | Application type. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `kind` | string | `''` | | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Enabled, Disabled]` | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. | -| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Enabled, Disabled]` | The network access type for accessing Application Insights query. - Enabled or Disabled. | -| `retentionInDays` | int | `365` | `[30, 60, 90, 120, 180, 270, 365, 550, 730]` | Retention period in days. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `samplingPercentage` | int | `100` | | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationId` | string | The application ID of the application insights component. | -| `instrumentationKey` | string | Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application insights component. | -| `resourceGroupName` | string | The resource group the application insights component was deployed into. | -| `resourceId` | string | The resource ID of the application insights component. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appi-x-001" - }, - "workspaceResourceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-appi-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module components './Microsoft.Insights/components/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-components' - params: { - name: '<>-az-appi-x-001' - workspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-appi-001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/components/version.json b/modules/Microsoft.Insights/components/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/components/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json b/modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json deleted file mode 100644 index 2e1d38512a..0000000000 --- a/modules/Microsoft.Insights/diagnosticSettings/.deploymentTests/parameters.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-diag-x-001" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep b/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep deleted file mode 100644 index 7e312945b2..0000000000 --- a/modules/Microsoft.Insights/diagnosticSettings/deploy.bicep +++ /dev/null @@ -1,93 +0,0 @@ -targetScope = 'subscription' - -@description('Optional. Name of the ActivityLog diagnostic settings.') -@minLength(1) -@maxLength(260) -param name string = '${uniqueString(subscription().id)}-ActivityLog' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'Administrative' - 'Security' - 'ServiceHealth' - 'Alert' - 'Recommendation' - 'Policy' - 'Autoscale' - 'ResourceHealth' -]) -param diagnosticLogCategoriesToEnable array = [ - 'Administrative' - 'Security' - 'ServiceHealth' - 'Alert' - 'Recommendation' - 'Policy' - 'Autoscale' - 'ResourceHealth' -] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@sys.description('Optional. Location deployment metadata.') -param location string = deployment().location - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource diagnosticSetting 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { - name: name - properties: { - storageAccountId: (empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId) - workspaceId: (empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId) - eventHubAuthorizationRuleId: (empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId) - eventHubName: (empty(diagnosticEventHubName) ? null : diagnosticEventHubName) - logs: ((empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName)) ? null : diagnosticsLogs) - } -} - -@description('The name of the diagnostic settings.') -output name string = diagnosticSetting.name - -@description('The resource ID of the diagnostic settings.') -output resourceId string = diagnosticSetting.id - -@description('The name of the subscription to deploy into.') -output subscriptionName string = subscription().displayName diff --git a/modules/Microsoft.Insights/diagnosticSettings/readme.md b/modules/Microsoft.Insights/diagnosticSettings/readme.md deleted file mode 100644 index 23fedd6bec..0000000000 --- a/modules/Microsoft.Insights/diagnosticSettings/readme.md +++ /dev/null @@ -1,98 +0,0 @@ -# Activity Logs `[Microsoft.Insights/diagnosticSettings]` - -This module deploys a subscription wide export of the activity log. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | `[Administrative, Security, ServiceHealth, Alert, Recommendation, Policy, Autoscale, ResourceHealth]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Name of the ActivityLog diagnostic settings. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the diagnostic settings. | -| `resourceId` | string | The resource ID of the diagnostic settings. | -| `subscriptionName` | string | The name of the subscription to deploy into. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-diag-x-001" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module diagnosticSettings './Microsoft.Insights/diagnosticSettings/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-diagnosticSettings' - params: { - name: '<>-az-diag-x-001' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/diagnosticSettings/version.json b/modules/Microsoft.Insights/diagnosticSettings/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/diagnosticSettings/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index ec5e914fc0..0000000000 --- a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,57 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Application Insights Component Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e') - 'Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f353d9bd-d4a6-484e-a77a-8050b599b867') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Logic App Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(metricAlert.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: metricAlert -}] diff --git a/modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json b/modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json deleted file mode 100644 index bbe65cdaea..0000000000 --- a/modules/Microsoft.Insights/metricAlerts/.deploymentTests/parameters.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ma-x-001" - }, - "windowSize": { - "value": "PT15M" - }, - "actions": { - "value": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001" - ] - }, - "targetResourceType": { - "value": "microsoft.compute/virtualmachines" - }, - "targetResourceRegion": { - "value": "westeurope" - }, - "criterias": { - "value": [ - { - "criterionType": "StaticThresholdCriterion", - "metricName": "Percentage CPU", - "metricNamespace": "microsoft.compute/virtualmachines", - "name": "HighCPU", - "operator": "GreaterThan", - "threshold": "90", - "timeAggregation": "Average" - } - ] - }, - "alertCriteriaType": { - "value": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/metricAlerts/deploy.bicep b/modules/Microsoft.Insights/metricAlerts/deploy.bicep deleted file mode 100644 index 14edcd37bf..0000000000 --- a/modules/Microsoft.Insights/metricAlerts/deploy.bicep +++ /dev/null @@ -1,143 +0,0 @@ -@description('Required. The name of the alert.') -param name string - -@description('Optional. Description of the alert.') -param alertDescription string = '' - -@description('Optional. Location for all resources.') -param location string = 'global' - -@description('Optional. Indicates whether this alert is enabled.') -param enabled bool = true - -@description('Optional. The severity of the alert.') -@allowed([ - 0 - 1 - 2 - 3 - 4 -]) -param severity int = 3 - -@description('Optional. how often the metric alert is evaluated represented in ISO 8601 duration format.') -@allowed([ - 'PT1M' - 'PT5M' - 'PT15M' - 'PT30M' - 'PT1H' -]) -param evaluationFrequency string = 'PT5M' - -@description('Optional. the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold.') -@allowed([ - 'PT1M' - 'PT5M' - 'PT15M' - 'PT30M' - 'PT1H' - 'PT6H' - 'PT12H' - 'P1D' -]) -param windowSize string = 'PT15M' - -@description('Optional. the list of resource IDs that this metric alert is scoped to.') -param scopes array = [ - subscription().id -] - -@description('Conditional. The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria.') -param targetResourceType string = '' - -@description('Conditional. The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria.') -param targetResourceRegion string = '' - -@description('Optional. The flag that indicates whether the alert should be auto resolved or not.') -param autoMitigate bool = true - -@description('Optional. The list of actions to take when alert triggers.') -param actions array = [] - -@description('Optional. Maps to the \'odata.type\' field. Specifies the type of the alert criteria.') -@allowed([ - 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' - 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' - 'Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria' -]) -param alertCriteriaType string = 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' - -@description('Required. Criterias to trigger the alert. Array of \'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria\' or \'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria\' objects.') -param criterias array - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var actionGroups = [for action in actions: { - actionGroupId: contains(action, 'actionGroupId') ? action.actionGroupId : action - webHookProperties: contains(action, 'webHookProperties') ? action.webHookProperties : null -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' = { - name: name - location: location - tags: tags - properties: { - description: alertDescription - severity: severity - enabled: enabled - scopes: scopes - evaluationFrequency: evaluationFrequency - windowSize: windowSize - targetResourceType: targetResourceType - targetResourceRegion: targetResourceRegion - criteria: { - 'odata.type': any(alertCriteriaType) - allOf: criterias - } - autoMitigate: autoMitigate - actions: actionGroups - } -} - -module metricAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-MetricAlert-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: metricAlert.id - } -}] - -@description('The resource group the metric alert was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the metric alert.') -output name string = metricAlert.name - -@description('The resource ID of the metric alert.') -output resourceId string = metricAlert.id - -@description('The location the resource was deployed into.') -output location string = metricAlert.location diff --git a/modules/Microsoft.Insights/metricAlerts/readme.md b/modules/Microsoft.Insights/metricAlerts/readme.md deleted file mode 100644 index 21e7b39971..0000000000 --- a/modules/Microsoft.Insights/metricAlerts/readme.md +++ /dev/null @@ -1,478 +0,0 @@ -# Metric Alerts `[Microsoft.Insights/metricAlerts]` - -This module deploys an alert based on metrics. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/metricAlerts` | [2018-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `criterias` | array | Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. | -| `name` | string | The name of the alert. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `targetResourceRegion` | string | `''` | The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | -| `targetResourceType` | string | `''` | The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | The list of actions to take when alert triggers. | -| `alertCriteriaType` | string | `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` | `[Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria]` | Maps to the 'odata.type' field. Specifies the type of the alert criteria. | -| `alertDescription` | string | `''` | | Description of the alert. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be auto resolved or not. | -| `enabled` | bool | `True` | | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `evaluationFrequency` | string | `'PT5M'` | `[PT1M, PT5M, PT15M, PT30M, PT1H]` | how often the metric alert is evaluated represented in ISO 8601 duration format. | -| `location` | string | `'global'` | | Location for all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopes` | array | `[[subscription().id]]` | | the list of resource IDs that this metric alert is scoped to. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | The severity of the alert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `windowSize` | string | `'PT15M'` | `[PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H, P1D]` | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | - - -### Parameter Usage: actions - -

- -Parameter JSON format - -```json -"actions": { - "value": [ - { - "actionGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/ActionGroupName", - "webhookProperties": {} - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -actions: [ - { - actionGroupId: '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/ActionGroupName' - webhookProperties: {} - } -] -``` - -
-

- -`webhookProperties` is optional. - -If you do only want to provide actionGroupIds, a shorthand use of the parameter is available. - -

- -Parameter JSON format - -```json -"actions": { - "value": [ - "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rgName/providers/microsoft.insights/actiongroups/actionGroupName" - ] -} -``` - -
- - -
- -Bicep format - -```bicep - - -``` - -
- -### Parameter Usage: `criteria` - -**SingleResourceMultipleMetricCriteria** - - -
- -Parameter JSON format - -```json -{ - "criterionType": "string", - "dimensions": [], - "metricName": "string", - "metricNamespace": "string", - "name": "string", - "operator": "string", - "threshold": "integer", - "timeAggregation": "string" -} -``` - -
- - -
- -Bicep format - -```bicep -{ - criterionType: 'string' - dimensions: [] - metricName: 'string' - metricNamespace: 'string' - name: 'string' - operator: 'string' - threshold: 'integer' - timeAggregation: 'string' -} -``` - -
-

- -**MultipleResourceMultipleMetricCriteria** - -

- -Parameter JSON format - -```json -{ - "criterionType": "string", - "dimensions": [], - "metricName": "string", - "metricNamespace": "string", - "name": "string", - "operator": "string", - "threshold": "integer", - "timeAggregation": "string", - "alertSensitivity": "string", - "failingPeriods": { - "minFailingPeriodsToAlert": "integer", - "numberOfEvaluationPeriods": "integer" - }, - "ignoreDataBefore": "string" -} -``` - -
- - -
- -Bicep format - -```bicep -{ - criterionType: 'string' - dimensions: [] - metricName: 'string' - metricNamespace: 'string' - name: 'string' - operator: 'string' - threshold: 'integer' - timeAggregation: 'string' - alertSensitivity: 'string' - failingPeriods: { - minFailingPeriodsToAlert: 'integer' - numberOfEvaluationPeriods: 'integer' - } - ignoreDataBefore: 'string' -} -``` - -
-

- -**Sample** -The following sample can be use both for Single and Multiple criteria. The other parameters are optional. - -

- -Parameter JSON format - -```json -"criterias":{ - "value": [ - { - "criterionType": "StaticThresholdCriterion", - "metricName": "Percentage CPU", - "metricNamespace": "microsoft.compute/virtualmachines", - "name": "HighCPU", - "operator": "GreaterThan", - "threshold": "90", - "timeAggregation": "Average" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -criterias: [ - { - criterionType: 'StaticThresholdCriterion' - metricName: 'Percentage CPU' - metricNamespace: 'microsoft.compute/virtualmachines' - name: 'HighCPU' - operator: 'GreaterThan' - threshold: '90' - timeAggregation: 'Average' - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Additional notes on parameters - -- When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory (see above) -- MultipleResourceMultipleMetricCriteria is suggested, as additional scopes can be added later -- It's not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. Delete and re-create the alert. - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the metric alert. | -| `resourceGroupName` | string | The resource group the metric alert was deployed into. | -| `resourceId` | string | The resource ID of the metric alert. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ma-x-001" - }, - "windowSize": { - "value": "PT15M" - }, - "actions": { - "value": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001" - ] - }, - "targetResourceType": { - "value": "microsoft.compute/virtualmachines" - }, - "targetResourceRegion": { - "value": "westeurope" - }, - "criterias": { - "value": [ - { - "criterionType": "StaticThresholdCriterion", - "metricName": "Percentage CPU", - "metricNamespace": "microsoft.compute/virtualmachines", - "name": "HighCPU", - "operator": "GreaterThan", - "threshold": "90", - "timeAggregation": "Average" - } - ] - }, - "alertCriteriaType": { - "value": "Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module metricAlerts './Microsoft.Insights/metricAlerts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-metricAlerts' - params: { - name: '<>-az-ma-x-001' - windowSize: 'PT15M' - actions: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/microsoft.insights/actiongroups/adp-<>-az-ag-x-001' - ] - targetResourceType: 'microsoft.compute/virtualmachines' - targetResourceRegion: 'westeurope' - criterias: [ - { - criterionType: 'StaticThresholdCriterion' - metricName: 'Percentage CPU' - metricNamespace: 'microsoft.compute/virtualmachines' - name: 'HighCPU' - operator: 'GreaterThan' - threshold: '90' - timeAggregation: 'Average' - } - ] - alertCriteriaType: 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/metricAlerts/version.json b/modules/Microsoft.Insights/metricAlerts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/metricAlerts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 71c903ae40..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-preview' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(privateLinkScope.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: privateLinkScope -}] diff --git a/modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json b/modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json deleted file mode 100644 index 8bfe5c1638..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/.deploymentTests/parameters.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pls-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "scopedResources": { - "value": [ - { - "name": "scoped1", - "linkedResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "azuremonitor" - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep deleted file mode 100644 index 2b56092e8c..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ /dev/null @@ -1,112 +0,0 @@ -@description('Required. Name of the private link scope.') -@minLength(1) -param name string - -@description('Optional. The location of the private link scope. Should be global.') -param location string = 'global' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Configuration Details for Azure Monitor Resources.') -param scopedResources array = [] - -@description('Optional. Configuration Details for private endpoints.') -param privateEndpoints array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-preview' = { - name: name - location: location - tags: tags - properties: {} -} - -module privateLinkScope_scopedResource 'scopedResources/deploy.bicep' = [for (scopedResource, index) in scopedResources: { - name: '${uniqueString(deployment().name, location)}-PvtLinkScope-ScopedRes-${index}' - params: { - name: scopedResource.name - privateLinkScopeName: privateLinkScope.name - linkedResourceId: scopedResource.linkedResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource privateLinkScope_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${privateLinkScope.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: privateLinkScope -} - -module privateLinkScope_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-PvtLinkScope-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(privateLinkScope.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: privateLinkScope.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -module privateLinkScope_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-PvtLinkScope-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: privateLinkScope.id - } -}] - -@description('The name of the private link scope.') -output name string = privateLinkScope.name - -@description('The resource ID of the private link scope.') -output resourceId string = privateLinkScope.id - -@description('The resource group the private link scope was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = privateLinkScope.location diff --git a/modules/Microsoft.Insights/privateLinkScopes/readme.md b/modules/Microsoft.Insights/privateLinkScopes/readme.md deleted file mode 100644 index 44835e37a8..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/readme.md +++ /dev/null @@ -1,314 +0,0 @@ -# Azure Monitor Private Link Scopes `[Microsoft.Insights/privateLinkScopes]` - -This module deploys an Azure Monitor Private Link Scope. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `microsoft.insights/privateLinkScopes` | [2019-10-17-preview](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) | -| `Microsoft.Insights/privateLinkScopes/scopedResources` | [2021-07-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the private link scope. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `'global'` | | The location of the private link scope. Should be global. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopedResources` | _[scopedResources](scopedResources/readme.md)_ array | `[]` | | Configuration Details for Azure Monitor Resources. | -| `tags` | object | `{object}` | | Resource tags. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link scope. | -| `resourceGroupName` | string | The resource group the private link scope was deployed into. | -| `resourceId` | string | The resource ID of the private link scope. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pls-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "scopedResources": { - "value": [ - { - "name": "scoped1", - "linkedResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "azuremonitor" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateLinkScopes './Microsoft.Insights/privateLinkScopes/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateLinkScopes' - params: { - name: '<>-az-pls-x-001' - lock: 'CanNotDelete' - scopedResources: [ - { - name: 'scoped1' - linkedResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'azuremonitor' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep deleted file mode 100644 index dda15be119..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/deploy.bicep +++ /dev/null @@ -1,46 +0,0 @@ -@description('Required. Name of the private link scoped resource.') -@minLength(1) -param name string - -@description('Conditional. The name of the parent private link scope. Required if the template is used in a standalone deployment.') -@minLength(1) -param privateLinkScopeName string - -@description('Required. The resource ID of the scoped Azure monitor resource.') -param linkedResourceId string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateLinkScope 'microsoft.insights/privateLinkScopes@2021-07-01-preview' existing = { - name: privateLinkScopeName -} - -resource scopedResource 'Microsoft.Insights/privateLinkScopes/scopedResources@2021-07-01-preview' = { - name: name - parent: privateLinkScope - properties: { - linkedResourceId: linkedResourceId - } -} - -@description('The name of the resource group where the resource has been deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the deployed scopedResource.') -output resourceId string = scopedResource.id - -@description('The full name of the deployed Scoped Resource.') -output name string = scopedResource.name diff --git a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md deleted file mode 100644 index 333341b563..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# Insights PrivateLinkScopes ScopedResources `[Microsoft.Insights/privateLinkScopes/scopedResources]` - -This module deploys Insights PrivateLinkScopes ScopedResources. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Insights/privateLinkScopes/scopedResources` | [2021-07-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `linkedResourceId` | string | The resource ID of the scoped Azure monitor resource. | -| `name` | string | Name of the private link scoped resource. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateLinkScopeName` | string | The name of the parent private link scope. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The full name of the deployed Scoped Resource. | -| `resourceGroupName` | string | The name of the resource group where the resource has been deployed. | -| `resourceId` | string | The resource ID of the deployed scopedResource. | diff --git a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json b/modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/scopedResources/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/privateLinkScopes/version.json b/modules/Microsoft.Insights/privateLinkScopes/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/privateLinkScopes/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 3c37c05305..0000000000 --- a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Application Insights Component Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e') - 'Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f353d9bd-d4a6-484e-a77a-8050b599b867') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource queryAlert 'microsoft.insights/scheduledQueryRules@2018-04-16' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(queryAlert.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: queryAlert -}] diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json b/modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json deleted file mode 100644 index 85cb87625b..0000000000 --- a/modules/Microsoft.Insights/scheduledQueryRules/.deploymentTests/parameters.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "myAlert01" - }, - "alertDescription": { - "value": "My sample Alert" - }, - "scopes": { - "value": [ - "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - ] - }, - "evaluationFrequency": { - "value": "PT5M" - }, - "windowSize": { - "value": "PT5M" - }, - "suppressForMinutes": { - "value": "PT5M" - }, - "queryTimeRange": { - "value": "PT5M" - }, - "autoMitigate": { - "value": false - }, - "criterias": { - "value": { - "allOf": [ - { - "query": "Perf | where ObjectName == \"LogicalDisk\" | where CounterName == \"% Free Space\" | where InstanceName <> \"HarddiskVolume1\" and InstanceName <> \"_Total\" | summarize AggregatedValue = min(CounterValue) by Computer, InstanceName, bin(TimeGenerated,5m)", - "timeAggregation": "Average", - "metricMeasureColumn": "AggregatedValue", - "dimensions": [ - { - "name": "Computer", - "operator": "Include", - "values": [ - "*" - ] - }, - { - "name": "InstanceName", - "operator": "Include", - "values": [ - "*" - ] - } - ], - "operator": "GreaterThan", - "threshold": 0 - } - ] - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep deleted file mode 100644 index f9313a62ff..0000000000 --- a/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep +++ /dev/null @@ -1,129 +0,0 @@ -@description('Required. The name of the Alert.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. The description of the scheduled query rule.') -param alertDescription string = '' - -@description('Optional. The flag which indicates whether this scheduled query rule is enabled.') -param enabled bool = true - -@description('Optional. Indicates the type of scheduled query rule.') -@allowed([ - 'LogAlert' - 'LogToMetric' -]) -param kind string = 'LogAlert' - -@description('Optional. The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert.') -param autoMitigate bool = true - -@description('Optional. If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert.') -param queryTimeRange string = '' - -@description('Optional. The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert.') -param skipQueryValidation bool = false - -@description('Optional. List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert.') -param targetResourceTypes array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Required. The list of resource IDs that this scheduled query rule is scoped to.') -param scopes array = [] - -@description('Optional. Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert.') -@allowed([ - 0 - 1 - 2 - 3 - 4 -]) -param severity int = 3 - -@description('Optional. How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert.') -param evaluationFrequency string = '' - -@description('Optional. The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert.') -param windowSize string = '' - -@description('Optional. Actions to invoke when the alert fires.') -param actions array = [] - -@description('Optional. The rule criteria that defines the conditions of the scheduled query rule.') -param criterias object = {} - -@description('Optional. Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert.') -param suppressForMinutes string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource queryRule 'Microsoft.Insights/scheduledQueryRules@2021-02-01-preview' = { - name: name - location: location - tags: tags - kind: kind - properties: { - actions: { - actionGroups: actions - customProperties: {} - } - autoMitigate: (kind == 'LogAlert') ? autoMitigate : null - criteria: criterias - - description: alertDescription - displayName: name - enabled: enabled - evaluationFrequency: (kind == 'LogAlert' && !empty(evaluationFrequency)) ? evaluationFrequency : null - muteActionsDuration: (kind == 'LogAlert' && !empty(suppressForMinutes)) ? suppressForMinutes : null - overrideQueryTimeRange: (kind == 'LogAlert' && !empty(queryTimeRange)) ? queryTimeRange : null - scopes: scopes - severity: (kind == 'LogAlert') ? severity : null - skipQueryValidation: (kind == 'LogAlert') ? skipQueryValidation : null - targetResourceTypes: (kind == 'LogAlert') ? targetResourceTypes : null - windowSize: (kind == 'LogAlert' && !empty(windowSize)) ? windowSize : null - } -} - -module queryRule_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-QueryRule-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: queryRule.id - } -}] - -@description('The Name of the created query rule.') -output name string = queryRule.name - -@description('The resource ID of the created query rule.') -output resourceId string = queryRule.id - -@description('The Resource Group of the created query rule.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = queryRule.location diff --git a/modules/Microsoft.Insights/scheduledQueryRules/readme.md b/modules/Microsoft.Insights/scheduledQueryRules/readme.md deleted file mode 100644 index 304ae9217d..0000000000 --- a/modules/Microsoft.Insights/scheduledQueryRules/readme.md +++ /dev/null @@ -1,300 +0,0 @@ -# Scheduled Query Rules `[Microsoft.Insights/scheduledQueryRules]` - -This module deploys a scheduled query rule. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/scheduledQueryRules` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Alert. | -| `scopes` | array | The list of resource IDs that this scheduled query rule is scoped to. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | Actions to invoke when the alert fires. | -| `alertDescription` | string | `''` | | The description of the scheduled query rule. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | -| `criterias` | object | `{object}` | | The rule criteria that defines the conditions of the scheduled query rule. | -| `enabled` | bool | `True` | | The flag which indicates whether this scheduled query rule is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `evaluationFrequency` | string | `''` | | How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. | -| `kind` | string | `'LogAlert'` | `[LogAlert, LogToMetric]` | Indicates the type of scheduled query rule. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `queryTimeRange` | string | `''` | | If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. | -| `skipQueryValidation` | bool | `False` | | The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. | -| `suppressForMinutes` | string | `''` | | Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetResourceTypes` | array | `[]` | | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | -| `windowSize` | string | `''` | | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the created query rule. | -| `resourceGroupName` | string | The Resource Group of the created query rule. | -| `resourceId` | string | The resource ID of the created query rule. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "myAlert01" - }, - "alertDescription": { - "value": "My sample Alert" - }, - "scopes": { - "value": [ - "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - ] - }, - "evaluationFrequency": { - "value": "PT5M" - }, - "windowSize": { - "value": "PT5M" - }, - "suppressForMinutes": { - "value": "PT5M" - }, - "queryTimeRange": { - "value": "PT5M" - }, - "autoMitigate": { - "value": false - }, - "criterias": { - "value": { - "allOf": [ - { - "query": "Perf | where ObjectName == \"LogicalDisk\" | where CounterName == \"% Free Space\" | where InstanceName <> \"HarddiskVolume1\" and InstanceName <> \"_Total\" | summarize AggregatedValue = min(CounterValue) by Computer, InstanceName, bin(TimeGenerated,5m)", - "timeAggregation": "Average", - "metricMeasureColumn": "AggregatedValue", - "dimensions": [ - { - "name": "Computer", - "operator": "Include", - "values": [ - "*" - ] - }, - { - "name": "InstanceName", - "operator": "Include", - "values": [ - "*" - ] - } - ], - "operator": "GreaterThan", - "threshold": 0 - } - ] - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module scheduledQueryRules './Microsoft.Insights/scheduledQueryRules/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-scheduledQueryRules' - params: { - name: 'myAlert01' - alertDescription: 'My sample Alert' - scopes: [ - '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - ] - evaluationFrequency: 'PT5M' - windowSize: 'PT5M' - suppressForMinutes: 'PT5M' - queryTimeRange: 'PT5M' - autoMitigate: false - criterias: { - allOf: [ - { - query: 'Perf | where ObjectName == \'LogicalDisk\' | where CounterName == \'% Free Space\' | where InstanceName <> \'HarddiskVolume1\' and InstanceName <> \'_Total\' | summarize AggregatedValue = min(CounterValue) by Computer InstanceName bin(TimeGenerated5m)' - timeAggregation: 'Average' - metricMeasureColumn: 'AggregatedValue' - dimensions: [ - { - name: 'Computer' - operator: 'Include' - values: [ - '*' - ] - } - { - name: 'InstanceName' - operator: 'Include' - values: [ - '*' - ] - } - ] - operator: 'GreaterThan' - threshold: 0 - } - ] - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Insights/scheduledQueryRules/version.json b/modules/Microsoft.Insights/scheduledQueryRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Insights/scheduledQueryRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b03611076e..0000000000 --- a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,62 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Key Vault Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') - 'Key Vault Certificates Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4417e6f-fecd-4de8-b567-7b0420556985') - 'Key Vault Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395') - 'Key Vault Crypto Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603') - 'Key Vault Crypto Service Encryption User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6') - 'Key Vault Crypto User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') - 'Key Vault Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') - 'Key Vault Secrets Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7') - 'Key Vault Secrets User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(keyVault.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: keyVault -}] diff --git a/modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json b/modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json deleted file mode 100644 index d90c44f3fb..0000000000 --- a/modules/Microsoft.KeyVault/vaults/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} diff --git a/modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json b/modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json deleted file mode 100644 index d015736c8f..0000000000 --- a/modules/Microsoft.KeyVault/vaults/.deploymentTests/parameters.json +++ /dev/null @@ -1,133 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-kv-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "softDeleteRetentionInDays": { - "value": 7 - }, - "enableRbacAuthorization": { - "value": false - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "vault" - } - ] - }, - "networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "action": "Allow" - } - ], - "ipRules": [] - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "secrets": { - "value": { - "secureList": [ - { - "name": "secretName", - "value": "secretValue", - "contentType": "Something", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - } - }, - "keys": { - "value": [ - { - "name": "keyName", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "accessPolicies": { - "value": [ - { - "objectId": "<>", - "permissions": { - "keys": [ - "get", - "list", - "update" - ], - "secrets": [ - "all" - ] - }, - "tenantId": "<>" - }, - { - "objectId": "<>", - "permissions": { - "certificates": [ - "backup", - "create", - "delete" - ], - "secrets": [ - "all" - ] - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep b/modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep deleted file mode 100644 index e161410ac7..0000000000 --- a/modules/Microsoft.KeyVault/vaults/accessPolicies/deploy.bicep +++ /dev/null @@ -1,51 +0,0 @@ -@description('Conditional. The name of the parent key vault. Required if the template is used in a standalone deployment.') -param keyVaultName string - -@description('Optional. The access policy deployment.') -param name string = 'add' - -@description('Optional. An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault\'s tenant ID.') -param accessPolicies array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var formattedAccessPolicies = [for accessPolicy in accessPolicies: { - applicationId: contains(accessPolicy, 'applicationId') ? accessPolicy.applicationId : '' - objectId: contains(accessPolicy, 'objectId') ? accessPolicy.objectId : '' - permissions: accessPolicy.permissions - tenantId: contains(accessPolicy, 'tenantId') ? accessPolicy.tenantId : tenant().tenantId -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = { - name: keyVaultName -} - -resource policies 'Microsoft.KeyVault/vaults/accessPolicies@2021-06-01-preview' = { - name: name - parent: keyVault - properties: { - accessPolicies: formattedAccessPolicies - } -} - -@description('The name of the resource group the access policies assignment was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the access policies assignment.') -output name string = policies.name - -@description('The resource ID of the access policies assignment.') -output resourceId string = policies.id diff --git a/modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md b/modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md deleted file mode 100644 index 9ddcb99e45..0000000000 --- a/modules/Microsoft.KeyVault/vaults/accessPolicies/readme.md +++ /dev/null @@ -1,97 +0,0 @@ -# Key Vault Access Policies `[Microsoft.KeyVault/vaults/accessPolicies]` - -This module deploys key vault access policies. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `accessPolicies` | array | `[]` | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'add'` | The access policy deployment. | - - -### Parameter Usage: `accessPolicies` - -

- -Parameter JSON format - -```json -"accessPolicies": { - "value": [ - { - "tenantId": null, // Optional - "applicationId": null, // Optional - "objectId": null, - "permissions": { - "certificates": [ - "All" - ], - "keys": [ - "All" - ], - "secrets": [ - "All" - ] - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -accessPolicies: [ - { - tenantId: null // Optional - applicationId: null // Optional - objectId: null - permissions: { - certificates: [ - 'All' - ] - keys: [ - 'All' - ] - secrets: [ - 'All' - ] - } - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the access policies assignment. | -| `resourceGroupName` | string | The name of the resource group the access policies assignment was created in. | -| `resourceId` | string | The resource ID of the access policies assignment. | diff --git a/modules/Microsoft.KeyVault/vaults/accessPolicies/version.json b/modules/Microsoft.KeyVault/vaults/accessPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KeyVault/vaults/accessPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KeyVault/vaults/deploy.bicep b/modules/Microsoft.KeyVault/vaults/deploy.bicep deleted file mode 100644 index 73099fa1f3..0000000000 --- a/modules/Microsoft.KeyVault/vaults/deploy.bicep +++ /dev/null @@ -1,331 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@description('Optional. Name of the Key Vault. If no name is provided, then unique name will be created.') -@maxLength(24) -param name string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Array of access policies object.') -param accessPolicies array = [] - -@description('Optional. All secrets to create.') -@secure() -param secrets object = {} - -@description('Optional. All keys to create.') -param keys array = [] - -@description('Optional. Specifies if the vault is enabled for deployment by script or compute.') -@allowed([ - true - false -]) -param enableVaultForDeployment bool = true - -@description('Optional. Specifies if the vault is enabled for a template deployment.') -@allowed([ - true - false -]) -param enableVaultForTemplateDeployment bool = true - -@description('Optional. Specifies if the azure platform has access to the vault for enabling disk encryption scenarios.') -@allowed([ - true - false -]) -param enableVaultForDiskEncryption bool = true - -@description('Optional. Switch to enable/disable Key Vault\'s soft delete feature.') -param enableSoftDelete bool = true - -@description('Optional. softDelete data retention days. It accepts >=7 and <=90.') -param softDeleteRetentionInDays int = 90 - -@description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.') -param enableRbacAuthorization bool = false - -@description('Optional. The vault\'s create mode to indicate whether the vault need to be recovered or not. - recover or default.') -param createMode string = 'default' - -@description('Optional. Provide \'true\' to enable Key Vault\'s purge protection feature.') -param enablePurgeProtection bool = false - -@description('Optional. Specifies the SKU for the vault.') -@allowed([ - 'premium' - 'standard' -]) -param vaultSku string = 'premium' - -@description('Optional. Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny.') -param networkAcls object = {} - -@description('Optional. Property to specify whether the vault will accept traffic from public internet. If set to "disabled" all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules.') -@allowed([ - 'enabled' - 'disabled' -]) -param publicNetworkAccess string = 'enabled' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules.') -param baseTime string = utcNow('u') - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'AuditEvent' - 'AzurePolicyEvaluationDetails' -]) -param diagnosticLogCategoriesToEnable array = [ - 'AuditEvent' - 'AzurePolicyEvaluationDetails' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -// =========== // -// Variables // -// =========== // -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var maxNameLength = 24 -var uniquenameUntrim = uniqueString('Key Vault${baseTime}') -var uniquename = (length(uniquenameUntrim) > maxNameLength ? substring(uniquenameUntrim, 0, maxNameLength) : uniquenameUntrim) -var name_var = !empty(name) ? name : uniquename - -var networkAcls_var = { - bypass: !empty(networkAcls) ? networkAcls.bypass : null - defaultAction: !empty(networkAcls) ? networkAcls.defaultAction : null - virtualNetworkRules: (!empty(networkAcls) && contains(networkAcls, 'virtualNetworkRules')) ? networkAcls.virtualNetworkRules : [] - ipRules: (!empty(networkAcls) && contains(networkAcls, 'ipRules')) ? networkAcls.ipRules : [] -} - -var formattedAccessPolicies = [for accessPolicy in accessPolicies: { - applicationId: contains(accessPolicy, 'applicationId') ? accessPolicy.applicationId : '' - objectId: contains(accessPolicy, 'objectId') ? accessPolicy.objectId : '' - permissions: accessPolicy.permissions - tenantId: contains(accessPolicy, 'tenantId') ? accessPolicy.tenantId : tenant().tenantId -}] - -var secretList = !empty(secrets) ? secrets.secureList : [] - -var enableReferencedModulesTelemetry = false - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2021-11-01-preview' = { - name: name_var - location: location - tags: tags - properties: { - enabledForDeployment: enableVaultForDeployment - enabledForTemplateDeployment: enableVaultForTemplateDeployment - enabledForDiskEncryption: enableVaultForDiskEncryption - enableSoftDelete: enableSoftDelete - softDeleteRetentionInDays: softDeleteRetentionInDays - enableRbacAuthorization: enableRbacAuthorization - createMode: createMode - enablePurgeProtection: enablePurgeProtection ? enablePurgeProtection : null - tenantId: subscription().tenantId - accessPolicies: formattedAccessPolicies - sku: { - name: vaultSku - family: 'A' - } - networkAcls: !empty(networkAcls) ? networkAcls_var : null - publicNetworkAccess: publicNetworkAccess - } -} - -resource keyVault_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${keyVault.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: keyVault -} - -resource keyVault_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: keyVault -} - -module keyVault_accessPolicies 'accessPolicies/deploy.bicep' = if (!empty(accessPolicies)) { - name: '${uniqueString(deployment().name, location)}-KeyVault-AccessPolicies' - params: { - keyVaultName: keyVault.name - accessPolicies: formattedAccessPolicies - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module keyVault_secrets 'secrets/deploy.bicep' = [for (secret, index) in secretList: { - name: '${uniqueString(deployment().name, location)}-KeyVault-Secret-${index}' - params: { - name: secret.name - value: secret.value - keyVaultName: keyVault.name - attributesEnabled: contains(secret, 'attributesEnabled') ? secret.attributesEnabled : true - attributesExp: contains(secret, 'attributesExp') ? secret.attributesExp : -1 - attributesNbf: contains(secret, 'attributesNbf') ? secret.attributesNbf : -1 - contentType: contains(secret, 'contentType') ? secret.contentType : '' - tags: contains(secret, 'tags') ? secret.tags : {} - roleAssignments: contains(secret, 'roleAssignments') ? secret.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module keyVault_keys 'keys/deploy.bicep' = [for (key, index) in keys: { - name: '${uniqueString(deployment().name, location)}-KeyVault-Key-${index}' - params: { - name: key.name - keyVaultName: keyVault.name - attributesEnabled: contains(key, 'attributesEnabled') ? key.attributesEnabled : true - attributesExp: contains(key, 'attributesExp') ? key.attributesExp : -1 - attributesNbf: contains(key, 'attributesNbf') ? key.attributesNbf : -1 - curveName: contains(key, 'curveName') ? key.curveName : 'P-256' - keyOps: contains(key, 'keyOps') ? key.keyOps : [] - keySize: contains(key, 'keySize') ? key.keySize : -1 - kty: contains(key, 'kty') ? key.kty : 'EC' - tags: contains(key, 'tags') ? key.tags : {} - roleAssignments: contains(key, 'roleAssignments') ? key.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module keyVault_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-KeyVault-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(keyVault.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: keyVault.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -module keyVault_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-KeyVault-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: keyVault.id - } -}] - -// =========== // -// Outputs // -// =========== // -@description('The resource ID of the key vault.') -output resourceId string = keyVault.id - -@description('The name of the resource group the key vault was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the key vault.') -output name string = keyVault.name - -@description('The URI of the key vault.') -output uri string = keyVault.properties.vaultUri - -@description('The location the resource was deployed into.') -output location string = keyVault.location diff --git a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 7eafd1c2d8..0000000000 --- a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,61 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Key Vault Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') - 'Key Vault Certificates Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4417e6f-fecd-4de8-b567-7b0420556985') - 'Key Vault Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395') - 'Key Vault Crypto Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603') - 'Key Vault Crypto Service Encryption User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6') - 'Key Vault Crypto User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') - 'Key Vault Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') - 'Key Vault Secrets Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource key 'Microsoft.KeyVault/vaults/keys@2021-06-01-preview' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(key.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: key -}] diff --git a/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep b/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep deleted file mode 100644 index 1b25378b60..0000000000 --- a/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep +++ /dev/null @@ -1,109 +0,0 @@ -@description('Conditional. The name of the parent key vault. Required if the template is used in a standalone deployment.') -param keyVaultName string - -@description('Required. The name of the key.') -param name string - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Determines whether the object is enabled.') -param attributesEnabled bool = true - -@description('Optional. Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible.') -param attributesExp int = -1 - -@description('Optional. Not before date in seconds since 1970-01-01T00:00:00Z.') -param attributesNbf int = -1 - -@description('Optional. The elliptic curve name.') -@allowed([ - 'P-256' - 'P-256K' - 'P-384' - 'P-521' -]) -param curveName string = 'P-256' - -@description('Optional. Array of JsonWebKeyOperation.') -@allowed([ - 'decrypt' - 'encrypt' - 'import' - 'sign' - 'unwrapKey' - 'verify' - 'wrapKey' -]) -param keyOps array = [] - -@description('Optional. The key size in bits. For example: 2048, 3072, or 4096 for RSA.') -param keySize int = -1 - -@description('Optional. The type of the key.') -@allowed([ - 'EC' - 'EC-HSM' - 'RSA' - 'RSA-HSM' -]) -param kty string = 'EC' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = { - name: keyVaultName -} - -resource key 'Microsoft.KeyVault/vaults/keys@2019-09-01' = { - name: name - parent: keyVault - tags: tags - properties: { - attributes: { - enabled: attributesEnabled - exp: attributesExp != -1 ? attributesExp : null - nbf: attributesNbf != -1 ? attributesNbf : null - } - curveName: curveName - keyOps: keyOps - keySize: keySize != -1 ? keySize : null - kty: kty - } -} - -module key_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: key.id - } -}] - -@description('The name of the key.') -output name string = key.name - -@description('The resource ID of the key.') -output resourceId string = key.id - -@description('The name of the resource group the key was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.KeyVault/vaults/keys/readme.md b/modules/Microsoft.KeyVault/vaults/keys/readme.md deleted file mode 100644 index 8c01e66063..0000000000 --- a/modules/Microsoft.KeyVault/vaults/keys/readme.md +++ /dev/null @@ -1,151 +0,0 @@ -# Key Vault Key `[Microsoft.KeyVault/vaults/keys]` - -This module deploys a key vault key. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.KeyVault/vaults/keys` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the key. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `curveName` | string | `'P-256'` | `[P-256, P-256K, P-384, P-521]` | The elliptic curve name. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `keyOps` | array | `[]` | `[decrypt, encrypt, import, sign, unwrapKey, verify, wrapKey]` | Array of JsonWebKeyOperation. | -| `keySize` | int | `-1` | | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | -| `kty` | string | `'EC'` | `[EC, EC-HSM, RSA, RSA-HSM]` | The type of the key. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the key. | -| `resourceGroupName` | string | The name of the resource group the key was created in. | -| `resourceId` | string | The resource ID of the key. | diff --git a/modules/Microsoft.KeyVault/vaults/keys/version.json b/modules/Microsoft.KeyVault/vaults/keys/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KeyVault/vaults/keys/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md deleted file mode 100644 index 9c6dce362a..0000000000 --- a/modules/Microsoft.KeyVault/vaults/readme.md +++ /dev/null @@ -1,669 +0,0 @@ -# Key Vaults `[Microsoft.KeyVault/vaults]` - -This module deploys a key vault and its child resources. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.KeyVault/vaults` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-11-01-preview/vaults) | -| `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | -| `Microsoft.KeyVault/vaults/keys` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) | -| `Microsoft.KeyVault/vaults/secrets` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/secrets) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessPolicies` | _[accessPolicies](accessPolicies/readme.md)_ array | `[]` | | Array of access policies object. | -| `createMode` | string | `'default'` | | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditEvent, AzurePolicyEvaluationDetails]` | `[AuditEvent, AzurePolicyEvaluationDetails]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enablePurgeProtection` | bool | `False` | | Provide 'true' to enable Key Vault's purge protection feature. | -| `enableRbacAuthorization` | bool | `False` | | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. | -| `enableSoftDelete` | bool | `True` | | Switch to enable/disable Key Vault's soft delete feature. | -| `enableVaultForDeployment` | bool | `True` | `[True, False]` | Specifies if the vault is enabled for deployment by script or compute. | -| `enableVaultForDiskEncryption` | bool | `True` | `[True, False]` | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | -| `enableVaultForTemplateDeployment` | bool | `True` | `[True, False]` | Specifies if the vault is enabled for a template deployment. | -| `keys` | _[keys](keys/readme.md)_ array | `[]` | | All keys to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `''` | | Name of the Key Vault. If no name is provided, then unique name will be created. | -| `networkAcls` | object | `{object}` | | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `'enabled'` | `[enabled, disabled]` | Property to specify whether the vault will accept traffic from public internet. If set to "disabled" all traffic except private endpoint traffic and that that originates from trusted services will be blocked. This will override the set firewall rules, meaning that even if the firewall rules are present we will not honor the rules. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `secrets` | secureObject | `{object}` | | All secrets to create. | -| `softDeleteRetentionInDays` | int | `90` | | softDelete data retention days. It accepts >=7 and <=90. | -| `tags` | object | `{object}` | | Resource tags. | -| `vaultSku` | string | `'premium'` | `[premium, standard]` | Specifies the SKU for the vault. | - -**Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a SAS token to access the modules. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `networkAcls` - -

- -Parameter JSON format - -```json -"networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001" - } - ], - "ipRules": [] - } -} -``` - -
- -
- -Bicep format - -```bicep -networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - virtualNetworkRules: [ - { - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - } - ] - ipRules: [] -} -``` - -
-

- -### Parameter Usage: `vNetId` - -

- -Parameter JSON format - -```json -"vNetId": { - "value": "/subscriptions/00000000/resourceGroups/resourceGroup" -} -``` - -
- -
- -Bicep format - -```bicep -vNetId: '/subscriptions/00000000/resourceGroups/resourceGroup' -``` - -
-

- -### Parameter Usage: `accessPolicies` - -

- -Parameter JSON format - -```json -"accessPolicies": { - "value": [ - { - "tenantId": null, // Optional - "applicationId": null, // Optional - "objectId": null, - "permissions": { - "certificates": [ - "All" - ], - "keys": [ - "All" - ], - "secrets": [ - "All" - ] - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -accessPolicies: [ - { - tenantId: null // Optional - applicationId: null // Optional - objectId: null - permissions: { - certificates: [ - 'All' - ] - keys: [ - 'All' - ] - secrets: [ - 'All' - ] - } - } -] -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the key vault. | -| `resourceGroupName` | string | The name of the resource group the key vault was created in. | -| `resourceId` | string | The resource ID of the key vault. | -| `uri` | string | The URI of the key vault. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} -``` - -
- -
- -via Bicep module - -```bicep -module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vaults' - params: { - - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-kv-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "softDeleteRetentionInDays": { - "value": 7 - }, - "enableRbacAuthorization": { - "value": false - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "vault" - } - ] - }, - "networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "action": "Allow" - } - ], - "ipRules": [] - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "secrets": { - "value": { - "secureList": [ - { - "name": "secretName", - "value": "secretValue", - "contentType": "Something", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - } - }, - "keys": { - "value": [ - { - "name": "keyName", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "accessPolicies": { - "value": [ - { - "objectId": "<>", - "permissions": { - "keys": [ - "get", - "list", - "update" - ], - "secrets": [ - "all" - ] - }, - "tenantId": "<>" - }, - { - "objectId": "<>", - "permissions": { - "certificates": [ - "backup", - "create", - "delete" - ], - "secrets": [ - "all" - ] - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vaults' - params: { - name: '<>-az-kv-x-002' - lock: 'CanNotDelete' - softDeleteRetentionInDays: 7 - enableRbacAuthorization: false - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'vault' - } - ] - networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - virtualNetworkRules: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - action: 'Allow' - } - ] - ipRules: [] - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - secrets: { - secureList: [ - { - name: 'secretName' - value: 'secretValue' - contentType: 'Something' - attributesExp: 1702648632 - attributesNbf: 10000 - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - } - keys: [ - { - name: 'keyName' - attributesExp: 1702648632 - attributesNbf: 10000 - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - accessPolicies: [ - { - objectId: '<>' - permissions: { - keys: [ - 'get' - 'list' - 'update' - ] - secrets: [ - 'all' - ] - } - tenantId: '<>' - } - { - objectId: '<>' - permissions: { - certificates: [ - 'backup' - 'create' - 'delete' - ] - secrets: [ - 'all' - ] - } - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index d80da03d4d..0000000000 --- a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Key Vault Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') - 'Key Vault Certificates Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4417e6f-fecd-4de8-b567-7b0420556985') - 'Key Vault Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395') - 'Key Vault Crypto Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603') - 'Key Vault Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21090545-7ca7-4776-b22c-e363652d74d2') - 'Key Vault Secrets Officer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b86a8fe4-44ce-4948-aee5-eccb2c155cd7') - 'Key Vault Secrets User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4633458b-17de-408a-b874-0445c86b69e6') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource secret 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(secret.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: secret -}] diff --git a/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep b/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep deleted file mode 100644 index 842528bbb2..0000000000 --- a/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep +++ /dev/null @@ -1,82 +0,0 @@ -@description('Conditional. The name of the parent key vault. Required if the template is used in a standalone deployment.') -param keyVaultName string - -@description('Required. The name of the secret.') -param name string - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Determines whether the object is enabled.') -param attributesEnabled bool = true - -@description('Optional. Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible.') -param attributesExp int = -1 - -@description('Optional. Not before date in seconds since 1970-01-01T00:00:00Z.') -param attributesNbf int = -1 - -@description('Optional. The content type of the secret.') -@secure() -param contentType string = '' - -@description('Required. The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets.') -@secure() -param value string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = { - name: keyVaultName -} - -resource secret 'Microsoft.KeyVault/vaults/secrets@2019-09-01' = { - name: name - parent: keyVault - tags: tags - properties: { - contentType: contentType - attributes: { - enabled: attributesEnabled - exp: attributesExp != -1 ? attributesExp : null - nbf: attributesNbf != -1 ? attributesNbf : null - } - value: value - } -} - -module secret_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: secret.id - } -}] - -@description('The name of the secret.') -output name string = secret.name - -@description('The resource ID of the secret.') -output resourceId string = secret.id - -@description('The name of the resource group the secret was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md deleted file mode 100644 index 820cb78109..0000000000 --- a/modules/Microsoft.KeyVault/vaults/secrets/readme.md +++ /dev/null @@ -1,149 +0,0 @@ -# Key Vault Secret `[Microsoft.KeyVault/vaults/secrets]` - -This module deploys a key vault secret. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.KeyVault/vaults/secrets` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/secrets) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the secret. | -| `value` | secureString | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `contentType` | secureString | `''` | The content type of the secret. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | Resource tags. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the secret. | -| `resourceGroupName` | string | The name of the resource group the secret was created in. | -| `resourceId` | string | The resource ID of the secret. | diff --git a/modules/Microsoft.KeyVault/vaults/secrets/version.json b/modules/Microsoft.KeyVault/vaults/secrets/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KeyVault/vaults/secrets/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KeyVault/vaults/version.json b/modules/Microsoft.KeyVault/vaults/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KeyVault/vaults/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json deleted file mode 100644 index 8beee2d23b..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux" - }, - "extensionType": { - "value": "microsoft.flux" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "releaseTrain": { - "value": "Stable" - }, - "releaseNamespace": { - "value": "flux-system" - } - } -} diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json b/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json deleted file mode 100644 index 29ca85067d..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/extensions/.deploymentTests/parameters.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux" - }, - "extensionType": { - "value": "microsoft.flux" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "releaseTrain": { - "value": "Stable" - }, - "releaseNamespace": { - "value": "flux-system" - }, - "version": { - "value": "0.5.2" - }, - "configurationSettings": { - "value": { - // "helm-controller.enabled": "false", - "source-controller.enabled": "true", - "kustomize-controller.enabled": "true", - "notification-controller.enabled": "false", - "image-automation-controller.enabled": "false", - "image-reflector-controller.enabled": "false" - } - } - } -} diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep b/modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep deleted file mode 100644 index b89751b8c8..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/extensions/deploy.bicep +++ /dev/null @@ -1,78 +0,0 @@ -@description('Required. The name of the Flux Configuration.') -param name string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Required. The name of the AKS cluster that should be configured.') -param clusterName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Configuration settings that are sensitive, as name-value pairs for configuring this extension.') -param configurationProtectedSettings object = {} - -@description('Optional. Configuration settings, as name-value pairs for configuring this extension.') -param configurationSettings object = {} - -@description('Required. Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher.') -param extensionType string - -@description('Optional. ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true".') -param releaseTrain string = 'Stable' - -@description('Optional. Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created.') -param releaseNamespace string = '' - -@description('Optional. Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created.') -param targetNamespace string = '' - -@description('Optional. Version of the extension for this extension, if it is "pinned" to a specific version.') -param version string = '' - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-10-01' existing = { - name: clusterName -} - -resource extension 'Microsoft.KubernetesConfiguration/extensions@2022-03-01' = { - name: name - scope: managedCluster - properties: { - autoUpgradeMinorVersion: !empty(version) ? false : true - configurationProtectedSettings: !empty(configurationProtectedSettings) ? configurationProtectedSettings : {} - configurationSettings: !empty(configurationSettings) ? configurationSettings : {} - extensionType: extensionType - releaseTrain: !empty(releaseTrain) ? releaseTrain : null - scope: { - cluster: !empty(releaseNamespace) ? { - releaseNamespace: releaseNamespace - } : null - namespace: !empty(targetNamespace) ? { - targetNamespace: targetNamespace - } : null - } - version: !empty(version) ? version : null - } -} - -@description('The name of the extension.') -output name string = extension.name - -@description('The resource ID of the extension.') -output resourceId string = extension.id - -@description('The name of the resource group the extension was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/readme.md b/modules/Microsoft.KubernetesConfiguration/extensions/readme.md deleted file mode 100644 index b82481be34..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/extensions/readme.md +++ /dev/null @@ -1,191 +0,0 @@ -# Kubernetes Configuration Extensions `[Microsoft.KubernetesConfiguration/extensions]` - -This module deploys Kubernetes Configuration Extensions. - -## Navigation - -- [Prerequisites](#Prerequisites) -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Prerequisites - -Registration of your subscription with the AKS-ExtensionManager feature flag. Use the following command: - -```powershell -az feature register --namespace Microsoft.ContainerService --name AKS-ExtensionManager -``` - -Registration of the following Azure service providers. (It's OK to re-register an existing provider.) - -```powershell -az provider register --namespace Microsoft.Kubernetes -az provider register --namespace Microsoft.ContainerService -az provider register --namespace Microsoft.KubernetesConfiguration -``` - -For Details see [Prerequisites](https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-use-gitops-flux2) -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `clusterName` | string | The name of the AKS cluster that should be configured. | -| `extensionType` | string | Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. | -| `name` | string | The name of the Flux Configuration. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `configurationProtectedSettings` | object | `{object}` | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | -| `configurationSettings` | object | `{object}` | Configuration settings, as name-value pairs for configuring this extension. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `releaseNamespace` | string | `''` | Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. | -| `releaseTrain` | string | `'Stable'` | ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". | -| `targetNamespace` | string | `''` | Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. | -| `version` | string | `''` | Version of the extension for this extension, if it is "pinned" to a specific version. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the extension. | -| `resourceGroupName` | string | The name of the resource group the extension was deployed into. | -| `resourceId` | string | The resource ID of the extension. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux" - }, - "extensionType": { - "value": "microsoft.flux" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "releaseTrain": { - "value": "Stable" - }, - "releaseNamespace": { - "value": "flux-system" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-extensions' - params: { - name: 'flux' - extensionType: 'microsoft.flux' - clusterName: '<>-az-aks-kubenet-001' - releaseTrain: 'Stable' - releaseNamespace: 'flux-system' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux" - }, - "extensionType": { - "value": "microsoft.flux" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "releaseTrain": { - "value": "Stable" - }, - "releaseNamespace": { - "value": "flux-system" - }, - "version": { - "value": "0.5.2" - }, - "configurationSettings": { - "value": { - // "helm-controller.enabled": "false", - "source-controller.enabled": "true", - "kustomize-controller.enabled": "true", - "notification-controller.enabled": "false", - "image-automation-controller.enabled": "false", - "image-reflector-controller.enabled": "false" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module extensions './Microsoft.KubernetesConfiguration/extensions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-extensions' - params: { - name: 'flux' - extensionType: 'microsoft.flux' - clusterName: '<>-az-aks-kubenet-001' - releaseTrain: 'Stable' - releaseNamespace: 'flux-system' - version: '0.5.2' - configurationSettings: { - 'source-controller.enabled': 'true' - 'kustomize-controller.enabled': 'true' - 'notification-controller.enabled': 'false' - 'image-automation-controller.enabled': 'false' - 'image-reflector-controller.enabled': 'false' - } - } -} -``` - -
-

diff --git a/modules/Microsoft.KubernetesConfiguration/extensions/version.json b/modules/Microsoft.KubernetesConfiguration/extensions/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/extensions/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json deleted file mode 100644 index 201ac22b6b..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux2" - }, - "scope": { - "value": "cluster" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "namespace": { - "value": "flux-system" - }, - "sourceKind": { - "value": "GitRepository" - }, - "gitRepository": { - "value": { - "url": "https://github.com/mspnp/aks-baseline", - "timeoutInSeconds": 180, - "syncIntervalInSeconds": 300, - "repositoryRef": { - "branch": "main" - }, - "sshKnownHosts": "" - } - } - } -} diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json deleted file mode 100644 index e6f563f7f8..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/.deploymentTests/parameters.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux2" - }, - "scope": { - "value": "cluster" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "namespace": { - "value": "flux-system" - }, - "sourceKind": { - "value": "GitRepository" - }, - "gitRepository": { - "value": { - "url": "https://github.com/mspnp/aks-baseline", - "timeoutInSeconds": 180, - "syncIntervalInSeconds": 300, - "repositoryRef": { - "branch": "main" - }, - "sshKnownHosts": "" - } - }, - "kustomizations": { - "value": { - "unified": { - "path": "./cluster-manifests", - "dependsOn": [], - "timeoutInSeconds": 300, - "syncIntervalInSeconds": 300, - "prune": true, - "force": false - } - } - } - } -} diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep deleted file mode 100644 index 00be519c07..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep +++ /dev/null @@ -1,83 +0,0 @@ -@description('Required. The name of the Flux Configuration.') -param name string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Required. The name of the AKS cluster that should be configured.') -param clusterName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Parameters to reconcile to the GitRepository source kind type.') -param bucket object = {} - -@description('Optional. Key-value pairs of protected configuration settings for the configuration.') -param configurationProtectedSettings object = {} - -@description('Optional. Parameters to reconcile to the GitRepository source kind type.') -param gitRepository object = {} - -@description('Optional. Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster.') -param kustomizations object = {} - -@description('Required. The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only.') -param namespace string - -@allowed([ - 'cluster' - 'namespace' -]) -@description('Required. Scope at which the configuration will be installed.') -param scope string - -@allowed([ - 'Bucket' - 'GitRepository' -]) -@description('Required. Source Kind to pull the configuration data from.') -param sourceKind string - -@description('Optional. Whether this configuration should suspend its reconciliation of its kustomizations and sources.') -param suspend bool = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedCluster 'Microsoft.ContainerService/managedClusters@2021-10-01' existing = { - name: clusterName -} - -resource fluxConfiguration 'Microsoft.KubernetesConfiguration/fluxConfigurations@2022-03-01' = { - name: name - scope: managedCluster - properties: { - bucket: !empty(bucket) ? bucket : null - configurationProtectedSettings: !empty(configurationProtectedSettings) ? configurationProtectedSettings : {} - gitRepository: !empty(gitRepository) ? gitRepository : null - kustomizations: !empty(kustomizations) ? kustomizations : {} - namespace: namespace - scope: scope - sourceKind: sourceKind - suspend: suspend - } -} - -@description('The name of the flux configuration.') -output name string = fluxConfiguration.name - -@description('The resource ID of the flux configuration.') -output resourceId string = fluxConfiguration.id - -@description('The name of the resource group the flux configuration was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md deleted file mode 100644 index 76e5b93f61..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/readme.md +++ /dev/null @@ -1,234 +0,0 @@ -# Kubernetes Configuration Flux Configurations `[Microsoft.KubernetesConfiguration/fluxConfigurations]` - -This module deploys Kubernetes Configuration Flux Configurations. - -## Navigation - -- [Prerequisites](#Prerequisites) -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Prerequisites - -Registration of your subscription with the AKS-ExtensionManager feature flag. Use the following command: - -```powershell -az feature register --namespace Microsoft.ContainerService --name AKS-ExtensionManager -``` - -Registration of the following Azure service providers. (It's OK to re-register an existing provider.) - -```powershell -az provider register --namespace Microsoft.Kubernetes -az provider register --namespace Microsoft.ContainerService -az provider register --namespace Microsoft.KubernetesConfiguration -``` - -For Details see [Prerequisites](https://docs.microsoft.com/en-us/azure/azure-arc/kubernetes/tutorial-use-gitops-flux2) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `clusterName` | string | | The name of the AKS cluster that should be configured. | -| `name` | string | | The name of the Flux Configuration. | -| `namespace` | string | | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | -| `scope` | string | `[cluster, namespace]` | Scope at which the configuration will be installed. | -| `sourceKind` | string | `[Bucket, GitRepository]` | Source Kind to pull the configuration data from. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `bucket` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `configurationProtectedSettings` | object | `{object}` | Key-value pairs of protected configuration settings for the configuration. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `gitRepository` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `kustomizations` | object | `{object}` | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `suspend` | bool | `False` | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the flux configuration. | -| `resourceGroupName` | string | The name of the resource group the flux configuration was deployed into. | -| `resourceId` | string | The resource ID of the flux configuration. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux2" - }, - "scope": { - "value": "cluster" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "namespace": { - "value": "flux-system" - }, - "sourceKind": { - "value": "GitRepository" - }, - "gitRepository": { - "value": { - "url": "https://github.com/mspnp/aks-baseline", - "timeoutInSeconds": 180, - "syncIntervalInSeconds": 300, - "repositoryRef": { - "branch": "main" - }, - "sshKnownHosts": "" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-fluxConfigurations' - params: { - name: 'flux2' - scope: 'cluster' - clusterName: '<>-az-aks-kubenet-001' - namespace: 'flux-system' - sourceKind: 'GitRepository' - gitRepository: { - url: 'https://github.com/mspnp/aks-baseline' - timeoutInSeconds: 180 - syncIntervalInSeconds: 300 - repositoryRef: { - branch: 'main' - } - sshKnownHosts: '' - } - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "flux2" - }, - "scope": { - "value": "cluster" - }, - "clusterName": { - "value": "<>-az-aks-kubenet-001" - }, - "namespace": { - "value": "flux-system" - }, - "sourceKind": { - "value": "GitRepository" - }, - "gitRepository": { - "value": { - "url": "https://github.com/mspnp/aks-baseline", - "timeoutInSeconds": 180, - "syncIntervalInSeconds": 300, - "repositoryRef": { - "branch": "main" - }, - "sshKnownHosts": "" - } - }, - "kustomizations": { - "value": { - "unified": { - "path": "./cluster-manifests", - "dependsOn": [], - "timeoutInSeconds": 300, - "syncIntervalInSeconds": 300, - "prune": true, - "force": false - } - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module fluxConfigurations './Microsoft.KubernetesConfiguration/fluxConfigurations/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-fluxConfigurations' - params: { - name: 'flux2' - scope: 'cluster' - clusterName: '<>-az-aks-kubenet-001' - namespace: 'flux-system' - sourceKind: 'GitRepository' - gitRepository: { - url: 'https://github.com/mspnp/aks-baseline' - timeoutInSeconds: 180 - syncIntervalInSeconds: 300 - repositoryRef: { - branch: 'main' - } - sshKnownHosts: '' - } - kustomizations: { - unified: { - path: './cluster-manifests' - dependsOn: [] - timeoutInSeconds: 300 - syncIntervalInSeconds: 300 - prune: true - force: false - } - } - } -} -``` - -
-

diff --git a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json b/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.KubernetesConfiguration/fluxConfigurations/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 9427c50737..0000000000 --- a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Azure Sentinel Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f4c81013-99ee-4d62-a7ee-b3f1f648599a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Logic App Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource logicApp 'Microsoft.Logic/workflows@2019-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(logicApp.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: logicApp -}] diff --git a/modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json b/modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json deleted file mode 100644 index 6436e5c1b7..0000000000 --- a/modules/Microsoft.Logic/workflows/.deploymentTests/parameters.json +++ /dev/null @@ -1,78 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lga-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": {} - }, - "workflowActions": { - "value": { - "HTTP": { - "type": "Http", - "inputs": { - "method": "POST", - "uri": "https://testStringForValidation.com", - "body": { - "HostPoolName": "[HostPoolName]", - "LAWorkspaceName": "[LAWorkspaceName]", - "LimitSecondsToForceLogOffUser": "[LimitSecondsToForceLogOffUser]", - "EndPeakTime": "[EndPeakTime]", - "BeginPeakTime": "[BeginPeakTime]", - "UtcOffset": "[UtcOffset]", - "LogOffMessageBody": "[LogOffMessageBody]", - "LogOffMessageTitle": "[LogOffMessageTitle]", - "MinimumNumberOfRDSH": 1, - "SessionThresholdPerCPU": 1, - "ResourceGroupName": "[ResourceGroupName]" - } - } - } - } - }, - "workflowTriggers": { - "value": { - "Recurrence": { - "recurrence": { - "frequency": "Minute", - "interval": 15 - }, - "type": "Recurrence" - } - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - } - } -} diff --git a/modules/Microsoft.Logic/workflows/deploy.bicep b/modules/Microsoft.Logic/workflows/deploy.bicep deleted file mode 100644 index 2820d69b8c..0000000000 --- a/modules/Microsoft.Logic/workflows/deploy.bicep +++ /dev/null @@ -1,235 +0,0 @@ -@description('Required. The logic app workflow name.') -param name string - -@description('Optional. The access control configuration for workflow actions.') -param actionsAccessControlConfiguration object = {} - -@description('Optional. The endpoints configuration: Access endpoint and outgoing IP addresses for the connector.') -param connectorEndpointsConfiguration object = {} - -@description('Optional. The access control configuration for accessing workflow run contents.') -param contentsAccessControlConfiguration object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Parameters for the definition template.') -param definitionParameters object = {} - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. The integration account.') -param integrationAccount object = {} - -@description('Optional. The integration service environment.') -param integrationServiceEnvironment object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended.') -@allowed([ - 'NotSpecified' - 'Completed' - 'Enabled' - 'Disabled' - 'Deleted' - 'Suspended' -]) -param state string = 'Enabled' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. The access control configuration for invoking workflow triggers.') -param triggersAccessControlConfiguration object = {} - -@description('Optional. The definitions for one or more actions to execute at workflow runtime.') -param workflowActions object = {} - -@description('Optional. The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow.') -param workflowEndpointsConfiguration object = {} - -@description('Optional. The access control configuration for workflow management.') -param workflowManagementAccessControlConfiguration object = {} - -@description('Optional. The definitions for the outputs to return from a workflow run.') -param workflowOutputs object = {} - -@description('Optional. The definitions for one or more parameters that pass the values to use at your logic app\'s runtime.') -param workflowParameters object = {} - -@description('Optional. The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults.') -param workflowStaticResults object = {} - -@description('Optional. The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer.') -param workflowTriggers object = {} - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'WorkflowRuntime' -]) -param diagnosticLogCategoriesToEnable array = [ - 'WorkflowRuntime' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var identityType = systemAssignedIdentity ? 'SystemAssigned' : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = { - name: name - location: location - tags: !empty(tags) ? tags : null - identity: identity - properties: { - state: state - endpointsConfiguration: { - workflow: workflowEndpointsConfiguration - connector: connectorEndpointsConfiguration - } - accessControl: { - triggers: !empty(triggersAccessControlConfiguration) ? triggersAccessControlConfiguration : null - contents: !empty(contentsAccessControlConfiguration) ? contentsAccessControlConfiguration : null - actions: !empty(actionsAccessControlConfiguration) ? actionsAccessControlConfiguration : null - workflowManagement: !empty(workflowManagementAccessControlConfiguration) ? workflowManagementAccessControlConfiguration : null - } - integrationAccount: !empty(integrationAccount) ? integrationAccount : null - integrationServiceEnvironment: !empty(integrationServiceEnvironment) ? integrationServiceEnvironment : null - definition: { - '$schema': 'https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#' - actions: workflowActions - contentVersion: '1.0.0.0' - outputs: workflowOutputs - parameters: workflowParameters - staticResults: workflowStaticResults - triggers: workflowTriggers - } - parameters: definitionParameters - } -} - -resource logicApp_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${logicApp.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: logicApp -} - -resource logicApp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: logicApp -} - -module logicApp_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-LogicApp-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: logicApp.id - } -}] - -@description('The name of the logic app.') -output name string = logicApp.name - -@description('The resource group the logic app was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the logic app.') -output resourceId string = logicApp.id - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(logicApp.identity, 'principalId') ? logicApp.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = logicApp.location diff --git a/modules/Microsoft.Logic/workflows/readme.md b/modules/Microsoft.Logic/workflows/readme.md deleted file mode 100644 index 5eb088778f..0000000000 --- a/modules/Microsoft.Logic/workflows/readme.md +++ /dev/null @@ -1,466 +0,0 @@ -# Logic Apps `[Microsoft.Logic/workflows]` - -This module deploys a Logic App resource. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Logic/workflows` | [2019-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The logic app workflow name. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actionsAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow actions. | -| `connectorEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. | -| `contentsAccessControlConfiguration` | object | `{object}` | | The access control configuration for accessing workflow run contents. | -| `definitionParameters` | object | `{object}` | | Parameters for the definition template. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[WorkflowRuntime]` | `[WorkflowRuntime]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `integrationAccount` | object | `{object}` | | The integration account. | -| `integrationServiceEnvironment` | object | `{object}` | | The integration service environment. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `state` | string | `'Enabled'` | `[NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended]` | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `triggersAccessControlConfiguration` | object | `{object}` | | The access control configuration for invoking workflow triggers. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workflowActions` | object | `{object}` | | The definitions for one or more actions to execute at workflow runtime. | -| `workflowEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. | -| `workflowManagementAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow management. | -| `workflowOutputs` | object | `{object}` | | The definitions for the outputs to return from a workflow run. | -| `workflowParameters` | object | `{object}` | | The definitions for one or more parameters that pass the values to use at your logic app's runtime. | -| `workflowStaticResults` | object | `{object}` | | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | -| `workflowTriggers` | object | `{object}` | | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | - - -### Parameter Usage `AccessControlConfiguration` - -- `actionsAccessControlConfiguration` -- `contentsAccessControlConfiguration` -- `triggersAccessControlConfiguration` -- `workflowManagementAccessControlConfiguration` - -

- -Parameter JSON format - -```json -"AccessControlConfiguration": { - "value": { - "allowedCallerIpAddresses": [ - { - "addressRange": "string" - } - ], - "openAuthenticationPolicies": { - "policies": {} - } - } -} -``` - -
- - -
- -Bicep format - -```bicep -'AccessControlConfiguration': { - allowedCallerIpAddresses: [ - { - addressRange: 'string' - } - ] - openAuthenticationPolicies: { - policies: {} - } -} -``` - -
-

- -### Parameter Usage `EndpointsConfiguration` - -- `connectorEndpointsConfiguration` -- `workflowEndpointsConfiguration` - -

- -Parameter JSON format - -```json -"EndpointsConfiguration": { - "value": { - "outgoingIpAddresses": [ - { - "address": "string" - } - ], - "accessEndpointIpAddresses": [ - { - "address": "string" - } - ] - } -} -``` - -
- -
- -Bicep format - -```bicep -'EndpointsConfiguration': { - outgoingIpAddresses: [ - { - address: 'string' - } - ] - accessEndpointIpAddresses: [ - { - address: 'string' - } - ] -} -``` - -
-

- -### Parameter Usage `workflow*` - -- To use the below parameters, see the following [documentation.](https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-definition-language) - - `workflowActions` - - `workflowOutputs` - - `workflowParameters` - - `workflowStaticResults` - - `workflowTriggers` - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the logic app. | -| `resourceGroupName` | string | The resource group the logic app was deployed into. | -| `resourceId` | string | The resource ID of the logic app. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lga-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": {} - }, - "workflowActions": { - "value": { - "HTTP": { - "type": "Http", - "inputs": { - "method": "POST", - "uri": "https://testStringForValidation.com", - "body": { - "HostPoolName": "[HostPoolName]", - "LAWorkspaceName": "[LAWorkspaceName]", - "LimitSecondsToForceLogOffUser": "[LimitSecondsToForceLogOffUser]", - "EndPeakTime": "[EndPeakTime]", - "BeginPeakTime": "[BeginPeakTime]", - "UtcOffset": "[UtcOffset]", - "LogOffMessageBody": "[LogOffMessageBody]", - "LogOffMessageTitle": "[LogOffMessageTitle]", - "MinimumNumberOfRDSH": 1, - "SessionThresholdPerCPU": 1, - "ResourceGroupName": "[ResourceGroupName]" - } - } - } - } - }, - "workflowTriggers": { - "value": { - "Recurrence": { - "recurrence": { - "frequency": "Minute", - "interval": 15 - }, - "type": "Recurrence" - } - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module workflows './Microsoft.Logic/workflows/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-workflows' - params: { - name: '<>-az-lga-x-001' - lock: 'CanNotDelete' - tags: {} - workflowActions: { - HTTP: { - type: 'Http' - inputs: { - method: 'POST' - uri: 'https://testStringForValidation.com' - body: { - HostPoolName: '[HostPoolName]' - LAWorkspaceName: '[LAWorkspaceName]' - LimitSecondsToForceLogOffUser: '[LimitSecondsToForceLogOffUser]' - EndPeakTime: '[EndPeakTime]' - BeginPeakTime: '[BeginPeakTime]' - UtcOffset: '[UtcOffset]' - LogOffMessageBody: '[LogOffMessageBody]' - LogOffMessageTitle: '[LogOffMessageTitle]' - MinimumNumberOfRDSH: 1 - SessionThresholdPerCPU: 1 - ResourceGroupName: '[ResourceGroupName]' - } - } - } - } - workflowTriggers: { - Recurrence: { - recurrence: { - frequency: 'Minute' - interval: 15 - } - type: 'Recurrence' - } - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - systemAssignedIdentity: true - } -} -``` - -
-

diff --git a/modules/Microsoft.Logic/workflows/version.json b/modules/Microsoft.Logic/workflows/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Logic/workflows/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 1bd860393a..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'AzureML Metrics Writer (preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '635dd51f-9968-44d3-b7fb-6d9a6bd613ae') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(workspace.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: workspace -}] diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json deleted file mode 100644 index 012526cf1f..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-mls-min-001" - }, - "sku": { - "value": "Basic" - }, - "associatedStorageAccountResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "associatedKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "associatedApplicationInsightsResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "systemAssignedIdentity": { - "value": true - } - } -} diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json b/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json deleted file mode 100644 index d8058a2616..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/.deploymentTests/parameters.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-mls-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": "Basic" - }, - "associatedStorageAccountResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "associatedKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "associatedApplicationInsightsResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "systemAssignedIdentity": { - "value": false // Must be false if `primaryUserAssignedIdentity` is provided - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "description": { - "value": "The cake is a lie." - }, - "discoveryUrl": { - "value": "http://example.com" - }, - "encryptionIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "encryptionKeyIdentifier": { - "value": "https://adp-carml-az-kv-nopr-002.vault.azure.net/keys/keyEncryptionKey/5263fcde203347baa7cda35d074073b2" // ID must be updated for new keys - }, - "encryptionKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-carml-az-kv-nopr-002" - }, - "imageBuildCompute": { - "value": "testcompute" - }, - "publicNetworkAccess": { - "value": "Enabled" - }, - "primaryUserAssignedIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "computes": { - "value": [ - { - "name": "DefaultCPU", - "location": "westeurope", - "computeLocation": "westeurope", - "sku": "Basic", - "systemAssignedIdentity": false, - "userAssignedIdentities": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - }, - "description": "Default CPU Cluster", - "disableLocalAuth": false, - "computeType": "AmlCompute", - "properties": { - "enableNodePublicIp": true, - "isolatedNetwork": false, - "osType": "Linux", - "remoteLoginPortPublicAccess": "Disabled", - "scaleSettings": { - "maxNodeCount": 3, - "minNodeCount": 0, - "nodeIdleTimeBeforeScaleDown": "PT5M" - }, - "vmPriority": "Dedicated", - "vmSize": "STANDARD_DS11_V2" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "amlworkspace" - } - ] - } - } -} diff --git a/modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep deleted file mode 100644 index 1c3be841af..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/computes/deploy.bicep +++ /dev/null @@ -1,139 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@sys.description('Conditional. The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment.') -param machineLearningWorkspaceName string - -@sys.description('Required. Name of the compute.') -@minLength(2) -@maxLength(16) -param name string - -@sys.description('Optional. Specifies the location of the resource.') -param location string = resourceGroup().location - -@sys.description('Optional. Specifies the sku, also referred as "edition". Required for creating a compute resource.') -@allowed([ - 'Basic' - 'Enterprise' - '' -]) -param sku string = '' - -@sys.description('Optional. Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID.') -param tags object = {} - -@sys.description('Optional. Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempontent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists.') -param deployCompute bool = true - -@sys.description('Optional. Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID.') -param computeLocation string = resourceGroup().location - -@sys.description('Optional. The description of the Machine Learning compute.') -param description string = '' - -@sys.description('Optional. Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication.') -param disableLocalAuth bool = false - -@sys.description('Optional. ARM resource ID of the underlying compute.') -param resourceId string = '' - -@sys.description('Required. Set the object type.') -@allowed([ - 'AKS' - 'AmlCompute' - 'ComputeInstance' - 'Databricks' - 'DataFactory' - 'DataLakeAnalytics' - 'HDInsight' - 'Kubernetes' - 'SynapseSpark' - 'VirtualMachine' -]) -param computeType string - -@sys.description('Optional. The properties of the compute. Will be ignored in case "resourceId" is set.') -param properties object = {} - -@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -// Identity -@sys.description('Optional. Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID.') -param systemAssignedIdentity bool = false - -@sys.description('Optional. The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID.') -param userAssignedIdentities object = {} - -// ================// -// Variables // -// ================// -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : any(null) -} : any(null) - -// ============================= // -// Existing resources references // -// ============================= // -resource machineLearningWorkspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' existing = { - name: machineLearningWorkspaceName -} - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource machineLearningWorkspaceCompute 'Microsoft.MachineLearningServices/workspaces/computes@2022-01-01-preview' = if (deployCompute == true) { - name: name - location: location - tags: empty(resourceId) ? tags : any(null) - sku: empty(resourceId) ? { - name: sku - tier: sku - } : any(null) - parent: machineLearningWorkspace - identity: empty(resourceId) ? identity : any(null) - properties: union({ - description: description - disableLocalAuth: disableLocalAuth - computeType: computeType - }, (!empty(resourceId) ? { - resourceId: resourceId - } : { - computeLocation: computeLocation - properties: properties - })) -} - -// =========== // -// Outputs // -// =========== // -@sys.description('The name of the compute.') -output name string = machineLearningWorkspaceCompute.name - -@sys.description('The resource ID of the compute.') -output resourceId string = machineLearningWorkspaceCompute.id - -@sys.description('The resource group the compute was deployed into.') -output resourceGroupName string = resourceGroup().name - -@sys.description('The principal ID of the system assigned identity. Is null in case of attaching a compute resource, i.e. when you provide a resource ID.') -output systemAssignedPrincipalId string = empty(resourceId) ? (systemAssignedIdentity && contains(machineLearningWorkspaceCompute.identity, 'principalId') ? machineLearningWorkspaceCompute.identity.principalId : '') : '' - -@sys.description('The location the resource was deployed into.') -output location string = machineLearningWorkspaceCompute.location diff --git a/modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md deleted file mode 100644 index 1859497fc1..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/computes/readme.md +++ /dev/null @@ -1,162 +0,0 @@ -# Machine Learning Workspaces Computes `[Microsoft.MachineLearningServices/workspaces/computes]` - -This module deploys computes for an Machine Learning Workspace. -Attaching a compute is not idempotent and will fail in case you try to redeploy over an existing compute in AML (see parameter `deployCompute`). - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.MachineLearningServices/workspaces/computes` | [2022-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2022-01-01-preview/workspaces/computes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `computeType` | string | `[AKS, AmlCompute, ComputeInstance, Databricks, DataFactory, DataLakeAnalytics, HDInsight, Kubernetes, SynapseSpark, VirtualMachine]` | Set the object type. | -| `name` | string | | Name of the compute. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `machineLearningWorkspaceName` | string | The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `computeLocation` | string | `[resourceGroup().location]` | | Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `deployCompute` | bool | `True` | | Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempontent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. | -| `description` | string | `''` | | The description of the Machine Learning compute. | -| `disableLocalAuth` | bool | `False` | | Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Specifies the location of the resource. | -| `properties` | object | `{object}` | | The properties of the compute. Will be ignored in case "resourceId" is set. | -| `resourceId` | string | `''` | | ARM resource ID of the underlying compute. | -| `sku` | string | `''` | `[Basic, Enterprise, ]` | Specifies the sku, also referred as "edition". Required for creating a compute resource. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `tags` | object | `{object}` | | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | - - -### Parameter Usage: `properties` - -Properties for the compute resource to create. -Will be ignored in case a resource ID is provided. - -

- -Parameter JSON format - -```json -"properties": { - "value": { - // See https://docs.microsoft.com/en-us/azure/templates/microsoft.machinelearningservices/workspaces/computes?tabs=bicep#compute for the properties for the difference compute types - } -} -``` - -
- -
- -Bicep format - -```bicep -properties: { - // See https://docs.microsoft.com/en-us/azure/templates/microsoft.machinelearningservices/workspaces/computes?tabs=bicep#compute for the properties for the difference compute types -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the compute. | -| `resourceGroupName` | string | The resource group the compute was deployed into. | -| `resourceId` | string | The resource ID of the compute. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. Is null in case of attaching a compute resource, i.e. when you provide a resource ID. | diff --git a/modules/Microsoft.MachineLearningServices/workspaces/computes/version.json b/modules/Microsoft.MachineLearningServices/workspaces/computes/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/computes/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep deleted file mode 100644 index 2134953372..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ /dev/null @@ -1,308 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@sys.description('Required. The name of the machine learning workspace.') -param name string - -@sys.description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@sys.description('Required. Specifies the SKU, also referred as \'edition\' of the Azure Machine Learning workspace.') -@allowed([ - 'Basic' - 'Enterprise' -]) -param sku string - -@sys.description('Required. The resource ID of the associated Storage Account.') -param associatedStorageAccountResourceId string - -@sys.description('Required. The resource ID of the associated Key Vault.') -param associatedKeyVaultResourceId string - -@sys.description('Required. The resource ID of the associated Application Insights.') -param associatedApplicationInsightsResourceId string - -@sys.description('Optional. The resource ID of the associated Container Registry.') -param associatedContainerRegistryResourceId string = '' - -@sys.allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@sys.description('Optional. Specify the type of lock.') -param lock string = '' - -@sys.description('Optional. The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service.') -param hbiWorkspace bool = false - -@sys.description('Optional. The flag to indicate whether to allow public access when behind VNet.') -param allowPublicAccessWhenBehindVnet bool = false - -@sys.description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@sys.description('Optional. Configuration Details for private endpoints.') -param privateEndpoints array = [] - -@sys.description('Optional. Computes to create respectively attach to the workspace.') -param computes array = [] - -@sys.description('Optional. Resource tags.') -param tags object = {} - -@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -// Identity -@sys.description('Conditional. Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided.') -param systemAssignedIdentity bool = false - -@sys.description('Conditional. The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false.') -param userAssignedIdentities object = {} - -// Diagnostic Settings -@sys.description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@sys.description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@sys.description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@sys.description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@sys.description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@sys.description('Optional. The name of logs that will be streamed.') -@allowed([ - 'AmlComputeClusterEvent' - 'AmlComputeClusterNodeEvent' - 'AmlComputeJobEvent' - 'AmlComputeCpuGpuUtilization' - 'AmlRunStatusChangedEvent' -]) -param diagnosticLogCategoriesToEnable array = [ - 'AmlComputeClusterEvent' - 'AmlComputeClusterNodeEvent' - 'AmlComputeJobEvent' - 'AmlComputeCpuGpuUtilization' - 'AmlRunStatusChangedEvent' -] - -@sys.description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@sys.description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -@sys.description('Optional. The description of this workspace.') -param description string = '' - -@sys.description('Optional. URL for the discovery service to identify regional endpoints for machine learning experimentation services.') -param discoveryUrl string = '' - -@sys.description('Optional. The Resource ID of the user assigned identity that will be used to access the customer managed key vault.') -param encryptionIdentity string = '' - -@sys.description('Conditional. Key vault URI to access the encryption key. Required if an \'encryptionIdentity\' was provided.') -param encryptionKeyIdentifier string = '' - -@sys.description('Conditional. The ResourceID of the keyVault where the customer owned encryption key is present. Required if an \'encryptionIdentity\' was provided.') -param encryptionKeyVaultResourceId string = '' - -@sys.description('Optional. The compute name for image build.') -param imageBuildCompute string = '' - -@sys.description('Conditional. The user assigned identity resource id that represents the workspace identity. Required if \'userAssignedIdentities\' is not empty and may not be used if \'systemAssignedIdentity\' is enabled.') -param primaryUserAssignedIdentity string = '' - -@sys.description('Optional. Whether requests from Public Network are allowed.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param publicNetworkAccess string = 'Disabled' - -// ================// -// Variables // -// ================// -var enableReferencedModulesTelemetry = false - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : any(null) -} : any(null) - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -// ================// -// Deployments // -// ================// -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-07-01' = { - name: name - location: location - tags: tags - sku: { - name: sku - tier: sku - } - identity: identity - properties: { - friendlyName: name - storageAccount: associatedStorageAccountResourceId - keyVault: associatedKeyVaultResourceId - applicationInsights: associatedApplicationInsightsResourceId - containerRegistry: !empty(associatedContainerRegistryResourceId) ? associatedContainerRegistryResourceId : null - hbiWorkspace: hbiWorkspace - allowPublicAccessWhenBehindVnet: allowPublicAccessWhenBehindVnet - description: description - discoveryUrl: discoveryUrl - encryption: any({ - identity: !empty(encryptionIdentity) ? { - userAssignedIdentity: encryptionIdentity - } : null - keyVaultProperties: !empty(encryptionIdentity) ? { - keyIdentifier: encryptionKeyIdentifier - keyVaultArmId: encryptionKeyVaultResourceId - } : null - }) - imageBuildCompute: imageBuildCompute - primaryUserAssignedIdentity: primaryUserAssignedIdentity - publicNetworkAccess: publicNetworkAccess - } -} - -module workspace_computes 'computes/deploy.bicep' = [for compute in computes: { - name: '${workspace.name}-${compute.name}-compute' - params: { - machineLearningWorkspaceName: workspace.name - name: compute.name - location: compute.location - sku: contains(compute, 'sku') ? compute.sku : '' - systemAssignedIdentity: contains(compute, 'systemAssignedIdentity') ? compute.systemAssignedIdentity : false - userAssignedIdentities: contains(compute, 'userAssignedIdentities') ? compute.userAssignedIdentities : {} - tags: contains(compute, 'tags') ? compute.tags : {} - deployCompute: contains(compute, 'deployCompute') ? compute.deployCompute : true - computeLocation: contains(compute, 'computeLocation') ? compute.computeLocation : '' - description: contains(compute, 'description') ? compute.description : '' - disableLocalAuth: compute.disableLocalAuth - resourceId: contains(compute, 'resourceId') ? compute.resourceId : '' - computeType: compute.computeType - properties: contains(compute, 'properties') ? compute.properties : {} - } -}] - -resource workspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${workspace.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: workspace -} - -resource workspace_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: workspace -} - -module workspace_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-Workspace-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: workspace.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-MLWorkspace-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: workspace.id - } -}] - -// ================// -// Outputs // -// ================// - -@sys.description('The resource ID of the machine learning service.') -output resourceId string = workspace.id - -@sys.description('The resource group the machine learning service was deployed into.') -output resourceGroupName string = resourceGroup().name - -@sys.description('The name of the machine learning service.') -output name string = workspace.name - -@sys.description('The principal ID of the system assigned identity.') -output principalId string = (!empty(identity) && contains(identity.type, 'SystemAssigned')) ? workspace.identity.principalId : '' - -@sys.description('The location the resource was deployed into.') -output location string = workspace.location diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md deleted file mode 100644 index f329f56ca6..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md +++ /dev/null @@ -1,664 +0,0 @@ -# Machine Learning Workspaces `[Microsoft.MachineLearningServices/workspaces]` - -This module deploys a Machine Learning Services Workspace. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.MachineLearningServices/workspaces` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2021-07-01/workspaces) | -| `Microsoft.MachineLearningServices/workspaces/computes` | [2022-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2022-01-01-preview/workspaces/computes) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `associatedApplicationInsightsResourceId` | string | | The resource ID of the associated Application Insights. | -| `associatedKeyVaultResourceId` | string | | The resource ID of the associated Key Vault. | -| `associatedStorageAccountResourceId` | string | | The resource ID of the associated Storage Account. | -| `name` | string | | The name of the machine learning workspace. | -| `sku` | string | `[Basic, Enterprise]` | Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `encryptionKeyIdentifier` | string | `''` | Key vault URI to access the encryption key. Required if an 'encryptionIdentity' was provided. | -| `encryptionKeyVaultResourceId` | string | `''` | The ResourceID of the keyVault where the customer owned encryption key is present. Required if an 'encryptionIdentity' was provided. | -| `primaryUserAssignedIdentity` | string | `''` | The user assigned identity resource id that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. | -| `systemAssignedIdentity` | bool | `False` | Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowPublicAccessWhenBehindVnet` | bool | `False` | | The flag to indicate whether to allow public access when behind VNet. | -| `associatedContainerRegistryResourceId` | string | `''` | | The resource ID of the associated Container Registry. | -| `computes` | _[computes](computes/readme.md)_ array | `[]` | | Computes to create respectively attach to the workspace. | -| `description` | string | `''` | | The description of this workspace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeJobEvent, AmlComputeCpuGpuUtilization, AmlRunStatusChangedEvent]` | `[AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeJobEvent, AmlComputeCpuGpuUtilization, AmlRunStatusChangedEvent]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `discoveryUrl` | string | `''` | | URL for the discovery service to identify regional endpoints for machine learning experimentation services. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `encryptionIdentity` | string | `''` | | The Resource ID of the user assigned identity that will be used to access the customer managed key vault. | -| `hbiWorkspace` | bool | `False` | | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | -| `imageBuildCompute` | string | `''` | | The compute name for image build. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Enabled, Disabled]` | Whether requests from Public Network are allowed. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | - - -### Parameter Usage: `computes` - -Array to specify the compute resources to create respectively attach. -In case you provide a resource id, it will attach the resource and ignore "properties". In this case "computeLocation", "sku", "systemAssignedIdentity", "userAssignedIdentities" as well as "tags" don't need to be provided respectively are being ignored. -Attaching a compute is not idempotent and will fail in case you try to redeploy over an existing compute in AML. I.e. for the first run set "deploy" to true, and after successful deployment to false. -For more information see https://docs.microsoft.com/en-us/azure/templates/microsoft.machinelearningservices/workspaces/computes?tabs=bicep - -

- -Parameter JSON format - -```json -"computes": { - "value": [ - // Attach existing resources - { - "name": "DefaultAKS", - "location": "westeurope", - "description": "Default AKS Cluster", - "disableLocalAuth": false, - "deployCompute": true, - "computeType": "AKS", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ContainerService/managedClusters/xxx" - }, - // Create new compute resource - { - "name": "DefaultCPU", - "location": "westeurope", - "computeLocation": "westeurope", - "sku": "Basic", - "systemAssignedIdentity": true, - "userAssignedIdentities": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - }, - "description": "Default CPU Cluster", - "disableLocalAuth": false, - "computeType": "AmlCompute", - "properties": { - "enableNodePublicIp": true, - "isolatedNetwork": false, - "osType": "Linux", - "remoteLoginPortPublicAccess": "Disabled", - "scaleSettings": { - "maxNodeCount": 3, - "minNodeCount": 0, - "nodeIdleTimeBeforeScaleDown": "PT5M" - }, - "vmPriority": "Dedicated", - "vmSize": "STANDARD_DS11_V2" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -computes: [ - // Attach existing resources - { - name: 'DefaultAKS' - location: 'westeurope' - description: 'Default AKS Cluster' - disableLocalAuth: false - deployCompute: true - computeType: 'AKS' - resourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ContainerService/managedClusters/xxx' - } - // Create new compute resource - { - name: 'DefaultCPU' - location: 'westeurope' - computeLocation: 'westeurope' - sku: 'Basic' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - description: 'Default CPU Cluster' - disableLocalAuth: false - computeType: 'AmlCompute' - properties: { - enableNodePublicIp: true - isolatedNetwork: false - osType: 'Linux' - remoteLoginPortPublicAccess: 'Disabled' - scaleSettings: { - maxNodeCount: 3 - minNodeCount: 0 - nodeIdleTimeBeforeScaleDown: 'PT5M' - } - vmPriority: 'Dedicated' - vmSize: 'STANDARD_DS11_V2' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the machine learning service. | -| `principalId` | string | The principal ID of the system assigned identity. | -| `resourceGroupName` | string | The resource group the machine learning service was deployed into. | -| `resourceId` | string | The resource ID of the machine learning service. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-mls-min-001" - }, - "sku": { - "value": "Basic" - }, - "associatedStorageAccountResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "associatedKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "associatedApplicationInsightsResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "systemAssignedIdentity": { - "value": true - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-workspaces' - params: { - name: '<>-az-mls-min-001' - sku: 'Basic' - associatedStorageAccountResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - associatedKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001' - associatedApplicationInsightsResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001' - systemAssignedIdentity: true - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-mls-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": "Basic" - }, - "associatedStorageAccountResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "associatedKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "associatedApplicationInsightsResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "systemAssignedIdentity": { - "value": false // Must be false if `primaryUserAssignedIdentity` is provided - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "description": { - "value": "The cake is a lie." - }, - "discoveryUrl": { - "value": "http://example.com" - }, - "encryptionIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "encryptionKeyIdentifier": { - "value": "https://adp-carml-az-kv-nopr-002.vault.azure.net/keys/keyEncryptionKey/5263fcde203347baa7cda35d074073b2" // ID must be updated for new keys - }, - "encryptionKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-carml-az-kv-nopr-002" - }, - "imageBuildCompute": { - "value": "testcompute" - }, - "publicNetworkAccess": { - "value": "Enabled" - }, - "primaryUserAssignedIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "computes": { - "value": [ - { - "name": "DefaultCPU", - "location": "westeurope", - "computeLocation": "westeurope", - "sku": "Basic", - "systemAssignedIdentity": false, - "userAssignedIdentities": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - }, - "description": "Default CPU Cluster", - "disableLocalAuth": false, - "computeType": "AmlCompute", - "properties": { - "enableNodePublicIp": true, - "isolatedNetwork": false, - "osType": "Linux", - "remoteLoginPortPublicAccess": "Disabled", - "scaleSettings": { - "maxNodeCount": 3, - "minNodeCount": 0, - "nodeIdleTimeBeforeScaleDown": "PT5M" - }, - "vmPriority": "Dedicated", - "vmSize": "STANDARD_DS11_V2" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "amlworkspace" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module workspaces './Microsoft.MachineLearningServices/workspaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-workspaces' - params: { - name: '<>-az-mls-x-001' - lock: 'CanNotDelete' - sku: 'Basic' - associatedStorageAccountResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - associatedKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001' - associatedApplicationInsightsResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001' - systemAssignedIdentity: false - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - description: 'The cake is a lie.' - discoveryUrl: 'http://example.com' - encryptionIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - encryptionKeyIdentifier: 'https://adp-carml-az-kv-nopr-002.vault.azure.net/keys/keyEncryptionKey/5263fcde203347baa7cda35d074073b2' - encryptionKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-carml-az-kv-nopr-002' - imageBuildCompute: 'testcompute' - publicNetworkAccess: 'Enabled' - primaryUserAssignedIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - computes: [ - { - name: 'DefaultCPU' - location: 'westeurope' - computeLocation: 'westeurope' - sku: 'Basic' - systemAssignedIdentity: false - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - description: 'Default CPU Cluster' - disableLocalAuth: false - computeType: 'AmlCompute' - properties: { - enableNodePublicIp: true - isolatedNetwork: false - osType: 'Linux' - remoteLoginPortPublicAccess: 'Disabled' - scaleSettings: { - maxNodeCount: 3 - minNodeCount: 0 - nodeIdleTimeBeforeScaleDown: 'PT5M' - } - vmPriority: 'Dedicated' - vmSize: 'STANDARD_DS11_V2' - } - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'amlworkspace' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.MachineLearningServices/workspaces/version.json b/modules/Microsoft.MachineLearningServices/workspaces/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.MachineLearningServices/workspaces/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 85fdd4d9ab..0000000000 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Managed Identity Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59') - 'Managed Identity Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(userMsi.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: userMsi -}] diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json deleted file mode 100644 index d76c001bb1..0000000000 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.deploymentTests/parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-msi-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep deleted file mode 100644 index 6b15bd61ad..0000000000 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ /dev/null @@ -1,75 +0,0 @@ -@description('Optional. Name of the User Assigned Identity.') -param name string = guid(resourceGroup().id) - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { - name: name - location: location - tags: tags -} - -resource userMsi_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${userMsi.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: userMsi -} - -module userMsi_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-UserMSI-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: userMsi.id - } -}] - -@description('The name of the user assigned identity.') -output name string = userMsi.name - -@description('The resource ID of the user assigned identity.') -output resourceId string = userMsi.id - -@description('The principal ID of the user assigned identity.') -output principalId string = userMsi.properties.principalId - -@description('The resource group the user assigned identity was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = userMsi.location diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md deleted file mode 100644 index 3331846f2e..0000000000 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md +++ /dev/null @@ -1,201 +0,0 @@ -# User Assigned Identities `[Microsoft.ManagedIdentity/userAssignedIdentities]` - -This module deploys a user assigned identity. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.ManagedIdentity/userAssignedIdentities` | [2018-11-30](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[guid(resourceGroup().id)]` | | Name of the User Assigned Identity. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the user assigned identity. | -| `principalId` | string | The principal ID of the user assigned identity. | -| `resourceGroupName` | string | The resource group the user assigned identity was deployed into. | -| `resourceId` | string | The resource ID of the user assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-msi-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module userAssignedIdentities './Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-userAssignedIdentities' - params: { - name: '<>-az-msi-x-001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep b/modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep deleted file mode 100644 index 7bfca49e97..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/.bicep/nested_registrationAssignment.bicep +++ /dev/null @@ -1,15 +0,0 @@ -param registrationDefinitionId string -param registrationAssignmentId string - -resource registrationAssignment 'Microsoft.ManagedServices/registrationAssignments@2019-09-01' = { - name: registrationAssignmentId - properties: { - registrationDefinitionId: registrationDefinitionId - } -} - -@description('The name of the registration assignment') -output name string = registrationAssignment.name - -@description('The resource ID of the registration assignment') -output resourceId string = registrationAssignment.id diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json deleted file mode 100644 index 8fc6fc1cc9..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/parameters.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Component Validation - Subscription assignment" - }, - "registrationDescription": { - "value": "Managed by Lighthouse" - }, - "managedByTenantId": { - "value": "195ee85d-2f10-4764-8352-a3c99aa772fb" - }, - "authorizations": { - "value": [ - { - "principalId": "e87a249c-b53b-4685-94fe-863af522e4ee", - "principalIdDisplayName": "ResourceModules-Reader", - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - { - "principalId": "e2f126a7-136e-443f-b39f-f73ddfd146b1", - "principalIdDisplayName": "ResourceModules-Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "87813317-fb25-4c76-91fe-783af429d109", - "principalIdDisplayName": "ResourceModules-LHManagement", - "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46" - } - ] - } - } -} diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json b/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json deleted file mode 100644 index 5e21414369..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/.deploymentTests/rg.parameters.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Component Validation - Resource group assignment" - }, - "registrationDescription": { - "value": "Managed by Lighthouse" - }, - "managedByTenantId": { - "value": "195ee85d-2f10-4764-8352-a3c99aa772fb" - }, - "resourceGroupName": { - "value": "validation-rg" - }, - "authorizations": { - "value": [ - { - "principalId": "e87a249c-b53b-4685-94fe-863af522e4ee", - "principalIdDisplayName": "ResourceModules-Reader", - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - { - "principalId": "e2f126a7-136e-443f-b39f-f73ddfd146b1", - "principalIdDisplayName": "ResourceModules-Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "87813317-fb25-4c76-91fe-783af429d109", - "principalIdDisplayName": "ResourceModules-LHManagement", - "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46" - } - ] - } - } -} diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep b/modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep deleted file mode 100644 index 8dad5ff883..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/deploy.bicep +++ /dev/null @@ -1,75 +0,0 @@ -targetScope = 'subscription' - -@description('Required. Specify a unique name for your offer/registration. i.e \' - - \'.') -param name string - -@description('Required. Description of the offer/registration. i.e. \'Managed by \'.') -param registrationDescription string - -@description('Required. Specify the tenant ID of the tenant which homes the principals you are delegating permissions to.') -param managedByTenantId string - -@description('Required. Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider\'s Active Directory and the principalIdDisplayName is visible to customers.') -param authorizations array - -@description('Optional. Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription.') -param resourceGroupName string = '' - -@description('Optional. Location deployment metadata.') -param location string = deployment().location - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var registrationId = empty(resourceGroupName) ? guid(managedByTenantId, subscription().tenantId, subscription().subscriptionId) : guid(managedByTenantId, subscription().tenantId, subscription().subscriptionId, resourceGroupName) - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource registrationDefinition 'Microsoft.ManagedServices/registrationDefinitions@2019-09-01' = { - name: registrationId - properties: { - registrationDefinitionName: name - description: registrationDescription - managedByTenantId: managedByTenantId - authorizations: authorizations - } -} - -resource registrationAssignment_sub 'Microsoft.ManagedServices/registrationAssignments@2019-09-01' = if (empty(resourceGroupName)) { - name: registrationId - properties: { - registrationDefinitionId: registrationDefinition.id - } -} - -module registrationAssignment_rg '.bicep/nested_registrationAssignment.bicep' = if (!empty(resourceGroupName)) { - name: '${uniqueString(deployment().name)}-RegDef-RegAssignment' - scope: resourceGroup(resourceGroupName) - params: { - registrationDefinitionId: registrationDefinition.id - registrationAssignmentId: registrationId - } -} - -@description('The name of the registration definition.') -output name string = registrationDefinition.name - -@description('The resource ID of the registration definition.') -output resourceId string = registrationDefinition.id - -@description('The subscription the registration definition was deployed into.') -output subscriptionName string = subscription().displayName - -@description('The registration assignment resource ID.') -output assignmentResourceId string = empty(resourceGroupName) ? registrationAssignment_sub.id : registrationAssignment_rg.outputs.resourceId diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/readme.md b/modules/Microsoft.ManagedServices/registrationDefinitions/readme.md deleted file mode 100644 index 7b3c262e66..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/readme.md +++ /dev/null @@ -1,330 +0,0 @@ -# Registration Definitions `[Microsoft.ManagedServices/registrationDefinitions]` - -This module deploys `registrationDefinitions` and `registrationAssignments` (often referred to as 'Lighthouse' or 'resource delegation') -on subscription or resource group scopes. This type of delegation is very similar to role assignments but here the principal that is -assigned a role is in a remote/managing Azure Active Directory tenant. The templates are run towards the tenant where -the Azure resources you want to delegate access to are, providing 'authorizations' (aka. access delegation) to principals in a -remote/managing tenant. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Considerations](#Considerations) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ManagedServices/registrationAssignments` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationAssignments) | -| `Microsoft.ManagedServices/registrationDefinitions` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationDefinitions) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `authorizations` | array | Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | -| `managedByTenantId` | string | Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | -| `name` | string | Specify a unique name for your offer/registration. i.e ' - - '. | -| `registrationDescription` | string | Description of the offer/registration. i.e. 'Managed by '. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `resourceGroupName` | string | `''` | Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. | - - -### Parameter Usage: `authorizations` - -| Parameter Name | Type | Default Value | Possible values | Description | -| :----------------------- | :----- | :------------ | :-------------- | :------------------------------------------------------------------------------------------ | -| `principalId` | string | | GUID | Required. The object ID of the principal in the managing tenant to delegate permissions to. | -| `principalIdDisplayName` | string | `principalId` | | Optional. A display name of the principal that is delegated permissions to. | -| `roleDefinitionId` | string | | GUID | Required. The role definition ID to delegate to the principal in the managing tenant. | - -

- -Parameter JSON format - -```json -"authorizations": { - "value": [ - // Delegates 'Reader' to a group in managing tenant (managedByTenantId) - { - "principalId": "9d949eef-00d5-45d9-8586-56be91a13398", - "principalIdDisplayName": "Reader-Group", - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - // Delegates 'Contributor' to a group in managing tenant (managedByTenantId) - { - "principalId": "06eb144f-1a10-4935-881b-757efd1d0b58", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - // Delegates 'Managed Services Registration assignment Delete Role' to a group in managing tenant (managedByTenantId) - { - "principalId": "9cd792b0-dc7c-4551-84f8-dd87388030fb", - "principalIdDisplayName": "LighthouseManagement-Group", - "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -authorizations: [ - // Delegates 'Reader' to a group in managing tenant (managedByTenantId) - { - principalId: '9d949eef-00d5-45d9-8586-56be91a13398' - principalIdDisplayName: 'Reader-Group' - roleDefinitionId: 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - } - // Delegates 'Contributor' to a group in managing tenant (managedByTenantId) - { - principalId: '06eb144f-1a10-4935-881b-757efd1d0b58' - roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - // Delegates 'Managed Services Registration assignment Delete Role' to a group in managing tenant (managedByTenantId) - { - principalId: '9cd792b0-dc7c-4551-84f8-dd87388030fb' - principalIdDisplayName: 'LighthouseManagement-Group' - roleDefinitionId: '91c1777a-f3dc-4fae-b103-61d183457e46' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `assignmentResourceId` | string | The registration assignment resource ID. | -| `name` | string | The name of the registration definition. | -| `resourceId` | string | The resource ID of the registration definition. | -| `subscriptionName` | string | The subscription the registration definition was deployed into. | - -## Considerations - -This module can be deployed both at subscription and resource group level: - -- To deploy the module at resource group level, provide a valid name of an existing Resource Group in the `resourceGroupName` parameter. -- To deploy the module at the subscription level, leave the `resourceGroupName` parameter empty. - -### Permissions required to create delegations - -This deployment must be done by a non-guest account in the customer's tenant which has a role with the `Microsoft.Authorization/roleAssignments/write` permission, -such as [`Owner`](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner) for the subscription being onboarded (or which contains the resource groups that are being onboarded). - -If the subscription was created through the Cloud Solution Provider (CSP) program, any user who has the AdminAgent role in your service provider tenant can perform the deployment. - -**More info on this topic:** - - -### Permissions required to remove delegations - -#### From customer side - -Users in the customer's tenant who have a role with the `Microsoft.Authorization/roleAssignments/write` permission, such as -[`Owner`](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner) can remove service provider -access to that subscription (or to resource groups in that subscription). To do so, the user can go to the Service providers -page of the Azure portal and delete the delegation. - -#### From managing tenant side - -Users in a managing tenant can remove access to delegated resources if they were granted the -[`Managed Services Registration Assignment Delete Role`](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#managed-services-registration-assignment-delete-role) -for the customer's resources. If this role was not assigned to any service provider users, the delegation can **only** be -removed by a user in the customer's tenant. - -**More info on this topic:** - - -### Limitations with Lighthouse and resource delegation - -There are a couple of limitations that you should be aware of with Lighthouse: - -- Only allows resource delegation within Azure Resource Manager. Excludes Azure Active Directory, Microsoft 365 and Dynamics 365. -- Only supports delegation of control plane permissions. Excludes data plane access. -- Only supports subscription and resource group scopes. Excludes tenant and management group delegations. -- Only supports built-in roles, with the exception of `Owner`. Excludes the use of custom roles. - -**More info on this topic:** - - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Component Validation - Subscription assignment" - }, - "registrationDescription": { - "value": "Managed by Lighthouse" - }, - "managedByTenantId": { - "value": "195ee85d-2f10-4764-8352-a3c99aa772fb" - }, - "authorizations": { - "value": [ - { - "principalId": "e87a249c-b53b-4685-94fe-863af522e4ee", - "principalIdDisplayName": "ResourceModules-Reader", - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - { - "principalId": "e2f126a7-136e-443f-b39f-f73ddfd146b1", - "principalIdDisplayName": "ResourceModules-Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "87813317-fb25-4c76-91fe-783af429d109", - "principalIdDisplayName": "ResourceModules-LHManagement", - "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module registrationDefinitions './Microsoft.ManagedServices/registrationDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-registrationDefinitions' - params: { - name: 'Component Validation - Subscription assignment' - registrationDescription: 'Managed by Lighthouse' - managedByTenantId: '195ee85d-2f10-4764-8352-a3c99aa772fb' - authorizations: [ - { - principalId: 'e87a249c-b53b-4685-94fe-863af522e4ee' - principalIdDisplayName: 'ResourceModules-Reader' - roleDefinitionId: 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - } - { - principalId: 'e2f126a7-136e-443f-b39f-f73ddfd146b1' - principalIdDisplayName: 'ResourceModules-Contributor' - roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '87813317-fb25-4c76-91fe-783af429d109' - principalIdDisplayName: 'ResourceModules-LHManagement' - roleDefinitionId: '91c1777a-f3dc-4fae-b103-61d183457e46' - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Component Validation - Resource group assignment" - }, - "registrationDescription": { - "value": "Managed by Lighthouse" - }, - "managedByTenantId": { - "value": "195ee85d-2f10-4764-8352-a3c99aa772fb" - }, - "resourceGroupName": { - "value": "validation-rg" - }, - "authorizations": { - "value": [ - { - "principalId": "e87a249c-b53b-4685-94fe-863af522e4ee", - "principalIdDisplayName": "ResourceModules-Reader", - "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7" - }, - { - "principalId": "e2f126a7-136e-443f-b39f-f73ddfd146b1", - "principalIdDisplayName": "ResourceModules-Contributor", - "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "87813317-fb25-4c76-91fe-783af429d109", - "principalIdDisplayName": "ResourceModules-LHManagement", - "roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module registrationDefinitions './Microsoft.ManagedServices/registrationDefinitions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-registrationDefinitions' - params: { - name: 'Component Validation - Resource group assignment' - registrationDescription: 'Managed by Lighthouse' - managedByTenantId: '195ee85d-2f10-4764-8352-a3c99aa772fb' - resourceGroupName: 'validation-rg' - authorizations: [ - { - principalId: 'e87a249c-b53b-4685-94fe-863af522e4ee' - principalIdDisplayName: 'ResourceModules-Reader' - roleDefinitionId: 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - } - { - principalId: 'e2f126a7-136e-443f-b39f-f73ddfd146b1' - principalIdDisplayName: 'ResourceModules-Contributor' - roleDefinitionId: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '87813317-fb25-4c76-91fe-783af429d109' - principalIdDisplayName: 'ResourceModules-LHManagement' - roleDefinitionId: '91c1777a-f3dc-4fae-b103-61d183457e46' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.ManagedServices/registrationDefinitions/version.json b/modules/Microsoft.ManagedServices/registrationDefinitions/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ManagedServices/registrationDefinitions/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json b/modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json deleted file mode 100644 index 21e2524a5f..0000000000 --- a/modules/Microsoft.Management/managementGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "testMG" - }, - "displayName": { - "value": "Test MG" - }, - "parentId": { - "value": "<>" - } - } -} diff --git a/modules/Microsoft.Management/managementGroups/deploy.bicep b/modules/Microsoft.Management/managementGroups/deploy.bicep deleted file mode 100644 index 932752c182..0000000000 --- a/modules/Microsoft.Management/managementGroups/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -targetScope = 'managementGroup' - -@description('Required. The group ID of the Management group.') -param name string - -@description('Optional. The friendly name of the management group. If no value is passed then this field will be set to the group ID.') -param displayName string = '' - -@description('Optional. The management group parent ID. Defaults to current scope.') -param parentId string = '' - -@sys.description('Optional. Location deployment metadata.') -param location string = deployment().location - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managementGroup 'Microsoft.Management/managementGroups@2021-04-01' = { - name: name - scope: tenant() - properties: { - displayName: displayName - details: !empty(parentId) ? { - parent: { - id: '/providers/Microsoft.Management/managementGroups/${parentId}' - } - } : null - } -} - -@description('The name of the management group.') -output name string = managementGroup.name - -@description('The resource ID of the management group.') -output resourceId string = managementGroup.id diff --git a/modules/Microsoft.Management/managementGroups/readme.md b/modules/Microsoft.Management/managementGroups/readme.md deleted file mode 100644 index 8af733d99c..0000000000 --- a/modules/Microsoft.Management/managementGroups/readme.md +++ /dev/null @@ -1,168 +0,0 @@ -# Management Groups `[Microsoft.Management/managementGroups]` - -This template will prepare the management group structure based on the provided parameter. - -This module has some known **limitations**: - -- It's not possible to change the display name of the root management group (the one that has the tenant GUID as ID) -- It can't manage the Root (/) management group - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Considerations](#Considerations) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Management/managementGroups` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The group ID of the Management group. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `displayName` | string | `''` | The friendly name of the management group. If no value is passed then this field will be set to the group ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `parentId` | string | `''` | The management group parent ID. Defaults to current scope. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the management group. | -| `resourceId` | string | The resource ID of the management group. | - -## Considerations - -This template is using a **Tenant level deployment**, meaning the user/principal deploying it needs to have the [proper access](https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-to-tenant#required-access) - -If owner access is excessive, the following rights roles will grant enough rights: - -- **Automation Job Operator** at **tenant** level (scope '/') -- **Management Group Contributor** at the top management group that needs to be managed - -Consider using the following script: - -```powershell -$PrincipalID = "" -$TopMGID = "" -New-AzRoleAssignment -ObjectId $PrincipalID -Scope "/" -RoleDefinitionName "Automation Job Operator" -New-AzRoleAssignment -ObjectId $PrincipalID -Scope "/providers/Microsoft.Management/managementGroups/$TopMGID" -RoleDefinitionName "Management Group Contributor" -``` - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "testMG" - }, - "displayName": { - "value": "Test MG" - }, - "parentId": { - "value": "<>" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module managementGroups './Microsoft.Management/managementGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-managementGroups' - params: { - name: 'testMG' - displayName: 'Test MG' - parentId: '<>' - } -} -``` - -
-

diff --git a/modules/Microsoft.Management/managementGroups/version.json b/modules/Microsoft.Management/managementGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Management/managementGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 20782d86b7..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(netAppAccount.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: netAppAccount -}] diff --git a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json deleted file mode 100644 index 029d5ebc09..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-min-001" - } - } -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json deleted file mode 100644 index 8718b5fdab..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs3.parameters.json +++ /dev/null @@ -1,99 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-nfs3-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "capacityPools": { - "value": [ - { - "name": "<>-az-anfcp-x-001", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [ - { - "name": "anf3-vol01-nfsv3", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv3" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": true, - "nfsv41": false, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "anf3-vol02-nfsv3", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv3" - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "<>-az-anfcp-x-002", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - } - } -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json b/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json deleted file mode 100644 index 2f961c1442..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/.deploymentTests/nfs41.parameters.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-nfs41-001" - }, - "capacityPools": { - "value": [ - { - "name": "<>-az-anfcp-x-001", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [ - { - "name": "anf4-vol01-nfsv41", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv4.1" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": false, - "nfsv41": true, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "anf4-vol02-nfsv41", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv4.1" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": false, - "nfsv41": true, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "<>-az-anfcp-x-002", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - } - } -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 9ef2d1f9f0..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2021-04-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(capacityPool.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: capacityPool -}] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep deleted file mode 100644 index 53a5c5e865..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep +++ /dev/null @@ -1,115 +0,0 @@ -@description('Conditional. The name of the parent NetApp account. Required if the template is used in a standalone deployment.') -param netAppAccountName string - -@description('Required. The name of the capacity pool.') -param name string - -@description('Optional. Location of the pool volume.') -param location string = resourceGroup().location - -@description('Optional. Tags for all resources.') -param tags object = {} - -@description('Optional. The pool service level.') -@allowed([ - 'Premium' - 'Standard' - 'StandardZRS' - 'Ultra' -]) -param serviceLevel string = 'Standard' - -@description('Required. Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104).') -param size int - -@description('Optional. The qos type of the pool.') -@allowed([ - 'Auto' - 'Manual' -]) -param qosType string = 'Auto' - -@description('Optional. List of volumnes to create in the capacity pool.') -param volumes array = [] - -@description('Optional. If enabled (true) the pool can contain cool Access enabled volumes.') -param coolAccess bool = false - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' existing = { - name: netAppAccountName -} - -resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2021-06-01' = { - name: name - parent: netAppAccount - location: location - tags: tags - properties: { - serviceLevel: serviceLevel - size: size - qosType: qosType - coolAccess: coolAccess - } -} - -@batchSize(1) -module capacityPool_volumes 'volumes/deploy.bicep' = [for (volume, index) in volumes: { - name: '${deployment().name}-Vol-${index}' - params: { - netAppAccountName: netAppAccount.name - capacityPoolName: capacityPool.name - name: volume.name - location: location - serviceLevel: serviceLevel - creationToken: contains(volume, 'creationToken') ? volume.creationToken : volume.name - usageThreshold: volume.usageThreshold - protocolTypes: contains(volume, 'protocolTypes') ? volume.protocolTypes : [] - subnetResourceId: volume.subnetResourceId - exportPolicyRules: contains(volume, 'exportPolicyRules') ? volume.exportPolicyRules : [] - roleAssignments: contains(volume, 'roleAssignments') ? volume.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module capacityPool_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: capacityPool.id - } -}] - -@description('The name of the Capacity Pool.') -output name string = capacityPool.name - -@description('The resource ID of the Capacity Pool.') -output resourceId string = capacityPool.id - -@description('The name of the Resource Group the Capacity Pool was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = capacityPool.location diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md deleted file mode 100644 index 5786bcc9fb..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md +++ /dev/null @@ -1,152 +0,0 @@ -# Azure NetApp Files Capacity Pools `[Microsoft.NetApp/netAppAccounts/capacityPools]` - -This template deploys capacity pools in an Azure NetApp Files. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the capacity pool. | -| `size` | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `coolAccess` | bool | `False` | | If enabled (true) the pool can contain cool Access enabled volumes. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `qosType` | string | `'Auto'` | `[Auto, Manual]` | The qos type of the pool. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. | -| `tags` | object | `{object}` | | Tags for all resources. | -| `volumes` | _[volumes](volumes/readme.md)_ array | `[]` | | List of volumnes to create in the capacity pool. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Capacity Pool. | -| `resourceGroupName` | string | The name of the Resource Group the Capacity Pool was created in. | -| `resourceId` | string | The resource ID of the Capacity Pool. | diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index fc4003f377..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-04-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(volume.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: volume -}] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep deleted file mode 100644 index a4a39895dd..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep +++ /dev/null @@ -1,100 +0,0 @@ -@description('Conditional. The name of the parent NetApp account. Required if the template is used in a standalone deployment.') -param netAppAccountName string - -@description('Conditional. The name of the parent capacity pool. Required if the template is used in a standalone deployment.') -param capacityPoolName string - -@description('Required. The name of the pool volume.') -param name string - -@description('Optional. Location of the pool volume.') -param location string = resourceGroup().location - -@description('Optional. The pool service level. Must match the one of the parent capacity pool.') -@allowed([ - 'Premium' - 'Standard' - 'StandardZRS' - 'Ultra' -]) -param serviceLevel string = 'Standard' - -@description('Optional. A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription.') -param creationToken string = name - -@description('Required. Maximum storage quota allowed for a file system in bytes.') -param usageThreshold int - -@description('Optional. Set of protocol types.') -param protocolTypes array = [] - -@description('Required. The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes.') -param subnetResourceId string - -@description('Optional. Export policy rules.') -param exportPolicyRules array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' existing = { - name: netAppAccountName - - resource capacityPool 'capacityPools@2021-06-01' existing = { - name: capacityPoolName - } -} - -resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-06-01' = { - name: name - parent: netAppAccount::capacityPool - location: location - properties: { - serviceLevel: serviceLevel - creationToken: creationToken - usageThreshold: usageThreshold - protocolTypes: protocolTypes - subnetId: subnetResourceId - exportPolicy: !empty(exportPolicyRules) ? { - rules: exportPolicyRules - } : null - } -} - -module volume_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: volume.id - } -}] - -@description('The name of the Volume.') -output name string = volume.name - -@description('The Resource ID of the Volume.') -output resourceId string = volume.id - -@description('The name of the Resource Group the Volume was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = volume.location diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md deleted file mode 100644 index b3dc491f74..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md +++ /dev/null @@ -1,111 +0,0 @@ -# Azure NetApp Files Capacity Pool Volumes `[Microsoft.NetApp/netAppAccounts/capacityPools/volumes]` - -This template deploys volumes in a capacity pool of an Azure NetApp files. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the pool volume. | -| `subnetResourceId` | string | The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. | -| `usageThreshold` | int | Maximum storage quota allowed for a file system in bytes. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `capacityPoolName` | string | The name of the parent capacity pool. Required if the template is used in a standalone deployment. | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `creationToken` | string | `[parameters('name')]` | | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `exportPolicyRules` | array | `[]` | | Export policy rules. | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `protocolTypes` | array | `[]` | | Set of protocol types. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. Must match the one of the parent capacity pool. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Volume. | -| `resourceGroupName` | string | The name of the Resource Group the Volume was created in. | -| `resourceId` | string | The Resource ID of the Volume. | diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep deleted file mode 100644 index b4fbeef426..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ /dev/null @@ -1,126 +0,0 @@ -@description('Required. The name of the NetApp account.') -param name string - -@description('Optional. Fully Qualified Active Directory DNS Domain Name (e.g. \'contoso.com\').') -param domainName string = '' - -@description('Optional. Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain.') -param domainJoinUser string = '' - -@description('Optional. Required if domainName is specified. Password of the user specified in domainJoinUser parameter.') -@secure() -param domainJoinPassword string = '' - -@description('Optional. Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. \'OU=SecondLevel,OU=FirstLevel\').') -param domainJoinOU string = '' - -@description('Optional. Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed.') -param dnsServers string = '' - -@description('Optional. Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes.') -param smbServerNamePrefix string = '' - -@description('Optional. Capacity pools to create.') -param capacityPools array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags for all resources.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -var activeDirectoryConnectionProperties = [ - { - username: !empty(domainName) ? domainJoinUser : null - password: !empty(domainName) ? domainJoinPassword : null - domain: !empty(domainName) ? domainName : null - dns: !empty(domainName) ? dnsServers : null - smbServerName: !empty(domainName) ? smbServerNamePrefix : null - organizationalUnit: !empty(domainJoinOU) ? domainJoinOU : null - } -] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2021-04-01' = { - name: name - tags: tags - location: location - properties: { - activeDirectories: !empty(domainName) ? activeDirectoryConnectionProperties : null - } -} - -resource netAppAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${netAppAccount.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: netAppAccount -} - -module netAppAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ANFAccount-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: netAppAccount.id - } -}] - -module netAppAccount_capacityPools 'capacityPools/deploy.bicep' = [for (capacityPool, index) in capacityPools: { - name: '${uniqueString(deployment().name, location)}-ANFAccount-CapPool-${index}' - params: { - netAppAccountName: netAppAccount.name - name: capacityPool.name - location: location - size: capacityPool.size - serviceLevel: contains(capacityPool, 'serviceLevel') ? capacityPool.serviceLevel : 'Standard' - qosType: contains(capacityPool, 'qosType') ? capacityPool.qosType : 'Auto' - volumes: contains(capacityPool, 'volumes') ? capacityPool.volumes : [] - coolAccess: contains(capacityPool, 'coolAccess') ? capacityPool.coolAccess : false - roleAssignments: contains(capacityPool, 'roleAssignments') ? capacityPool.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the NetApp account.') -output name string = netAppAccount.name - -@description('The Resource ID of the NetApp account.') -output resourceId string = netAppAccount.id - -@description('The name of the Resource Group the NetApp account was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = netAppAccount.location diff --git a/modules/Microsoft.NetApp/netAppAccounts/readme.md b/modules/Microsoft.NetApp/netAppAccounts/readme.md deleted file mode 100644 index 63d2cd3b74..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/readme.md +++ /dev/null @@ -1,623 +0,0 @@ -# Azure NetApp Files `[Microsoft.NetApp/netAppAccounts]` - -This template deploys Azure NetApp Files. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-04-01/netAppAccounts) | -| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the NetApp account. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacityPools` | _[capacityPools](capacityPools/readme.md)_ array | `[]` | | Capacity pools to create. | -| `dnsServers` | string | `''` | | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | -| `domainJoinOU` | string | `''` | | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | -| `domainJoinPassword` | secureString | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | -| `domainJoinUser` | string | `''` | | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | -| `domainName` | string | `''` | | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smbServerNamePrefix` | string | `''` | | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | -| `tags` | object | `{object}` | | Tags for all resources. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the NetApp account. | -| `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. | -| `resourceId` | string | The Resource ID of the NetApp account. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module netAppAccounts './Microsoft.NetApp/netAppAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-netAppAccounts' - params: { - name: '<>-az-anf-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-nfs3-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "capacityPools": { - "value": [ - { - "name": "<>-az-anfcp-x-001", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [ - { - "name": "anf3-vol01-nfsv3", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv3" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": true, - "nfsv41": false, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "anf3-vol02-nfsv3", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv3" - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "<>-az-anfcp-x-002", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module netAppAccounts './Microsoft.NetApp/netAppAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-netAppAccounts' - params: { - name: '<>-az-anf-nfs3-001' - lock: 'CanNotDelete' - capacityPools: [ - { - name: '<>-az-anfcp-x-001' - serviceLevel: 'Premium' - size: 4398046511104 - volumes: [ - { - name: 'anf3-vol01-nfsv3' - usageThreshold: 107374182400 - protocolTypes: [ - 'NFSv3' - ] - exportPolicyRules: [ - { - ruleIndex: 1 - unixReadOnly: false - unixReadWrite: true - nfsv3: true - nfsv41: false - allowedClients: '0.0.0.0/0' - } - ] - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: 'anf3-vol02-nfsv3' - usageThreshold: 107374182400 - protocolTypes: [ - 'NFSv3' - ] - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: '<>-az-anfcp-x-002' - serviceLevel: 'Premium' - size: 4398046511104 - volumes: [] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-anf-nfs41-001" - }, - "capacityPools": { - "value": [ - { - "name": "<>-az-anfcp-x-001", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [ - { - "name": "anf4-vol01-nfsv41", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv4.1" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": false, - "nfsv41": true, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "anf4-vol02-nfsv41", - "usageThreshold": 107374182400, - "protocolTypes": [ - "NFSv4.1" - ], - "exportPolicyRules": [ - { - "ruleIndex": 1, - "unixReadOnly": false, - "unixReadWrite": true, - "nfsv3": false, - "nfsv41": true, - "allowedClients": "0.0.0.0/0" - } - ], - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "<>-az-anfcp-x-002", - "serviceLevel": "Premium", - "size": 4398046511104, - "volumes": [], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module netAppAccounts './Microsoft.NetApp/netAppAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-netAppAccounts' - params: { - name: '<>-az-anf-nfs41-001' - capacityPools: [ - { - name: '<>-az-anfcp-x-001' - serviceLevel: 'Premium' - size: 4398046511104 - volumes: [ - { - name: 'anf4-vol01-nfsv41' - usageThreshold: 107374182400 - protocolTypes: [ - 'NFSv4.1' - ] - exportPolicyRules: [ - { - ruleIndex: 1 - unixReadOnly: false - unixReadWrite: true - nfsv3: false - nfsv41: true - allowedClients: '0.0.0.0/0' - } - ] - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: 'anf4-vol02-nfsv41' - usageThreshold: 107374182400 - protocolTypes: [ - 'NFSv4.1' - ] - exportPolicyRules: [ - { - ruleIndex: 1 - unixReadOnly: false - unixReadWrite: true - nfsv3: false - nfsv41: true - allowedClients: '0.0.0.0/0' - } - ] - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-004' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: '<>-az-anfcp-x-002' - serviceLevel: 'Premium' - size: 4398046511104 - volumes: [] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

diff --git a/modules/Microsoft.NetApp/netAppAccounts/version.json b/modules/Microsoft.NetApp/netAppAccounts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.NetApp/netAppAccounts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 2b47534cd3..0000000000 --- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,61 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource applicationGateway 'Microsoft.Network/applicationGateways@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(applicationGateway.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: applicationGateway -}] diff --git a/modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json b/modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json deleted file mode 100644 index f0a3b3a148..0000000000 --- a/modules/Microsoft.Network/applicationGateways/.deploymentTests/parameters.json +++ /dev/null @@ -1,367 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-apgw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "webApplicationFirewallConfiguration": { - "value": { - "enabled": true, - "firewallMode": "Detection", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - } - }, - "enableHttp2": { - "value": true - }, - "backendAddressPools": { - "value": [ - { - "name": "appServiceBackendPool", - "properties": { - "backendAddresses": [ - { - "fqdn": "aghapp.azurewebsites.net" - } - ] - } - }, - { - "name": "privateVmBackendPool", - "properties": { - "backendAddresses": [ - { - "ipAddress": "10.0.0.4" - } - ] - } - } - ] - }, - "backendHttpSettingsCollection": { - "value": [ - { - "name": "appServiceBackendHttpsSetting", - "properties": { - "port": 443, - "protocol": "Https", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": true, - "requestTimeout": 30 - } - }, - { - "name": "privateVmHttpSetting", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" - } - } - } - ] - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "private", - "properties": { - "privateIPAddress": "10.0.8.6", - "privateIPAllocationMethod": "Static", - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - }, - { - "name": "public", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" - } - } - } - ] - }, - "frontendPorts": { - "value": [ - { - "name": "port443", - "properties": { - "port": 443 - } - }, - { - "name": "port4433", - "properties": { - "port": 4433 - } - }, - { - "name": "port80", - "properties": { - "port": 80 - } - }, - { - "name": "port8080", - "properties": { - "port": 8080 - } - } - ] - }, - "httpListeners": { - "value": [ - { - "name": "public443", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "private4433", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect80", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect8080", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - } - ] - }, - "gatewayIPConfigurations": { - "value": [ - { - "name": "apw-ip-configuration", - "properties": { - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - } - ] - }, - "probes": { - "value": [ - { - "name": "privateVmHttpSettingProbe", - "properties": { - "protocol": "Http", - "host": "10.0.0.4", - "path": "/", - "interval": 60, - "timeout": 15, - "unhealthyThreshold": 5, - "pickHostNameFromBackendHttpSettings": false, - "minServers": 3, - "match": { - "statusCodes": [ - "200", - "401" - ] - } - } - } - ] - }, - "redirectConfigurations": { - "value": [ - { - "name": "httpRedirect80", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" - } - ] - } - }, - { - "name": "httpRedirect8080", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" - } - ] - } - } - ] - }, - "requestRoutingRules": { - "value": [ - { - "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" - } - } - }, - { - "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" - } - } - }, - { - "name": "httpRedirect80-public443", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" - } - } - }, - { - "name": "httpRedirect8080-private4433", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" - } - } - } - ] - }, - "sku": { - "value": "WAF_v2" - }, - "sslCertificates": { - "value": [ - { - "name": "<>-az-apgw-x-001-ssl-certificate", - "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep deleted file mode 100644 index 6d0c7056a3..0000000000 --- a/modules/Microsoft.Network/applicationGateways/deploy.bicep +++ /dev/null @@ -1,366 +0,0 @@ -@description('Required. Name of the Application Gateway.') -@maxLength(24) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Authentication certificates of the application gateway resource.') -param authenticationCertificates array = [] - -@description('Optional. Upper bound on number of Application Gateway capacity.') -param autoscaleMaxCapacity int = -1 - -@description('Optional. Lower bound on number of Application Gateway capacity.') -param autoscaleMinCapacity int = -1 - -@description('Optional. Backend address pool of the application gateway resource.') -param backendAddressPools array = [] - -@description('Optional. Backend http settings of the application gateway resource.') -param backendHttpSettingsCollection array = [] - -@description('Optional. Custom error configurations of the application gateway resource.') -param customErrorConfigurations array = [] - -@description('Optional. Whether FIPS is enabled on the application gateway resource.') -param enableFips bool = false - -@description('Optional. Whether HTTP2 is enabled on the application gateway resource.') -param enableHttp2 bool = false - -@description('Optional. The resource ID of an associated firewall policy.') -param firewallPolicyId string = '' - -@description('Optional. Frontend IP addresses of the application gateway resource.') -param frontendIPConfigurations array = [] - -@description('Optional. Frontend ports of the application gateway resource.') -param frontendPorts array = [] - -@description('Optional. Subnets of the application gateway resource.') -param gatewayIPConfigurations array = [] - -@description('Optional. Enable request buffering.') -param enableRequestBuffering bool = false - -@description('Optional. Enable response buffering.') -param enableResponseBuffering bool = false - -@description('Optional. Http listeners of the application gateway resource.') -param httpListeners array = [] - -@description('Optional. Load distribution policies of the application gateway resource.') -param loadDistributionPolicies array = [] - -@description('Optional. PrivateLink configurations on application gateway.') -param privateLinkConfigurations array = [] - -@description('Optional. Probes of the application gateway resource.') -param probes array = [] - -@description('Optional. Redirect configurations of the application gateway resource.') -param redirectConfigurations array = [] - -@description('Optional. Request routing rules of the application gateway resource.') -param requestRoutingRules array = [] - -@description('Optional. Rewrite rules for the application gateway resource. .') -param rewriteRuleSets array = [] - -@description('Optional. The name of the SKU for the Application Gateway.') -@allowed([ - 'Standard_Small' - 'Standard_Medium' - 'Standard_Large' - 'WAF_Medium' - 'WAF_Large' - 'Standard_v2' - 'WAF_v2' -]) -param sku string = 'WAF_Medium' - -@description('Optional. The number of Application instances to be configured.') -@minValue(1) -@maxValue(10) -param capacity int = 2 - -@description('Optional. SSL certificates of the application gateway resource.') -param sslCertificates array = [] - -@description('Optional. Ssl cipher suites to be enabled in the specified order to application gateway.') -@allowed([ - 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA' - 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA' - 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256' - 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA' - 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256' - 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA' - 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256' - 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA' - 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384' - 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA' - 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256' - 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256' - 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA' - 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384' - 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' - 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' - 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256' - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' - 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA' - 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384' - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' - 'TLS_RSA_WITH_3DES_EDE_CBC_SHA' - 'TLS_RSA_WITH_AES_128_CBC_SHA' - 'TLS_RSA_WITH_AES_128_CBC_SHA256' - 'TLS_RSA_WITH_AES_128_GCM_SHA256' - 'TLS_RSA_WITH_AES_256_CBC_SHA' - 'TLS_RSA_WITH_AES_256_CBC_SHA256' - 'TLS_RSA_WITH_AES_256_GCM_SHA384' -]) -param sslPolicyCipherSuites array = [ - 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' - 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' -] - -@description('Optional. Ssl protocol enums.') -@allowed([ - 'TLSv1_0' - 'TLSv1_1' - 'TLSv1_2' -]) -param sslPolicyMinProtocolVersion string = 'TLSv1_2' - -@description('Optional. Ssl predefined policy name enums.') -@allowed([ - 'AppGwSslPolicy20150501' - 'AppGwSslPolicy20170401' - 'AppGwSslPolicy20170401S' - '' -]) -param sslPolicyName string = '' - -@description('Optional. Type of Ssl Policy.') -@allowed([ - 'Custom' - 'Predefined' -]) -param sslPolicyType string = 'Custom' - -@description('Optional. SSL profiles of the application gateway resource.') -param sslProfiles array = [] - -@description('Optional. Trusted client certificates of the application gateway resource.') -param trustedClientCertificates array = [] - -@description('Optional. Trusted Root certificates of the application gateway resource.') -param trustedRootCertificates array = [] - -@description('Optional. URL path map of the application gateway resource.') -param urlPathMaps array = [] - -@description('Optional. Application gateway web application firewall configuration.') -param webApplicationFirewallConfiguration object = {} - -@description('Optional. A list of availability zones denoting where the resource needs to come from.') -param zones array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'ApplicationGatewayAccessLog' - 'ApplicationGatewayPerformanceLog' - 'ApplicationGatewayFirewallLog' -]) -param diagnosticLogCategoriesToEnable array = [ - 'ApplicationGatewayAccessLog' - 'ApplicationGatewayPerformanceLog' - 'ApplicationGatewayFirewallLog' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -var identityType = !empty(userAssignedIdentities) ? 'UserAssigned' : 'None' - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource applicationGateway 'Microsoft.Network/applicationGateways@2021-05-01' = { - name: name - location: location - tags: tags - identity: identity - properties: union({ - authenticationCertificates: authenticationCertificates - autoscaleConfiguration: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? { - maxCapacity: autoscaleMaxCapacity - minCapacity: autoscaleMinCapacity - } : null - backendAddressPools: backendAddressPools - backendHttpSettingsCollection: backendHttpSettingsCollection - customErrorConfigurations: customErrorConfigurations - enableHttp2: enableHttp2 - firewallPolicy: !empty(firewallPolicyId) ? { - id: firewallPolicyId - } : null - forceFirewallPolicyAssociation: !empty(firewallPolicyId) - frontendIPConfigurations: frontendIPConfigurations - frontendPorts: frontendPorts - gatewayIPConfigurations: gatewayIPConfigurations - globalConfiguration: { - enableRequestBuffering: enableRequestBuffering - enableResponseBuffering: enableResponseBuffering - } - httpListeners: httpListeners - loadDistributionPolicies: loadDistributionPolicies - privateLinkConfigurations: privateLinkConfigurations - probes: probes - redirectConfigurations: redirectConfigurations - requestRoutingRules: requestRoutingRules - rewriteRuleSets: rewriteRuleSets - sku: { - name: sku - tier: endsWith(sku, 'v2') ? sku : substring(sku, 0, indexOf(sku, '_')) - capacity: autoscaleMaxCapacity > 0 && autoscaleMinCapacity >= 0 ? null : capacity - } - sslCertificates: sslCertificates - sslPolicy: { - cipherSuites: sslPolicyCipherSuites - minProtocolVersion: sslPolicyMinProtocolVersion - policyName: empty(sslPolicyName) ? null : sslPolicyName - policyType: sslPolicyType - } - sslProfiles: sslProfiles - trustedClientCertificates: trustedClientCertificates - trustedRootCertificates: trustedRootCertificates - urlPathMaps: urlPathMaps - webApplicationFirewallConfiguration: webApplicationFirewallConfiguration - }, (enableFips ? { - enableFips: enableFips - } : {}), {}) - zones: zones -} - -resource applicationGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${applicationGateway.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: applicationGateway -} - -resource applicationGateway_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId - eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId - eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName - metrics: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsMetrics - logs: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsLogs - } - scope: applicationGateway -} - -module applicationGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: applicationGateway.id - } -}] - -@description('The name of the application gateway.') -output name string = applicationGateway.name - -@description('The resource ID of the application gateway.') -output resourceId string = applicationGateway.id - -@description('The resource group the application gateway was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = applicationGateway.location diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md deleted file mode 100644 index a3f3ddbb63..0000000000 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ /dev/null @@ -1,933 +0,0 @@ -# Network Application Gateways `[Microsoft.Network/applicationGateways]` - -This module deploys Network ApplicationGateways. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/applicationGateways` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/applicationGateways) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Gateway. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationCertificates` | array | `[]` | | Authentication certificates of the application gateway resource. | -| `autoscaleMaxCapacity` | int | `-1` | | Upper bound on number of Application Gateway capacity. | -| `autoscaleMinCapacity` | int | `-1` | | Lower bound on number of Application Gateway capacity. | -| `backendAddressPools` | array | `[]` | | Backend address pool of the application gateway resource. | -| `backendHttpSettingsCollection` | array | `[]` | | Backend http settings of the application gateway resource. | -| `capacity` | int | `2` | | The number of Application instances to be configured. | -| `customErrorConfigurations` | array | `[]` | | Custom error configurations of the application gateway resource. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableFips` | bool | `False` | | Whether FIPS is enabled on the application gateway resource. | -| `enableHttp2` | bool | `False` | | Whether HTTP2 is enabled on the application gateway resource. | -| `enableRequestBuffering` | bool | `False` | | Enable request buffering. | -| `enableResponseBuffering` | bool | `False` | | Enable response buffering. | -| `firewallPolicyId` | string | `''` | | The resource ID of an associated firewall policy. | -| `frontendIPConfigurations` | array | `[]` | | Frontend IP addresses of the application gateway resource. | -| `frontendPorts` | array | `[]` | | Frontend ports of the application gateway resource. | -| `gatewayIPConfigurations` | array | `[]` | | Subnets of the application gateway resource. | -| `httpListeners` | array | `[]` | | Http listeners of the application gateway resource. | -| `loadDistributionPolicies` | array | `[]` | | Load distribution policies of the application gateway resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateLinkConfigurations` | array | `[]` | | PrivateLink configurations on application gateway. | -| `probes` | array | `[]` | | Probes of the application gateway resource. | -| `redirectConfigurations` | array | `[]` | | Redirect configurations of the application gateway resource. | -| `requestRoutingRules` | array | `[]` | | Request routing rules of the application gateway resource. | -| `rewriteRuleSets` | array | `[]` | | Rewrite rules for the application gateway resource. . | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'WAF_Medium'` | `[Standard_Small, Standard_Medium, Standard_Large, WAF_Medium, WAF_Large, Standard_v2, WAF_v2]` | The name of the SKU for the Application Gateway. | -| `sslCertificates` | array | `[]` | | SSL certificates of the application gateway resource. | -| `sslPolicyCipherSuites` | array | `[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]` | `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` | Ssl cipher suites to be enabled in the specified order to application gateway. | -| `sslPolicyMinProtocolVersion` | string | `'TLSv1_2'` | `[TLSv1_0, TLSv1_1, TLSv1_2]` | Ssl protocol enums. | -| `sslPolicyName` | string | `''` | `[AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, ]` | Ssl predefined policy name enums. | -| `sslPolicyType` | string | `'Custom'` | `[Custom, Predefined]` | Type of Ssl Policy. | -| `sslProfiles` | array | `[]` | | SSL profiles of the application gateway resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `trustedClientCertificates` | array | `[]` | | Trusted client certificates of the application gateway resource. | -| `trustedRootCertificates` | array | `[]` | | Trusted Root certificates of the application gateway resource. | -| `urlPathMaps` | array | `[]` | | URL path map of the application gateway resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webApplicationFirewallConfiguration` | object | `{object}` | | Application gateway web application firewall configuration. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application gateway. | -| `resourceGroupName` | string | The resource group the application gateway was deployed into. | -| `resourceId` | string | The resource ID of the application gateway. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-apgw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "webApplicationFirewallConfiguration": { - "value": { - "enabled": true, - "firewallMode": "Detection", - "ruleSetType": "OWASP", - "ruleSetVersion": "3.0", - "disabledRuleGroups": [], - "requestBodyCheck": true, - "maxRequestBodySizeInKb": 128, - "fileUploadLimitInMb": 100 - } - }, - "enableHttp2": { - "value": true - }, - "backendAddressPools": { - "value": [ - { - "name": "appServiceBackendPool", - "properties": { - "backendAddresses": [ - { - "fqdn": "aghapp.azurewebsites.net" - } - ] - } - }, - { - "name": "privateVmBackendPool", - "properties": { - "backendAddresses": [ - { - "ipAddress": "10.0.0.4" - } - ] - } - } - ] - }, - "backendHttpSettingsCollection": { - "value": [ - { - "name": "appServiceBackendHttpsSetting", - "properties": { - "port": 443, - "protocol": "Https", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": true, - "requestTimeout": 30 - } - }, - { - "name": "privateVmHttpSetting", - "properties": { - "port": 80, - "protocol": "Http", - "cookieBasedAffinity": "Disabled", - "pickHostNameFromBackendAddress": false, - "requestTimeout": 30, - "probe": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe" - } - } - } - ] - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "private", - "properties": { - "privateIPAddress": "10.0.8.6", - "privateIPAllocationMethod": "Static", - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - }, - { - "name": "public", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw" - } - } - } - ] - }, - "frontendPorts": { - "value": [ - { - "name": "port443", - "properties": { - "port": 443 - } - }, - { - "name": "port4433", - "properties": { - "port": 4433 - } - }, - { - "name": "port80", - "properties": { - "port": 80 - } - }, - { - "name": "port8080", - "properties": { - "port": 8080 - } - } - ] - }, - "httpListeners": { - "value": [ - { - "name": "public443", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "private4433", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433" - }, - "sslCertificate": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate" - }, - "protocol": "https", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect80", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - }, - { - "name": "httpRedirect8080", - "properties": { - "frontendIPConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private" - }, - "frontendPort": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080" - }, - "protocol": "Http", - "hostNames": [], - "requireServerNameIndication": false - } - } - ] - }, - "gatewayIPConfigurations": { - "value": [ - { - "name": "apw-ip-configuration", - "properties": { - "subnet": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007" - } - } - } - ] - }, - "probes": { - "value": [ - { - "name": "privateVmHttpSettingProbe", - "properties": { - "protocol": "Http", - "host": "10.0.0.4", - "path": "/", - "interval": 60, - "timeout": 15, - "unhealthyThreshold": 5, - "pickHostNameFromBackendHttpSettings": false, - "minServers": 3, - "match": { - "statusCodes": [ - "200", - "401" - ] - } - } - } - ] - }, - "redirectConfigurations": { - "value": [ - { - "name": "httpRedirect80", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443" - } - ] - } - }, - { - "name": "httpRedirect8080", - "properties": { - "redirectType": "Permanent", - "targetListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "includePath": true, - "includeQueryString": true, - "requestRoutingRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433" - } - ] - } - } - ] - }, - "requestRoutingRules": { - "value": [ - { - "name": "public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting" - } - } - }, - { - "name": "private4433-privateVmHttpSetting-privateVmHttpSetting", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433" - }, - "backendAddressPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool" - }, - "backendHttpSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting" - } - } - }, - { - "name": "httpRedirect80-public443", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80" - } - } - }, - { - "name": "httpRedirect8080-private4433", - "properties": { - "ruleType": "Basic", - "httpListener": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080" - }, - "redirectConfiguration": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080" - } - } - } - ] - }, - "sku": { - "value": "WAF_v2" - }, - "sslCertificates": { - "value": [ - { - "name": "<>-az-apgw-x-001-ssl-certificate", - "properties": { - "keyVaultSecretId": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-applicationGateways' - params: { - name: '<>-az-apgw-x-001' - lock: 'CanNotDelete' - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - webApplicationFirewallConfiguration: { - enabled: true - firewallMode: 'Detection' - ruleSetType: 'OWASP' - ruleSetVersion: '3.0' - disabledRuleGroups: [] - requestBodyCheck: true - maxRequestBodySizeInKb: 128 - fileUploadLimitInMb: 100 - } - enableHttp2: true - backendAddressPools: [ - { - name: 'appServiceBackendPool' - properties: { - backendAddresses: [ - { - fqdn: 'aghapp.azurewebsites.net' - } - ] - } - } - { - name: 'privateVmBackendPool' - properties: { - backendAddresses: [ - { - ipAddress: '10.0.0.4' - } - ] - } - } - ] - backendHttpSettingsCollection: [ - { - name: 'appServiceBackendHttpsSetting' - properties: { - port: 443 - protocol: 'Https' - cookieBasedAffinity: 'Disabled' - pickHostNameFromBackendAddress: true - requestTimeout: 30 - } - } - { - name: 'privateVmHttpSetting' - properties: { - port: 80 - protocol: 'Http' - cookieBasedAffinity: 'Disabled' - pickHostNameFromBackendAddress: false - requestTimeout: 30 - probe: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/probes/privateVmHttpSettingProbe' - } - } - } - ] - frontendIPConfigurations: [ - { - name: 'private' - properties: { - privateIPAddress: '10.0.8.6' - privateIPAllocationMethod: 'Static' - subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' - } - } - } - { - name: 'public' - properties: { - privateIPAllocationMethod: 'Dynamic' - publicIPAddress: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-apgw' - } - } - } - ] - frontendPorts: [ - { - name: 'port443' - properties: { - port: 443 - } - } - { - name: 'port4433' - properties: { - port: 4433 - } - } - { - name: 'port80' - properties: { - port: 80 - } - } - { - name: 'port8080' - properties: { - port: 8080 - } - } - ] - httpListeners: [ - { - name: 'public443' - properties: { - frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' - } - frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port443' - } - sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' - } - protocol: 'https' - hostNames: [] - requireServerNameIndication: false - } - } - { - name: 'private4433' - properties: { - frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' - } - frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port4433' - } - sslCertificate: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/sslCertificates/<>-az-apgw-x-001-ssl-certificate' - } - protocol: 'https' - hostNames: [] - requireServerNameIndication: false - } - } - { - name: 'httpRedirect80' - properties: { - frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/public' - } - frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port80' - } - protocol: 'Http' - hostNames: [] - requireServerNameIndication: false - } - } - { - name: 'httpRedirect8080' - properties: { - frontendIPConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendIPConfigurations/private' - } - frontendPort: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/frontendPorts/port8080' - } - protocol: 'Http' - hostNames: [] - requireServerNameIndication: false - } - } - ] - gatewayIPConfigurations: [ - { - name: 'apw-ip-configuration' - properties: { - subnet: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-007' - } - } - } - ] - probes: [ - { - name: 'privateVmHttpSettingProbe' - properties: { - protocol: 'Http' - host: '10.0.0.4' - path: '/' - interval: 60 - timeout: 15 - unhealthyThreshold: 5 - pickHostNameFromBackendHttpSettings: false - minServers: 3 - match: { - statusCodes: [ - '200' - '401' - ] - } - } - } - ] - redirectConfigurations: [ - { - name: 'httpRedirect80' - properties: { - redirectType: 'Permanent' - targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' - } - includePath: true - includeQueryString: true - requestRoutingRules: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect80-public443' - } - ] - } - } - { - name: 'httpRedirect8080' - properties: { - redirectType: 'Permanent' - targetListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' - } - includePath: true - includeQueryString: true - requestRoutingRules: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/requestRoutingRules/httpRedirect8080-private4433' - } - ] - } - } - ] - requestRoutingRules: [ - { - name: 'public443-appServiceBackendHttpsSetting-appServiceBackendHttpsSetting' - properties: { - ruleType: 'Basic' - httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/public443' - } - backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/appServiceBackendPool' - } - backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/appServiceBackendHttpsSetting' - } - } - } - { - name: 'private4433-privateVmHttpSetting-privateVmHttpSetting' - properties: { - ruleType: 'Basic' - httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/private4433' - } - backendAddressPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendAddressPools/privateVmBackendPool' - } - backendHttpSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/backendHttpSettingsCollection/privateVmHttpSetting' - } - } - } - { - name: 'httpRedirect80-public443' - properties: { - ruleType: 'Basic' - httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect80' - } - redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect80' - } - } - } - { - name: 'httpRedirect8080-private4433' - properties: { - ruleType: 'Basic' - httpListener: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/httpListeners/httpRedirect8080' - } - redirectConfiguration: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationGateways/<>-az-apgw-x-001/redirectConfigurations/httpRedirect8080' - } - } - } - ] - sku: 'WAF_v2' - sslCertificates: [ - { - name: '<>-az-apgw-x-001-ssl-certificate' - properties: { - keyVaultSecretId: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/applicationGatewaySslCertificate' - } - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/applicationGateways/version.json b/modules/Microsoft.Network/applicationGateways/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/applicationGateways/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 3d8f643e52..0000000000 --- a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(applicationSecurityGroup.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: applicationSecurityGroup -}] diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json b/modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json deleted file mode 100644 index 8bfef178fc..0000000000 --- a/modules/Microsoft.Network/applicationSecurityGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-asg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep deleted file mode 100644 index ec5da87594..0000000000 --- a/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ /dev/null @@ -1,73 +0,0 @@ -@description('Required. Name of the Application Security Group.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2021-05-01' = { - name: name - location: location - tags: tags - properties: {} -} - -resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${applicationSecurityGroup.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: applicationSecurityGroup -} - -module applicationSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppSecurityGroup-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: applicationSecurityGroup.id - } -}] - -@description('The resource group the application security group was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the application security group.') -output resourceId string = applicationSecurityGroup.id - -@description('The name of the application security group.') -output name string = applicationSecurityGroup.name - -@description('The location the resource was deployed into.') -output location string = applicationSecurityGroup.location diff --git a/modules/Microsoft.Network/applicationSecurityGroups/readme.md b/modules/Microsoft.Network/applicationSecurityGroups/readme.md deleted file mode 100644 index 045a885b8a..0000000000 --- a/modules/Microsoft.Network/applicationSecurityGroups/readme.md +++ /dev/null @@ -1,204 +0,0 @@ -# Application Security Groups `[Microsoft.Network/applicationSecurityGroups]` - -This module deploys an application security group. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/applicationSecurityGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/applicationSecurityGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Security Group. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application security group. | -| `resourceGroupName` | string | The resource group the application security group was deployed into. | -| `resourceId` | string | The resource ID of the application security group. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-asg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module applicationSecurityGroups './Microsoft.Network/applicationSecurityGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-applicationSecurityGroups' - params: { - name: '<>-az-asg-x-001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/applicationSecurityGroups/version.json b/modules/Microsoft.Network/applicationSecurityGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/applicationSecurityGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index faa2d91941..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(azureFirewall.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: azureFirewall -}] diff --git a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json deleted file mode 100644 index bd881f7897..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/addpip.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-add-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw" - }, - "additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json deleted file mode 100644 index 68a1ce42cd..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/custompip.parameters.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-custompip-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw" - }, - "publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json deleted file mode 100644 index 56f60cdaca..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw" - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json b/modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json deleted file mode 100644 index 6f0a85edea..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/.deploymentTests/parameters.json +++ /dev/null @@ -1,135 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "zones": { - "value": [ - "1", - "2", - "3" - ] - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw" - }, - "azureFirewallSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw" - }, - "applicationRuleCollections": { - "value": [ - { - "name": "allow-app-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ase-tags", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "fqdnTags": [ - "AppServiceEnvironment", - "WindowsUpdate" - ] - }, - { - "name": "allow-ase-management", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "targetFqdns": [ - "management.azure.com" - ] - } - ] - } - } - ] - }, - "networkRuleCollections": { - "value": [ - { - "name": "allow-network-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ntp", - "sourceAddresses": [ - "*" - ], - "destinationAddresses": [ - "*" - ], - "destinationPorts": [ - "123", - "12000" - ], - "protocols": [ - "Any" - ] - } - ] - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/azureFirewalls/deploy.bicep b/modules/Microsoft.Network/azureFirewalls/deploy.bicep deleted file mode 100644 index 39af5579d8..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/deploy.bicep +++ /dev/null @@ -1,307 +0,0 @@ -@description('Required. Name of the Azure Firewall.') -param name string - -@description('Optional. Name of an Azure Firewall SKU.') -@allowed([ - 'AZFW_VNet' - 'AZFW_Hub' -]) -param azureSkuName string = 'AZFW_VNet' - -@description('Optional. Tier of an Azure Firewall.') -@allowed([ - 'Standard' - 'Premium' -]) -param azureSkuTier string = 'Standard' - -@description('Required. Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a public ip is not provided, then the public ip that is created as part of this module will be applied with the subnet provided in this variable.') -param vNetId string - -@description('Optional. The public ip resource ID to associate to the AzureFirewallSubnet. If empty, then the public ip that is created as part of this module will be applied to the AzureFirewallSubnet.') -param azureFirewallSubnetPublicIpId string = '' - -@description('Optional. This is to add any additional public ip configurations on top of the public ip with subnet ip configuration.') -param additionalPublicIpConfigurations array = [] - -@description('Optional. Specifies if a public ip should be created by default if one is not provided.') -param isCreateDefaultPublicIP bool = true - -@description('Optional. Specifies the properties of the public IP to create and be used by Azure Firewall. If it\'s not provided and publicIPAddressId is empty, a \'-pip\' suffix will be appended to the Firewall\'s name.') -param publicIPAddressObject object = {} - -@description('Optional. Collection of application rule collections used by Azure Firewall.') -param applicationRuleCollections array = [] - -@description('Optional. Collection of network rule collections used by Azure Firewall.') -param networkRuleCollections array = [] - -@description('Optional. Collection of NAT rule collections used by Azure Firewall.') -param natRuleCollections array = [] - -@description('Optional. Resource ID of the Firewall Policy that should be attached.') -param firewallPolicyId string = '' - -@allowed([ - 'Alert' - 'Deny' - 'Off' -]) -@description('Optional. The operation mode for Threat Intel.') -param threatIntelMode string = 'Deny' - -@description('Optional. Zone numbers e.g. 1,2,3.') -param zones array = [ - '1' - '2' - '3' -] - -@description('Optional. Diagnostic Storage Account resource identifier.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Log Analytics workspace resource identifier.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the Azure Firewall resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of firewall logs that will be streamed.') -@allowed([ - 'AzureFirewallApplicationRule' - 'AzureFirewallNetworkRule' - 'AzureFirewallDnsProxy' -]) -param diagnosticLogCategoriesToEnable array = [ - 'AzureFirewallApplicationRule' - 'AzureFirewallNetworkRule' - 'AzureFirewallDnsProxy' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var additionalPublicIpConfigurations_var = [for ipConfiguration in additionalPublicIpConfigurations: { - name: ipConfiguration.name - properties: { - publicIPAddress: contains(ipConfiguration, 'publicIPAddressResourceId') ? { - id: ipConfiguration.publicIPAddressResourceId - } : null - } -}] - -// ---------------------------------------------------------------------------- -// Prep ipConfigurations object AzureFirewallSubnet for different uses cases: -// 1. Use existing public ip -// 2. Use new public ip created in this module -// 3. Do not use a public ip if isCreateDefaultPublicIP is false - -var subnet_var = { - subnet: { - id: '${vNetId}/subnets/AzureFirewallSubnet' // The subnet name must be AzureFirewallSubnet - } -} -var existingPip = { - publicIPAddress: { - id: azureFirewallSubnetPublicIpId - } -} -var newPip = { - publicIPAddress: (empty(azureFirewallSubnetPublicIpId) && isCreateDefaultPublicIP) ? { - id: publicIPAddress.outputs.resourceId - } : null -} - -var ipConfigurations = concat([ - { - name: 'IpConfAzureFirewallSubnet' - //Use existing public ip, new public ip created in this module, or none if isCreateDefaultPublicIP is false - properties: union(subnet_var, !empty(azureFirewallSubnetPublicIpId) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) - } - ], additionalPublicIpConfigurations_var) - -// ---------------------------------------------------------------------------- - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -// create a public ip address if one is not provided and the flag is true -module publicIPAddress '../../Microsoft.Network/publicIPAddresses/deploy.bicep' = if (empty(azureFirewallSubnetPublicIpId) && isCreateDefaultPublicIP) { - name: '${uniqueString(deployment().name, location)}-Firewall-PIP' - params: { - name: contains(publicIPAddressObject, 'name') ? (!(empty(publicIPAddressObject.name)) ? publicIPAddressObject.name : '${name}-pip') : '${name}-pip' - publicIPPrefixResourceId: contains(publicIPAddressObject, 'publicIPPrefixResourceId') ? (!(empty(publicIPAddressObject.publicIPPrefixResourceId)) ? publicIPAddressObject.publicIPPrefixResourceId : '') : '' - publicIPAllocationMethod: contains(publicIPAddressObject, 'publicIPAllocationMethod') ? (!(empty(publicIPAddressObject.publicIPAllocationMethod)) ? publicIPAddressObject.publicIPAllocationMethod : 'Static') : 'Static' - skuName: contains(publicIPAddressObject, 'skuName') ? (!(empty(publicIPAddressObject.skuName)) ? publicIPAddressObject.skuName : 'Standard') : 'Standard' - skuTier: contains(publicIPAddressObject, 'skuTier') ? (!(empty(publicIPAddressObject.skuTier)) ? publicIPAddressObject.skuTier : 'Regional') : 'Regional' - roleAssignments: contains(publicIPAddressObject, 'roleAssignments') ? (!empty(publicIPAddressObject.roleAssignments) ? publicIPAddressObject.roleAssignments : []) : [] - diagnosticMetricsToEnable: contains(publicIPAddressObject, 'diagnosticMetricsToEnable') ? (!(empty(publicIPAddressObject.diagnosticMetricsToEnable)) ? publicIPAddressObject.diagnosticMetricsToEnable : [ - 'AllMetrics' - ]) : [ - 'AllMetrics' - ] - diagnosticLogCategoriesToEnable: contains(publicIPAddressObject, 'diagnosticLogCategoriesToEnable') ? (!(empty(publicIPAddressObject.diagnosticLogCategoriesToEnable)) ? publicIPAddressObject.diagnosticLogCategoriesToEnable : [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ]) : [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] - location: location - diagnosticStorageAccountId: diagnosticStorageAccountId - diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - diagnosticWorkspaceId: diagnosticWorkspaceId - diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId - diagnosticEventHubName: diagnosticEventHubName - lock: lock - tags: tags - zones: zones - } -} - -resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-05-01' = { - name: name - location: location - zones: length(zones) == 0 ? null : zones - tags: tags - properties: { - threatIntelMode: threatIntelMode - firewallPolicy: empty(firewallPolicyId) ? null : { - id: firewallPolicyId - } - ipConfigurations: ipConfigurations - sku: { - name: azureSkuName - tier: azureSkuTier - } - applicationRuleCollections: applicationRuleCollections - natRuleCollections: natRuleCollections - networkRuleCollections: networkRuleCollections - } -} - -resource azureFirewall_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${azureFirewall.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: azureFirewall -} - -resource azureFirewall_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: azureFirewall -} - -module azureFirewall_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AzFW-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: azureFirewall.id - } -}] - -@description('The resource ID of the Azure firewall.') -output resourceId string = azureFirewall.id - -@description('The name of the Azure firewall.') -output name string = azureFirewall.name - -@description('The resource group the Azure firewall was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The private IP of the Azure firewall.') -output privateIp string = azureFirewall.properties.ipConfigurations[0].properties.privateIPAddress - -@description('The public ipconfiguration object for the AzureFirewallSubnet.') -output ipConfAzureFirewallSubnet object = azureFirewall.properties.ipConfigurations[0] - -@description('List of Application Rule Collections.') -output applicationRuleCollections array = applicationRuleCollections - -@description('List of Network Rule Collections.') -output networkRuleCollections array = networkRuleCollections - -@description('Collection of NAT rule collections used by Azure Firewall.') -output natRuleCollections array = natRuleCollections - -@description('The location the resource was deployed into.') -output location string = azureFirewall.location diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md deleted file mode 100644 index 5425e61026..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ /dev/null @@ -1,746 +0,0 @@ -# Azure Firewalls `[Microsoft.Network/azureFirewalls]` - -This module deploys a firewall. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Considerations](#Considerations) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/azureFirewalls` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/azureFirewalls) | -| `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Firewall. | -| `vNetId` | string | Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a public ip is not provided, then the public ip that is created as part of this module will be applied with the subnet provided in this variable. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalPublicIpConfigurations` | array | `[]` | | This is to add any additional public ip configurations on top of the public ip with subnet ip configuration. | -| `applicationRuleCollections` | array | `[]` | | Collection of application rule collections used by Azure Firewall. | -| `azureFirewallSubnetPublicIpId` | string | `''` | | The public ip resource ID to associate to the AzureFirewallSubnet. If empty, then the public ip that is created as part of this module will be applied to the AzureFirewallSubnet. | -| `azureSkuName` | string | `'AZFW_VNet'` | `[AZFW_VNet, AZFW_Hub]` | Name of an Azure Firewall SKU. | -| `azureSkuTier` | string | `'Standard'` | `[Standard, Premium]` | Tier of an Azure Firewall. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | `[AzureFirewallApplicationRule, AzureFirewallNetworkRule, AzureFirewallDnsProxy]` | The name of firewall logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Diagnostic Storage Account resource identifier. | -| `diagnosticWorkspaceId` | string | `''` | | Log Analytics workspace resource identifier. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `firewallPolicyId` | string | `''` | | Resource ID of the Firewall Policy that should be attached. | -| `isCreateDefaultPublicIP` | bool | `True` | | Specifies if a public ip should be created by default if one is not provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natRuleCollections` | array | `[]` | | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | `[]` | | Collection of network rule collections used by Azure Firewall. | -| `publicIPAddressObject` | object | `{object}` | | Specifies the properties of the public IP to create and be used by Azure Firewall. If it's not provided and publicIPAddressId is empty, a '-pip' suffix will be appended to the Firewall's name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the Azure Firewall resource. | -| `threatIntelMode` | string | `'Deny'` | `[Alert, Deny, Off]` | The operation mode for Threat Intel. | -| `zones` | array | `[1, 2, 3]` | | Zone numbers e.g. 1,2,3. | - - -### Parameter Usage: `additionalPublicIpConfigurations` - -Create additional public ip configurations from existing public ips - -

- -Parameter JSON format - -```json -"additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-01" - }, - { - "name": "ipConfig02", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-02" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -additionalPublicIpConfigurations: [ - { - name: 'ipConfig01' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-01' - } - { - name: 'ipConfig02' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-02' - } -] -``` - -
- - -### Parameter Usage: `publicIPAddressObject` - -The Public IP Address object to create as part of the module. This will be created if `isCreateDefaultPublicIP` is true (which it is by default). If not provided, the name and other configurations will be set by default. - - -
- -Parameter JSON format - -```json -"publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } -} -``` - -
- - - -
- -Bicep format - - -```bicep -publicIPAddressObject: { - name: 'mypip' - publicIPPrefixResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPPrefixes/myprefix' - publicIPAllocationMethod: 'Dynamic' - skuName: 'Basic' - skuTier: 'Regional' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - diagnosticLogCategoriesToEnable: [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] -} -``` - -
- - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -
- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationRuleCollections` | array | List of Application Rule Collections. | -| `ipConfAzureFirewallSubnet` | object | The public ipconfiguration object for the AzureFirewallSubnet. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Azure firewall. | -| `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | List of Network Rule Collections. | -| `privateIp` | string | The private IP of the Azure firewall. | -| `resourceGroupName` | string | The resource group the Azure firewall was deployed into. | -| `resourceId` | string | The resource ID of the Azure firewall. | - -## Considerations - -The `applicationRuleCollections` parameter accepts a JSON Array of AzureFirewallApplicationRule objects. -The `networkRuleCollections` parameter accepts a JSON Array of AzureFirewallNetworkRuleCollection objects. - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-add-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw" - }, - "additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-azureFirewalls' - params: { - name: '<>-az-fw-add-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-azfw' - additionalPublicIpConfigurations: [ - { - name: 'ipConfig01' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-fw' - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-custompip-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw" - }, - "publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-azureFirewalls' - params: { - name: '<>-az-fw-custompip-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-azfw' - publicIPAddressObject: { - name: 'adp-<>-az-pip-custom-x-fw' - publicIPPrefixResourceId: '' - publicIPAllocationMethod: 'Static' - skuName: 'Standard' - skuTier: 'Regional' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - diagnosticLogCategoriesToEnable: [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] - } - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-azureFirewalls' - params: { - name: '<>-az-fw-min-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-min-azfw' - } -} -``` - -
-

- -

Example 4

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "zones": { - "value": [ - "1", - "2", - "3" - ] - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw" - }, - "azureFirewallSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw" - }, - "applicationRuleCollections": { - "value": [ - { - "name": "allow-app-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ase-tags", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "fqdnTags": [ - "AppServiceEnvironment", - "WindowsUpdate" - ] - }, - { - "name": "allow-ase-management", - "sourceAddresses": [ - "*" - ], - "protocols": [ - { - "protocolType": "HTTP", - "port": "80" - }, - { - "protocolType": "HTTPS", - "port": "443" - } - ], - "targetFqdns": [ - "management.azure.com" - ] - } - ] - } - } - ] - }, - "networkRuleCollections": { - "value": [ - { - "name": "allow-network-rules", - "properties": { - "priority": 100, - "action": { - "type": "allow" - }, - "rules": [ - { - "name": "allow-ntp", - "sourceAddresses": [ - "*" - ], - "destinationAddresses": [ - "*" - ], - "destinationPorts": [ - "123", - "12000" - ], - "protocols": [ - "Any" - ] - } - ] - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module azureFirewalls './Microsoft.Network/azureFirewalls/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-azureFirewalls' - params: { - name: '<>-az-fw-x-001' - lock: 'CanNotDelete' - zones: [ - '1' - '2' - '3' - ] - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-azfw' - azureFirewallSubnetPublicIpId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw' - applicationRuleCollections: [ - { - name: 'allow-app-rules' - properties: { - priority: 100 - action: { - type: 'allow' - } - rules: [ - { - name: 'allow-ase-tags' - sourceAddresses: [ - '*' - ] - protocols: [ - { - protocolType: 'HTTP' - port: '80' - } - { - protocolType: 'HTTPS' - port: '443' - } - ] - fqdnTags: [ - 'AppServiceEnvironment' - 'WindowsUpdate' - ] - } - { - name: 'allow-ase-management' - sourceAddresses: [ - '*' - ] - protocols: [ - { - protocolType: 'HTTP' - port: '80' - } - { - protocolType: 'HTTPS' - port: '443' - } - ] - targetFqdns: [ - 'management.azure.com' - ] - } - ] - } - } - ] - networkRuleCollections: [ - { - name: 'allow-network-rules' - properties: { - priority: 100 - action: { - type: 'allow' - } - rules: [ - { - name: 'allow-ntp' - sourceAddresses: [ - '*' - ] - destinationAddresses: [ - '*' - ] - destinationPorts: [ - '123' - '12000' - ] - protocols: [ - 'Any' - ] - } - ] - } - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/azureFirewalls/version.json b/modules/Microsoft.Network/azureFirewalls/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/azureFirewalls/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 86871886fd..0000000000 --- a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource azureBastion 'Microsoft.Network/bastionHosts@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(azureBastion.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: azureBastion -}] diff --git a/modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json deleted file mode 100644 index 7c82650737..0000000000 --- a/modules/Microsoft.Network/bastionHosts/.deploymentTests/addpip.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-add-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-bas" - }, - "additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-bas" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json deleted file mode 100644 index dbb195e70f..0000000000 --- a/modules/Microsoft.Network/bastionHosts/.deploymentTests/custompip.parameters.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-custompip-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-bas" - }, - "publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-bas", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } - } - } -} diff --git a/modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json deleted file mode 100644 index 6ef38853fb..0000000000 --- a/modules/Microsoft.Network/bastionHosts/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-002" - } - } -} diff --git a/modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json b/modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json deleted file mode 100644 index 0f0cf18c07..0000000000 --- a/modules/Microsoft.Network/bastionHosts/.deploymentTests/parameters.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "azureBastionSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-bas" - }, - "skuType": { - "value": "Standard" - }, - "scaleUnits": { - "value": 4 - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/bastionHosts/deploy.bicep b/modules/Microsoft.Network/bastionHosts/deploy.bicep deleted file mode 100644 index cf7adde44e..0000000000 --- a/modules/Microsoft.Network/bastionHosts/deploy.bicep +++ /dev/null @@ -1,229 +0,0 @@ -@description('Required. Name of the Azure Bastion resource.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. Shared services Virtual Network resource identifier.') -param vNetId string - -@description('Optional. The public ip resource ID to associate to the azureBastionSubnet. If empty, then the public ip that is created as part of this module will be applied to the azureBastionSubnet.') -param azureBastionSubnetPublicIpId string = '' - -@description('Optional. This is to add any additional public ip configurations on top of the public ip with subnet ip configuration.') -param additionalPublicIpConfigurations array = [] - -@description('Optional. Specifies if a public ip should be created by default if one is not provided.') -param isCreateDefaultPublicIP bool = true - -@description('Optional. Specifies the properties of the public IP to create and be used by Azure Bastion. If it\'s not provided and publicIPAddressResourceId is empty, a \'-pip\' suffix will be appended to the Bastion\'s name.') -param publicIPAddressObject object = {} - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@allowed([ - 'Basic' - 'Standard' -]) -@description('Optional. The SKU of this Bastion Host.') -param skuType string = 'Basic' - -@description('Optional. The scale units for the Bastion Host resource.') -param scaleUnits int = 2 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Optional. The name of bastion logs that will be streamed.') -@allowed([ - 'BastionAuditLogs' -]) -param diagnosticLogCategoriesToEnable array = [ - 'BastionAuditLogs' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var scaleUnits_var = skuType == 'Basic' ? 2 : scaleUnits - -var additionalPublicIpConfigurations_var = [for ipConfiguration in additionalPublicIpConfigurations: { - name: ipConfiguration.name - properties: { - publicIPAddress: contains(ipConfiguration, 'publicIPAddressResourceId') ? { - id: ipConfiguration.publicIPAddressResourceId - } : null - } -}] - -// ---------------------------------------------------------------------------- -// Prep ipConfigurations object AzureBastionSubnet for different uses cases: -// 1. Use existing public ip -// 2. Use new public ip created in this module -// 3. Do not use a public ip if isCreateDefaultPublicIP is false -var subnet_var = { - subnet: { - id: '${vNetId}/subnets/AzureBastionSubnet' // The subnet name must be AzureBastionSubnet - } -} -var existingPip = { - publicIPAddress: { - id: azureBastionSubnetPublicIpId - } -} -var newPip = { - publicIPAddress: (empty(azureBastionSubnetPublicIpId) && isCreateDefaultPublicIP) ? { - id: publicIPAddress.outputs.resourceId - } : null -} - -var ipConfigurations = concat([ - { - name: 'IpConfAzureBastionSubnet' - //Use existing public ip, new public ip created in this module, or none if isCreateDefaultPublicIP is false - properties: union(subnet_var, !empty(azureBastionSubnetPublicIpId) ? existingPip : {}, (isCreateDefaultPublicIP ? newPip : {})) - } - ], additionalPublicIpConfigurations_var) - -// ---------------------------------------------------------------------------- - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -module publicIPAddress '../publicIPAddresses/deploy.bicep' = if (empty(azureBastionSubnetPublicIpId) && isCreateDefaultPublicIP) { - name: '${uniqueString(deployment().name, location)}-Bastion-PIP' - params: { - name: contains(publicIPAddressObject, 'name') ? publicIPAddressObject.name : '${name}-pip' - diagnosticLogCategoriesToEnable: contains(publicIPAddressObject, 'diagnosticLogCategoriesToEnable') ? publicIPAddressObject.diagnosticLogCategoriesToEnable : [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] - diagnosticMetricsToEnable: contains(publicIPAddressObject, 'diagnosticMetricsToEnable') ? publicIPAddressObject.diagnosticMetricsToEnable : [ - 'AllMetrics' - ] - diagnosticStorageAccountId: diagnosticStorageAccountId - diagnosticLogsRetentionInDays: diagnosticLogsRetentionInDays - diagnosticWorkspaceId: diagnosticWorkspaceId - diagnosticEventHubAuthorizationRuleId: diagnosticEventHubAuthorizationRuleId - diagnosticEventHubName: diagnosticEventHubName - enableDefaultTelemetry: enableDefaultTelemetry - location: location - lock: lock - publicIPAddressVersion: contains(publicIPAddressObject, 'publicIPAddressVersion') ? publicIPAddressObject.publicIPAddressVersion : 'IPv4' - publicIPAllocationMethod: contains(publicIPAddressObject, 'publicIPAllocationMethod') ? publicIPAddressObject.publicIPAllocationMethod : 'Static' - publicIPPrefixResourceId: contains(publicIPAddressObject, 'publicIPPrefixResourceId') ? publicIPAddressObject.publicIPPrefixResourceId : '' - roleAssignments: contains(publicIPAddressObject, 'roleAssignments') ? publicIPAddressObject.roleAssignments : [] - skuName: contains(publicIPAddressObject, 'skuName') ? publicIPAddressObject.skuName : 'Standard' - skuTier: contains(publicIPAddressObject, 'skuTier') ? publicIPAddressObject.skuTier : 'Regional' - tags: tags - zones: contains(publicIPAddressObject, 'zones') ? publicIPAddressObject.zones : [] - } -} - -resource azureBastion 'Microsoft.Network/bastionHosts@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: skuType - } - properties: { - scaleUnits: scaleUnits_var - ipConfigurations: ipConfigurations - } -} - -resource azureBastion_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${azureBastion.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: azureBastion -} - -resource azureBastion_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - logs: diagnosticsLogs - } - scope: azureBastion -} - -module azureBastion_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-Bastion-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: azureBastion.id - } -}] - -@description('The resource group the Azure Bastion was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name the Azure Bastion.') -output name string = azureBastion.name - -@description('The resource ID the Azure Bastion.') -output resourceId string = azureBastion.id - -@description('The location the resource was deployed into.') -output location string = azureBastion.location - -@description('The public ipconfiguration object for the AzureBastionSubnet.') -output ipConfAzureBastionSubnet object = azureBastion.properties.ipConfigurations[0] diff --git a/modules/Microsoft.Network/bastionHosts/readme.md b/modules/Microsoft.Network/bastionHosts/readme.md deleted file mode 100644 index b9bc848c0f..0000000000 --- a/modules/Microsoft.Network/bastionHosts/readme.md +++ /dev/null @@ -1,560 +0,0 @@ -# Bastion Hosts `[Microsoft.Network/bastionHosts]` - -This module deploys a bastion host. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/bastionHosts` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/bastionHosts) | -| `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Bastion resource. | -| `vNetId` | string | Shared services Virtual Network resource identifier. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalPublicIpConfigurations` | array | `[]` | | This is to add any additional public ip configurations on top of the public ip with subnet ip configuration. | -| `azureBastionSubnetPublicIpId` | string | `''` | | The public ip resource ID to associate to the azureBastionSubnet. If empty, then the public ip that is created as part of this module will be applied to the azureBastionSubnet. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[BastionAuditLogs]` | `[BastionAuditLogs]` | Optional. The name of bastion logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `isCreateDefaultPublicIP` | bool | `True` | | Specifies if a public ip should be created by default if one is not provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIPAddressObject` | object | `{object}` | | Specifies the properties of the public IP to create and be used by Azure Bastion. If it's not provided and publicIPAddressResourceId is empty, a '-pip' suffix will be appended to the Bastion's name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scaleUnits` | int | `2` | | The scale units for the Bastion Host resource. | -| `skuType` | string | `'Basic'` | `[Basic, Standard]` | The SKU of this Bastion Host. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `additionalPublicIpConfigurations` - -Create additional public ip configurations from existing public ips - -

- -Parameter JSON format - -```json -"additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-01" - }, - { - "name": "ipConfig02", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-02" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -additionalPublicIpConfigurations: [ - { - name: 'ipConfig01' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-01' - } - { - name: 'ipConfig02' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-fw-02' - } -] -``` - -
- - -### Parameter Usage: `publicIPAddressObject` - -The Public IP Address object to create as part of the module. This will be created if `isCreateDefaultPublicIP` is true (which it is by default). If not provided, the name and other configurations will be set by default. - - -
- -Parameter JSON format - -```json -"publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-fw", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } -} -``` - -
- - - -
- -Bicep format - - -```bicep -publicIPAddressObject: { - name: 'mypip' - publicIPPrefixResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPPrefixes/myprefix' - publicIPAllocationMethod: 'Dynamic' - skuName: 'Basic' - skuTier: 'Regional' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - diagnosticLogCategoriesToEnable: [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] -} -``` - -
- - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -
- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `ipConfAzureBastionSubnet` | object | The public ipconfiguration object for the AzureBastionSubnet. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name the Azure Bastion. | -| `resourceGroupName` | string | The resource group the Azure Bastion was deployed into. | -| `resourceId` | string | The resource ID the Azure Bastion. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-add-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-bas" - }, - "additionalPublicIpConfigurations": { - "value": [ - { - "name": "ipConfig01", - "publicIPAddressResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-bas" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module bastionHosts './Microsoft.Network/bastionHosts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-bastionHosts' - params: { - name: '<>-az-bas-add-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-add-bas' - additionalPublicIpConfigurations: [ - { - name: 'ipConfig01' - publicIPAddressResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-additional-bas' - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-custompip-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-bas" - }, - "publicIPAddressObject": { - "value": { - "name": "adp-<>-az-pip-custom-x-bas", - "publicIPPrefixResourceId": "", - "publicIPAllocationMethod": "Static", - "skuName": "Standard", - "skuTier": "Regional", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "diagnosticMetricsToEnable": [ - "AllMetrics" - ], - "diagnosticLogCategoriesToEnable": [ - "DDoSProtectionNotifications", - "DDoSMitigationFlowLogs", - "DDoSMitigationReports" - ] - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module bastionHosts './Microsoft.Network/bastionHosts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-bastionHosts' - params: { - name: '<>-az-bas-custompip-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-custompip-bas' - publicIPAddressObject: { - name: 'adp-<>-az-pip-custom-x-bas' - publicIPPrefixResourceId: '' - publicIPAllocationMethod: 'Static' - skuName: 'Standard' - skuTier: 'Regional' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - diagnosticLogCategoriesToEnable: [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' - ] - } - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-min-001" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-002" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module bastionHosts './Microsoft.Network/bastionHosts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-bastionHosts' - params: { - name: '<>-az-bas-min-001' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-002' - } -} -``` - -
-

- -

Example 4

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bas-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "vNetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "azureBastionSubnetPublicIpId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-bas" - }, - "skuType": { - "value": "Standard" - }, - "scaleUnits": { - "value": 4 - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module bastionHosts './Microsoft.Network/bastionHosts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-bastionHosts' - params: { - name: '<>-az-bas-x-001' - lock: 'CanNotDelete' - vNetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' - azureBastionSubnetPublicIpId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-bas' - skuType: 'Standard' - scaleUnits: 4 - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/bastionHosts/version.json b/modules/Microsoft.Network/bastionHosts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/bastionHosts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json b/modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json deleted file mode 100644 index c58d1a4593..0000000000 --- a/modules/Microsoft.Network/connections/.deploymentTests/vnet2vnet.parameters.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnetgwc-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "virtualNetworkGateway1": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001" - } - }, - "virtualNetworkGateway2": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002" - } - }, - "vpnSharedKey": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "vpnSharedKey" - } - }, - "virtualNetworkGatewayConnectionType": { - "value": "Vnet2Vnet" - }, - "enableBgp": { - "value": false - }, - "location": { - "value": "eastus" - } - } -} diff --git a/modules/Microsoft.Network/connections/deploy.bicep b/modules/Microsoft.Network/connections/deploy.bicep deleted file mode 100644 index d5e2464990..0000000000 --- a/modules/Microsoft.Network/connections/deploy.bicep +++ /dev/null @@ -1,128 +0,0 @@ -@description('Required. Remote connection name.') -param name string - -@description('Optional. Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways.') -param vpnSharedKey string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Gateway connection type.') -@allowed([ - 'IPsec' - 'Vnet2Vnet' - 'ExpressRoute' - 'VPNClient' -]) -param virtualNetworkGatewayConnectionType string = 'IPsec' - -@description('Optional. Value to specify if BGP is enabled or not.') -param enableBgp bool = false - -@description('Optional. Enable policy-based traffic selectors.') -param usePolicyBasedTrafficSelectors bool = false - -@description('Optional. The IPSec Policies to be considered by this connection.') -param customIPSecPolicy object = { - saLifeTimeSeconds: 0 - saDataSizeKilobytes: 0 - ipsecEncryption: '' - ipsecIntegrity: '' - ikeEncryption: '' - ikeIntegrity: '' - dhGroup: '' - pfsGroup: '' -} - -@description('Optional. The weight added to routes learned from this BGP speaker.') -param routingWeight int = -1 - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Required. The primary Virtual Network Gateway.') -param virtualNetworkGateway1 object - -@description('Optional. The remote Virtual Network Gateway. Used for connection type [Vnet2Vnet].') -param virtualNetworkGateway2 object = {} - -@description('Optional. The remote peer. Used for connection type [ExpressRoute].') -param peer object = {} - -@description('Optional. The local network gateway. Used for connection type [IPsec].') -param localNetworkGateway2 object = {} - -var customIPSecPolicy_var = [ - { - saLifeTimeSeconds: customIPSecPolicy.saLifeTimeSeconds - saDataSizeKilobytes: customIPSecPolicy.saDataSizeKilobytes - ipsecEncryption: customIPSecPolicy.ipsecEncryption - ipsecIntegrity: customIPSecPolicy.ipsecIntegrity - ikeEncryption: customIPSecPolicy.ikeEncryption - ikeIntegrity: customIPSecPolicy.ikeIntegrity - dhGroup: customIPSecPolicy.dhGroup - pfsGroup: customIPSecPolicy.pfsGroup - } -] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource connection 'Microsoft.Network/connections@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - connectionType: virtualNetworkGatewayConnectionType - virtualNetworkGateway1: virtualNetworkGateway1 - virtualNetworkGateway2: virtualNetworkGatewayConnectionType == 'Vnet2Vnet' ? virtualNetworkGateway2 : null - localNetworkGateway2: virtualNetworkGatewayConnectionType == 'IPsec' ? localNetworkGateway2 : null - peer: virtualNetworkGatewayConnectionType == 'ExpressRoute' ? peer : null - sharedKey: virtualNetworkGatewayConnectionType != 'ExpressRoute' ? vpnSharedKey : null - usePolicyBasedTrafficSelectors: usePolicyBasedTrafficSelectors - ipsecPolicies: !empty(customIPSecPolicy.ipsecEncryption) ? customIPSecPolicy_var : customIPSecPolicy.ipsecEncryption - routingWeight: routingWeight != -1 ? routingWeight : null - enableBgp: enableBgp - } -} - -resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${connection.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: connection -} - -@description('The resource group the remote connection was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the remote connection.') -output name string = connection.name - -@description('The resource ID of the remote connection.') -output resourceId string = connection.id - -@description('The location the resource was deployed into.') -output location string = connection.location diff --git a/modules/Microsoft.Network/connections/readme.md b/modules/Microsoft.Network/connections/readme.md deleted file mode 100644 index bd5c52509e..0000000000 --- a/modules/Microsoft.Network/connections/readme.md +++ /dev/null @@ -1,387 +0,0 @@ -# Virtual Network Gateway Connections `[Microsoft.Network/connections]` - -This template deploys a virtual network gateway connection. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Network/connections` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/connections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Remote connection name. | -| `virtualNetworkGateway1` | object | The primary Virtual Network Gateway. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customIPSecPolicy` | object | `{object}` | | The IPSec Policies to be considered by this connection. | -| `enableBgp` | bool | `False` | | Value to specify if BGP is enabled or not. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `localNetworkGateway2` | object | `{object}` | | The local network gateway. Used for connection type [IPsec]. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `peer` | object | `{object}` | | The remote peer. Used for connection type [ExpressRoute]. | -| `routingWeight` | int | `-1` | | The weight added to routes learned from this BGP speaker. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | -| `virtualNetworkGateway2` | object | `{object}` | | The remote Virtual Network Gateway. Used for connection type [Vnet2Vnet]. | -| `virtualNetworkGatewayConnectionType` | string | `'IPsec'` | `[IPsec, Vnet2Vnet, ExpressRoute, VPNClient]` | Gateway connection type. | -| `vpnSharedKey` | string | `''` | | Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. | - - -### Parameter Usage: `virtualNetworkGateway1` - -The primary virtual network gateway object. - -

- -Parameter JSON format - -```json -"virtualNetworkGateway1": { - "value": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworkGateways/myGateway01" - } -} -``` - -
- -
- -Bicep format - -```bicep -virtualNetworkGateway1: { - id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworkGateways/myGateway01' -} -``` - -
-

- -### Parameter Usage: `virtualNetworkGateway2` - -The secondary virtual network gateway used for VNET to VNET connections. - -

- -Parameter JSON format - -```json -"virtualNetworkGateway2" : { - "value": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworkGateways/myGateway02" - } -} -``` - -
- -
- -Bicep format - -```bicep -virtualNetworkGateway2 : { - id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/virtualNetworkGateways/myGateway02' -} -``` - -
-

- -### Parameter Usage: `localNetworkGateway2` - -The local virtual network gateway object. - -

- -Parameter JSON format - -```json -"localNetworkGateway2": { - "value": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/localNetworkGateways/myGateway" - } -} -``` - -
- -
- -Bicep format - -```bicep -localNetworkGateway2: { - id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/localNetworkGateways/myGateway' -} -``` - -
-

- -### Parameter Usage: `peer` - -The remote peer object used for ExpressRoute connections - -

- -Parameter JSON format - -```json -"peer": { - "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/expressRouteCircuits/expressRoute" -} -``` - -
- -
- -Bicep format - -```bicep -'peer': { - id: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRG/providers/Microsoft.Network/expressRouteCircuits/expressRoute' -} -``` - -
-

- -### Parameter Usage: `customIPSecPolicy` - -If ipsecEncryption parameter is empty, customIPSecPolicy will not be deployed. The parameter file should look like below. - -

- -Parameter JSON format - -```json -"customIPSecPolicy": { - "value": { - "saLifeTimeSeconds": 0, - "saDataSizeKilobytes": 0, - "ipsecEncryption": "", - "ipsecIntegrity": "", - "ikeEncryption": "", - "ikeIntegrity": "", - "dhGroup": "", - "pfsGroup": "" - } -} -``` - -
- -
- -Bicep format - -```bicep -customIPSecPolicy: { - saLifeTimeSeconds: 0 - saDataSizeKilobytes: 0 - ipsecEncryption: '' - ipsecIntegrity: '' - ikeEncryption: '' - ikeIntegrity: '' - dhGroup: '' - pfsGroup: '' -} -``` - -
-

- -Format of the full customIPSecPolicy parameter in parameter file. - -

- -Parameter JSON format - -```json -"customIPSecPolicy": { - "value": { - "saLifeTimeSeconds": 28800, - "saDataSizeKilobytes": 102400000, - "ipsecEncryption": "AES256", - "ipsecIntegrity": "SHA256", - "ikeEncryption": "AES256", - "ikeIntegrity": "SHA256", - "dhGroup": "DHGroup14", - "pfsGroup": "None" - } -} -``` - -
- -
- -Bicep format - -```bicep -customIPSecPolicy: { - saLifeTimeSeconds: 28800 - saDataSizeKilobytes: 102400000 - ipsecEncryption: 'AES256' - ipsecIntegrity: 'SHA256' - ikeEncryption: 'AES256' - ikeIntegrity: 'SHA256' - dhGroup: 'DHGroup14' - pfsGroup: 'None' -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the remote connection. | -| `resourceGroupName` | string | The resource group the remote connection was deployed into. | -| `resourceId` | string | The resource ID of the remote connection. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnetgwc-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "virtualNetworkGateway1": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001" - } - }, - "virtualNetworkGateway2": { - "value": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002" - } - }, - "vpnSharedKey": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "vpnSharedKey" - } - }, - "virtualNetworkGatewayConnectionType": { - "value": "Vnet2Vnet" - }, - "enableBgp": { - "value": false - }, - "location": { - "value": "eastus" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = { - name: 'adp-<>-az-kv-x-001' - scope: resourceGroup('<>','validation-rg') -} - -module connections './Microsoft.Network/connections/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-connections' - params: { - name: '<>-az-vnetgwc-x-001' - lock: 'CanNotDelete' - virtualNetworkGateway1: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-001' - } - virtualNetworkGateway2: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworkGateways/<>-az-vnet-vpn-gw-p-002' - } - vpnSharedKey: kv1.getSecret('vpnSharedKey') - virtualNetworkGatewayConnectionType: 'Vnet2Vnet' - enableBgp: false - location: 'eastus' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/connections/version.json b/modules/Microsoft.Network/connections/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/connections/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 52f9158a47..0000000000 --- a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(ddosProtectionPlan.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: ddosProtectionPlan -}] diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json b/modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json deleted file mode 100644 index fe639affc6..0000000000 --- a/modules/Microsoft.Network/ddosProtectionPlans/.deploymentTests/parameters.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ddos-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep deleted file mode 100644 index 489a38fc87..0000000000 --- a/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ /dev/null @@ -1,74 +0,0 @@ -@description('Required. Name of the DDoS protection plan to assign the VNET to.') -@minLength(1) -param name string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-05-01' = { - name: name - location: location - tags: tags - properties: {} -} - -resource ddosProtectionPlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${ddosProtectionPlan.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: ddosProtectionPlan -} - -module ddosProtectionPlan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-DDoSProtectionPlan-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: ddosProtectionPlan.id - } -}] - -@description('The resource group the DDOS protection plan was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the DDOS protection plan.') -output resourceId string = ddosProtectionPlan.id - -@description('The name of the DDOS protection plan.') -output name string = ddosProtectionPlan.name - -@description('The location the resource was deployed into.') -output location string = ddosProtectionPlan.location diff --git a/modules/Microsoft.Network/ddosProtectionPlans/readme.md b/modules/Microsoft.Network/ddosProtectionPlans/readme.md deleted file mode 100644 index 3d33168d71..0000000000 --- a/modules/Microsoft.Network/ddosProtectionPlans/readme.md +++ /dev/null @@ -1,204 +0,0 @@ -# DDoS Protection Plans `[Microsoft.Network/ddosProtectionPlans]` - -This template deploys a DDoS protection plan. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/ddosProtectionPlans` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/ddosProtectionPlans) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `''` | Name of the DDoS protection plan to assign the VNET to. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the DDOS protection plan. | -| `resourceGroupName` | string | The resource group the DDOS protection plan was deployed into. | -| `resourceId` | string | The resource ID of the DDOS protection plan. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ddos-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module ddosProtectionPlans './Microsoft.Network/ddosProtectionPlans/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-ddosProtectionPlans' - params: { - name: '<>-az-ddos-x-001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/ddosProtectionPlans/version.json b/modules/Microsoft.Network/ddosProtectionPlans/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/ddosProtectionPlans/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 0ff9bad986..0000000000 --- a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(expressRouteCircuits.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: expressRouteCircuits -}] diff --git a/modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json b/modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json deleted file mode 100644 index fa4209859e..0000000000 --- a/modules/Microsoft.Network/expressRouteCircuits/.deploymentTests/parameters.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-erc-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "serviceProviderName": { - "value": "Equinix" - }, - "peeringLocation": { - "value": "Amsterdam" - }, - "bandwidthInMbps": { - "value": 50 - }, - "skuTier": { - "value": "Standard" - }, - "skuFamily": { - "value": "MeteredData" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep deleted file mode 100644 index 73f031e75c..0000000000 --- a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ /dev/null @@ -1,223 +0,0 @@ -@description('Required. This is the name of the ExpressRoute circuit.') -param name string - -@description('Required. This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call.') -param serviceProviderName string - -@description('Required. This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call.') -param peeringLocation string - -@description('Required. This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call.') -param bandwidthInMbps int - -@description('Required. Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers.') -@allowed([ - 'Local' - 'Standard' - 'Premium' -]) -param skuTier string = 'Standard' - -@description('Required. Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families.') -@allowed([ - 'MeteredData' - 'UnlimitedData' -]) -param skuFamily string = 'MeteredData' - -@description('Optional. Enabled BGP peering type for the Circuit.') -@allowed([ - true - false -]) -param peering bool = false - -@description('Optional. BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering.') -@allowed([ - 'AzurePrivatePeering' - 'MicrosoftPeering' -]) -param peeringType string = 'AzurePrivatePeering' - -@description('Optional. The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required.') -param sharedKey string = '' - -@description('Optional. The autonomous system number of the customer/connectivity provider.') -param peerASN int = 0 - -@description('Optional. A /30 subnet used to configure IP addresses for interfaces on Link1.') -param primaryPeerAddressPrefix string = '' - -@description('Optional. A /30 subnet used to configure IP addresses for interfaces on Link2.') -param secondaryPeerAddressPrefix string = '' - -@description('Optional. Specifies the identifier that is used to identify the customer.') -param vlanId int = 0 - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'PeeringRouteLog' -]) -param diagnosticLogCategoriesToEnable array = [ - 'PeeringRouteLog' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var peeringConfiguration = [ - { - name: peeringType - properties: { - peeringType: peeringType - sharedKey: sharedKey - peerASN: peerASN - primaryPeerAddressPrefix: primaryPeerAddressPrefix - secondaryPeerAddressPrefix: secondaryPeerAddressPrefix - vlanId: vlanId - } - } -] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: '${skuTier}_${skuFamily}' - tier: skuTier - family: skuTier == 'Local' ? 'UnlimitedData' : skuFamily - } - properties: { - serviceProviderProperties: { - serviceProviderName: serviceProviderName - peeringLocation: peeringLocation - bandwidthInMbps: bandwidthInMbps - } - peerings: peering ? peeringConfiguration : null - } -} - -resource expressRouteCircuits_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${expressRouteCircuits.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: expressRouteCircuits -} - -resource expressRouteCircuits_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: expressRouteCircuits -} - -module expressRouteCircuits_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ExpRouteCircuits-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: expressRouteCircuits.id - } -}] - -@description('The resource ID of express route curcuit.') -output resourceId string = expressRouteCircuits.id - -@description('The resource group the express route curcuit was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of express route curcuit.') -output name string = expressRouteCircuits.name - -@description('The service key of the express route circuit.') -output serviceKey string = reference(expressRouteCircuits.id, '2021-02-01').serviceKey - -@description('The location the resource was deployed into.') -output location string = expressRouteCircuits.location diff --git a/modules/Microsoft.Network/expressRouteCircuits/readme.md b/modules/Microsoft.Network/expressRouteCircuits/readme.md deleted file mode 100644 index 2597635ebe..0000000000 --- a/modules/Microsoft.Network/expressRouteCircuits/readme.md +++ /dev/null @@ -1,266 +0,0 @@ -# ExpressRoute Circuits `[Microsoft.Network/expressRouteCircuits]` - -This template deploys an express route circuit. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/expressRouteCircuits` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/expressRouteCircuits) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `bandwidthInMbps` | int | | | This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. | -| `name` | string | | | This is the name of the ExpressRoute circuit. | -| `peeringLocation` | string | | | This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. | -| `serviceProviderName` | string | | | This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. | -| `skuFamily` | string | `'MeteredData'` | `[MeteredData, UnlimitedData]` | Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families. | -| `skuTier` | string | `'Standard'` | `[Local, Standard, Premium]` | Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[PeeringRouteLog]` | `[PeeringRouteLog]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `peerASN` | int | `0` | | The autonomous system number of the customer/connectivity provider. | -| `peering` | bool | `False` | `[True, False]` | Enabled BGP peering type for the Circuit. | -| `peeringType` | string | `'AzurePrivatePeering'` | `[AzurePrivatePeering, MicrosoftPeering]` | BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. | -| `primaryPeerAddressPrefix` | string | `''` | | A /30 subnet used to configure IP addresses for interfaces on Link1. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `secondaryPeerAddressPrefix` | string | `''` | | A /30 subnet used to configure IP addresses for interfaces on Link2. | -| `sharedKey` | string | `''` | | The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vlanId` | int | `0` | | Specifies the identifier that is used to identify the customer. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of express route curcuit. | -| `resourceGroupName` | string | The resource group the express route curcuit was deployed into. | -| `resourceId` | string | The resource ID of express route curcuit. | -| `serviceKey` | string | The service key of the express route circuit. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-erc-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "serviceProviderName": { - "value": "Equinix" - }, - "peeringLocation": { - "value": "Amsterdam" - }, - "bandwidthInMbps": { - "value": 50 - }, - "skuTier": { - "value": "Standard" - }, - "skuFamily": { - "value": "MeteredData" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module expressRouteCircuits './Microsoft.Network/expressRouteCircuits/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-expressRouteCircuits' - params: { - name: '<>-az-erc-x-001' - lock: 'CanNotDelete' - serviceProviderName: 'Equinix' - peeringLocation: 'Amsterdam' - bandwidthInMbps: 50 - skuTier: 'Standard' - skuFamily: 'MeteredData' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/expressRouteCircuits/version.json b/modules/Microsoft.Network/expressRouteCircuits/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/expressRouteCircuits/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json deleted file mode 100644 index bb555089ed..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json b/modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json deleted file mode 100644 index 67e03ad34e..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/.deploymentTests/parameters.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-x-002" - }, - "ruleCollectionGroups": { - "value": [ - { - "name": "<>-rule-001", - "priority": 5000, - "ruleCollections": [ - { - "name": "collection002", - "priority": 5555, - "action": { - "type": "Allow" - }, - "rules": [ - { - "name": "rule002", - "ipProtocols": [ - "TCP", - "UDP" - ], - "destinationPorts": [ - "80" - ], - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ruleType": "NetworkRule", - "destinationIpGroups": [], - "destinationAddresses": [ - "*" - ], - "destinationFqdns": [] - } - ], - "ruleCollectionType": "FirewallPolicyFilterRuleCollection" - } - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/firewallPolicies/deploy.bicep b/modules/Microsoft.Network/firewallPolicies/deploy.bicep deleted file mode 100644 index 1c86b92bfe..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/deploy.bicep +++ /dev/null @@ -1,184 +0,0 @@ -@description('Required. Name of the Firewall Policy.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Tags of the Firewall policy resource.') -param tags object = {} - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Resource ID of the base policy.') -param basePolicyResourceId string = '' - -@description('Optional. Enable DNS Proxy on Firewalls attached to the Firewall Policy.') -param enableProxy bool = false - -@description('Optional. List of Custom DNS Servers.') -param servers array = [] - -@description('Optional. A flag to indicate if the insights are enabled on the policy.') -param insightsIsEnabled bool = false - -@description('Optional. Default Log Analytics Resource ID for Firewall Policy Insights.') -param defaultWorkspaceId string = '' - -@description('Optional. List of workspaces for Firewall Policy Insights.') -param workspaces array = [] - -@description('Optional. Number of days the insights should be enabled on the policy.') -param retentionDays int = 365 - -@description('Optional. List of rules for traffic to bypass.') -param bypassTrafficSettings array = [] - -@description('Optional. List of specific signatures states.') -param signatureOverrides array = [] - -@description('Optional. The configuring of intrusion detection.') -@allowed([ - 'Alert' - 'Deny' - 'Off' -]) -param mode string = 'Off' - -@description('Optional. Tier of Firewall Policy.') -@allowed([ - 'Premium' - 'Standard' -]) -param tier string = 'Standard' - -@description('Optional. List of private IP addresses/IP address ranges to not be SNAT.') -param privateRanges array = [] - -@description('Optional. The operation mode for Threat Intel.') -@allowed([ - 'Alert' - 'Deny' - 'Off' -]) -param threatIntelMode string = 'Off' - -@description('Optional. List of FQDNs for the ThreatIntel Allowlist.') -param fqdns array = [] - -@description('Optional. List of IP addresses for the ThreatIntel Allowlist.') -param ipAddresses array = [] - -@description('Optional. Secret ID of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault. .') -param keyVaultSecretId string = '' - -@description('Optional. Name of the CA certificate.') -param certificateName string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Rule collection groups.') -param ruleCollectionGroups array = [] - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource firewallPolicy 'Microsoft.Network/firewallPolicies@2021-05-01' = { - name: name - location: location - tags: tags - identity: identity - properties: { - basePolicy: !empty(basePolicyResourceId) ? { - id: basePolicyResourceId - } : null - dnsSettings: enableProxy ? { - enableProxy: enableProxy - servers: servers - } : null - insights: insightsIsEnabled ? { - isEnabled: insightsIsEnabled - logAnalyticsResources: { - defaultWorkspaceId: { - id: !empty(defaultWorkspaceId) ? defaultWorkspaceId : null - } - workspaces: !empty(workspaces) ? workspaces : null - } - retentionDays: retentionDays - } : null - intrusionDetection: (mode != 'Off') ? { - configuration: { - bypassTrafficSettings: !empty(bypassTrafficSettings) ? bypassTrafficSettings : null - signatureOverrides: !empty(signatureOverrides) ? signatureOverrides : null - } - mode: mode - } : null - sku: { - tier: tier - } - snat: !empty(privateRanges) ? { - privateRanges: privateRanges - } : null - threatIntelMode: threatIntelMode - threatIntelWhitelist: { - fqdns: fqdns - ipAddresses: ipAddresses - } - transportSecurity: (!empty(keyVaultSecretId) || !empty(certificateName)) ? { - certificateAuthority: { - keyVaultSecretId: !empty(keyVaultSecretId) ? keyVaultSecretId : null - name: !empty(certificateName) ? certificateName : null - } - } : null - } -} - -// When a FW policy uses a base policy and have more rule collection groups, -// they need to be deployed sequentially, otherwise the deployment would fail -// because of concurrent access to the base policy. -// The next line forces ARM to deploy them one after the other, so no race concition on the base policy will happen. -@batchSize(1) -module firewallPolicy_ruleCollectionGroups 'ruleCollectionGroups/deploy.bicep' = [for (ruleCollectionGroup, index) in ruleCollectionGroups: { - name: '${uniqueString(deployment().name, location)}-firewallPolicy_ruleCollectionGroups-${index}' - params: { - firewallPolicyName: firewallPolicy.name - name: ruleCollectionGroup.name - priority: ruleCollectionGroup.priority - ruleCollections: ruleCollectionGroup.ruleCollections - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed firewall policy.') -output name string = firewallPolicy.name - -@description('The resource ID of the deployed firewall policy.') -output resourceId string = firewallPolicy.id - -@description('The resource group of the deployed firewall policy.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = firewallPolicy.location diff --git a/modules/Microsoft.Network/firewallPolicies/readme.md b/modules/Microsoft.Network/firewallPolicies/readme.md deleted file mode 100644 index f5fa668b83..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/readme.md +++ /dev/null @@ -1,287 +0,0 @@ -# Firewall Policies `[Microsoft.Network/firewallPolicies]` - -This module deploys Firewall Policies. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/firewallPolicies` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/firewallPolicies) | -| `Microsoft.Network/firewallPolicies/ruleCollectionGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/firewallPolicies/ruleCollectionGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Firewall Policy. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `basePolicyResourceId` | string | `''` | | Resource ID of the base policy. | -| `bypassTrafficSettings` | array | `[]` | | List of rules for traffic to bypass. | -| `certificateName` | string | `''` | | Name of the CA certificate. | -| `defaultWorkspaceId` | string | `''` | | Default Log Analytics Resource ID for Firewall Policy Insights. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableProxy` | bool | `False` | | Enable DNS Proxy on Firewalls attached to the Firewall Policy. | -| `fqdns` | array | `[]` | | List of FQDNs for the ThreatIntel Allowlist. | -| `insightsIsEnabled` | bool | `False` | | A flag to indicate if the insights are enabled on the policy. | -| `ipAddresses` | array | `[]` | | List of IP addresses for the ThreatIntel Allowlist. | -| `keyVaultSecretId` | string | `''` | | Secret ID of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault. . | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `mode` | string | `'Off'` | `[Alert, Deny, Off]` | The configuring of intrusion detection. | -| `privateRanges` | array | `[]` | | List of private IP addresses/IP address ranges to not be SNAT. | -| `retentionDays` | int | `365` | | Number of days the insights should be enabled on the policy. | -| `ruleCollectionGroups` | _[ruleCollectionGroups](ruleCollectionGroups/readme.md)_ array | `[]` | | Rule collection groups. | -| `servers` | array | `[]` | | List of Custom DNS Servers. | -| `signatureOverrides` | array | `[]` | | List of specific signatures states. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Firewall policy resource. | -| `threatIntelMode` | string | `'Off'` | `[Alert, Deny, Off]` | The operation mode for Threat Intel. | -| `tier` | string | `'Standard'` | `[Premium, Standard]` | Tier of Firewall Policy. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workspaces` | array | `[]` | | List of workspaces for Firewall Policy Insights. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed firewall policy. | -| `resourceGroupName` | string | The resource group of the deployed firewall policy. | -| `resourceId` | string | The resource ID of the deployed firewall policy. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-firewallPolicies' - params: { - name: '<>-az-fwpol-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fwpol-x-002" - }, - "ruleCollectionGroups": { - "value": [ - { - "name": "<>-rule-001", - "priority": 5000, - "ruleCollections": [ - { - "name": "collection002", - "priority": 5555, - "action": { - "type": "Allow" - }, - "rules": [ - { - "name": "rule002", - "ipProtocols": [ - "TCP", - "UDP" - ], - "destinationPorts": [ - "80" - ], - "sourceAddresses": [ - "*" - ], - "sourceIpGroups": [], - "ruleType": "NetworkRule", - "destinationIpGroups": [], - "destinationAddresses": [ - "*" - ], - "destinationFqdns": [] - } - ], - "ruleCollectionType": "FirewallPolicyFilterRuleCollection" - } - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module firewallPolicies './Microsoft.Network/firewallPolicies/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-firewallPolicies' - params: { - name: '<>-az-fwpol-x-002' - ruleCollectionGroups: [ - { - name: '<>-rule-001' - priority: 5000 - ruleCollections: [ - { - name: 'collection002' - priority: 5555 - action: { - type: 'Allow' - } - rules: [ - { - name: 'rule002' - ipProtocols: [ - 'TCP' - 'UDP' - ] - destinationPorts: [ - '80' - ] - sourceAddresses: [ - '*' - ] - sourceIpGroups: [] - ruleType: 'NetworkRule' - destinationIpGroups: [] - destinationAddresses: [ - '*' - ] - destinationFqdns: [] - } - ] - ruleCollectionType: 'FirewallPolicyFilterRuleCollection' - } - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep deleted file mode 100644 index dd73432d93..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@description('Conditional. The name of the parent Firewall Policy. Required if the template is used in a standalone deployment.') -param firewallPolicyName string - -@description('Required. The name of the rule collection group to deploy.') -param name string - -@description('Required. Priority of the Firewall Policy Rule Collection Group resource.') -param priority int - -@description('Optional. Group of Firewall Policy rule collections.') -param ruleCollections array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource firewallPolicy 'Microsoft.Network/firewallPolicies@2021-05-01' existing = { - name: firewallPolicyName -} - -resource ruleCollectionGroup 'Microsoft.Network/firewallPolicies/ruleCollectionGroups@2021-05-01' = { - name: name - parent: firewallPolicy - properties: { - priority: priority - ruleCollections: ruleCollections - } -} - -@description('The name of the deployed rule collection group.') -output name string = ruleCollectionGroup.name - -@description('The resource ID of the deployed rule collection group.') -output resourceId string = ruleCollectionGroup.id - -@description('The resource group of the deployed rule collection group.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md deleted file mode 100644 index ee1f0d6410..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Network Firewall Policies Rule Collection Groups `[Microsoft.Network/firewallPolicies/ruleCollectionGroups]` - -This module deploys Network Firewall Policies Rule Collection Groups. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/firewallPolicies/ruleCollectionGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/firewallPolicies/ruleCollectionGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the rule collection group to deploy. | -| `priority` | int | Priority of the Firewall Policy Rule Collection Group resource. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `firewallPolicyName` | string | The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ruleCollections` | array | `[]` | Group of Firewall Policy rule collections. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed rule collection group. | -| `resourceGroupName` | string | The resource group of the deployed rule collection group. | -| `resourceId` | string | The resource ID of the deployed rule collection group. | diff --git a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json b/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/ruleCollectionGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/firewallPolicies/version.json b/modules/Microsoft.Network/firewallPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/firewallPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 9a72de9cc3..0000000000 --- a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource frontDoor 'Microsoft.Network/frontDoors@2020-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(frontDoor.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: frontDoor -}] diff --git a/modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json b/modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json deleted file mode 100644 index e52cca17f9..0000000000 --- a/modules/Microsoft.Network/frontDoors/.deploymentTests/parameters.json +++ /dev/null @@ -1,115 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fd-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backendPools": { - "value": [ - { - "name": "backendPool", - "properties": { - "backends": [ - { - "address": "biceptest.local", - "backendHostHeader": "backendAddress", - "httpPort": 80, - "httpsPort": 443, - "weight": 50, - "priority": 1, - "enabledState": "Enabled", - "privateLinkAlias": "", - "privateLinkApprovalMessage": "", - "privateLinkLocation": "", - "privateLinkResourceId": "" - } - ], - "LoadBalancingSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/LoadBalancingSettings/loadBalancer" - }, - "HealthProbeSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/HealthProbeSettings/heathProbe" - } - } - } - ] - }, - "enforceCertificateNameCheck": { - "value": "Disabled" - }, - "sendRecvTimeoutSeconds": { - "value": 10 - }, - "frontendEndpoints": { - "value": [ - { - "name": "frontEnd", - "properties": { - "hostName": "<>-az-fd-x-001.azurefd.net", - "sessionAffinityEnabledState": "Disabled", - "sessionAffinityTtlSeconds": 60 - } - } - ] - }, - "healthProbeSettings": { - "value": [ - { - "name": "heathProbe", - "properties": { - "enabledState": "", - "healthProbeMethod": "", - "intervalInSeconds": 60, - "path": "/", - "protocol": "Https" - } - } - ] - }, - "loadBalancingSettings": { - "value": [ - { - "name": "loadBalancer", - "properties": { - "additionalLatencyMilliseconds": 0, - "sampleSize": 50, - "successfulSamplesRequired": 1 - } - } - ] - }, - "routingRules": { - "value": [ - { - "name": "routingRule", - "properties": { - "acceptedProtocols": [ - "Http", - "Https" - ], - "enabledState": "Enabled", - "frontendEndpoints": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/FrontendEndpoints/frontEnd" - } - ], - "patternsToMatch": [ - "/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration", - "forwardingProtocol": "MatchRequest", - "backendPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/BackendPools/backendPool" - } - } - } - } - ] - } - } -} diff --git a/modules/Microsoft.Network/frontDoors/deploy.bicep b/modules/Microsoft.Network/frontDoors/deploy.bicep deleted file mode 100644 index a279b88e22..0000000000 --- a/modules/Microsoft.Network/frontDoors/deploy.bicep +++ /dev/null @@ -1,178 +0,0 @@ -@description('Required. The name of the frontDoor.') -@minLength(1) -@maxLength(64) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Required. Backend address pool of the frontdoor resource.') -param backendPools array = [] - -@description('Optional. Enforce certificate name check of the frontdoor resource.') -param enforceCertificateNameCheck string = 'Disabled' - -@description('Optional. Certificate name check time of the frontdoor resource.') -param sendRecvTimeoutSeconds int = 600 - -@description('Required. State of the frontdoor resource.') -param enabledState string = 'Enabled' - -@description('Required. Friendly name of the frontdoor resource.') -param friendlyName string = '' - -@description('Required. Frontend endpoints of the frontdoor resource.') -param frontendEndpoints array = [] - -@description('Required. Heath probe settings of the frontdoor resource.') -param healthProbeSettings array = [] - -@description('Required. Load balancing settings of the frontdoor resource.') -param loadBalancingSettings array = [] - -@description('Required. Routing rules settings of the frontdoor resource.') -param routingRules array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'FrontdoorAccessLog' - 'FrontdoorWebApplicationFirewallLog' -]) -param logsToEnable array = [ - 'FrontdoorAccessLog' - 'FrontdoorWebApplicationFirewallLog' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param metricsToEnable array = [ - 'AllMetrics' -] - -var diagnosticsLogs = [for log in logsToEnable: { - category: log - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in metricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource frontDoor 'Microsoft.Network/frontDoors@2020-05-01' = { - name: name - location: 'global' - tags: tags - properties: { - backendPools: backendPools - backendPoolsSettings: { - enforceCertificateNameCheck: enforceCertificateNameCheck - sendRecvTimeoutSeconds: sendRecvTimeoutSeconds - } - enabledState: enabledState - friendlyName: friendlyName - frontendEndpoints: frontendEndpoints - healthProbeSettings: healthProbeSettings - loadBalancingSettings: loadBalancingSettings - routingRules: routingRules - } -} - -resource frontDoor_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${frontDoor.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: frontDoor -} - -resource frontDoor_diagnosticSettingName 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: '${frontDoor.name}-diagnosticSettings' - properties: { - storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId - workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId - eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId - eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName - metrics: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsMetrics - logs: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsLogs - } - scope: frontDoor -} - -module frontDoor_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: frontDoor.id - } -}] - -@description('The name of the front door.') -output name string = frontDoor.name - -@description('The resource ID of the front door.') -output resourceId string = frontDoor.id - -@description('The resource group the front door was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/frontDoors/readme.md b/modules/Microsoft.Network/frontDoors/readme.md deleted file mode 100644 index f3784be4d1..0000000000 --- a/modules/Microsoft.Network/frontDoors/readme.md +++ /dev/null @@ -1,395 +0,0 @@ -# Front Doors `[Microsoft.Network/frontDoors]` - -This module deploys Front Doors. - - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/frontDoors` | [2020-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/frontDoors) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `backendPools` | array | `[]` | Backend address pool of the frontdoor resource. | -| `enabledState` | string | `'Enabled'` | State of the frontdoor resource. | -| `friendlyName` | string | `''` | Friendly name of the frontdoor resource. | -| `frontendEndpoints` | array | `[]` | Frontend endpoints of the frontdoor resource. | -| `healthProbeSettings` | array | `[]` | Heath probe settings of the frontdoor resource. | -| `loadBalancingSettings` | array | `[]` | Load balancing settings of the frontdoor resource. | -| `name` | string | | The name of the frontDoor. | -| `routingRules` | array | `[]` | Routing rules settings of the frontdoor resource. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enforceCertificateNameCheck` | string | `'Disabled'` | | Enforce certificate name check of the frontdoor resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsToEnable` | array | `[FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | `[FrontdoorAccessLog, FrontdoorWebApplicationFirewallLog]` | The name of logs that will be streamed. | -| `metricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sendRecvTimeoutSeconds` | int | `600` | | Certificate name check time of the frontdoor resource. | -| `tags` | object | `{object}` | | Resource tags. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the front door. | -| `resourceGroupName` | string | The resource group the front door was deployed into. | -| `resourceId` | string | The resource ID of the front door. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fd-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backendPools": { - "value": [ - { - "name": "backendPool", - "properties": { - "backends": [ - { - "address": "biceptest.local", - "backendHostHeader": "backendAddress", - "httpPort": 80, - "httpsPort": 443, - "weight": 50, - "priority": 1, - "enabledState": "Enabled", - "privateLinkAlias": "", - "privateLinkApprovalMessage": "", - "privateLinkLocation": "", - "privateLinkResourceId": "" - } - ], - "LoadBalancingSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/LoadBalancingSettings/loadBalancer" - }, - "HealthProbeSettings": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/HealthProbeSettings/heathProbe" - } - } - } - ] - }, - "enforceCertificateNameCheck": { - "value": "Disabled" - }, - "sendRecvTimeoutSeconds": { - "value": 10 - }, - "frontendEndpoints": { - "value": [ - { - "name": "frontEnd", - "properties": { - "hostName": "<>-az-fd-x-001.azurefd.net", - "sessionAffinityEnabledState": "Disabled", - "sessionAffinityTtlSeconds": 60 - } - } - ] - }, - "healthProbeSettings": { - "value": [ - { - "name": "heathProbe", - "properties": { - "enabledState": "", - "healthProbeMethod": "", - "intervalInSeconds": 60, - "path": "/", - "protocol": "Https" - } - } - ] - }, - "loadBalancingSettings": { - "value": [ - { - "name": "loadBalancer", - "properties": { - "additionalLatencyMilliseconds": 0, - "sampleSize": 50, - "successfulSamplesRequired": 1 - } - } - ] - }, - "routingRules": { - "value": [ - { - "name": "routingRule", - "properties": { - "acceptedProtocols": [ - "Http", - "Https" - ], - "enabledState": "Enabled", - "frontendEndpoints": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/FrontendEndpoints/frontEnd" - } - ], - "patternsToMatch": [ - "/*" - ], - "routeConfiguration": { - "@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration", - "forwardingProtocol": "MatchRequest", - "backendPool": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/BackendPools/backendPool" - } - } - } - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module frontDoors './Microsoft.Network/frontDoors/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-frontDoors' - params: { - name: '<>-az-fd-x-001' - lock: 'CanNotDelete' - backendPools: [ - { - name: 'backendPool' - properties: { - backends: [ - { - address: 'biceptest.local' - backendHostHeader: 'backendAddress' - httpPort: 80 - httpsPort: 443 - weight: 50 - priority: 1 - enabledState: 'Enabled' - privateLinkAlias: '' - privateLinkApprovalMessage: '' - privateLinkLocation: '' - privateLinkResourceId: '' - } - ] - LoadBalancingSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/LoadBalancingSettings/loadBalancer' - } - HealthProbeSettings: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/HealthProbeSettings/heathProbe' - } - } - } - ] - enforceCertificateNameCheck: 'Disabled' - sendRecvTimeoutSeconds: 10 - frontendEndpoints: [ - { - name: 'frontEnd' - properties: { - hostName: '<>-az-fd-x-001.azurefd.net' - sessionAffinityEnabledState: 'Disabled' - sessionAffinityTtlSeconds: 60 - } - } - ] - healthProbeSettings: [ - { - name: 'heathProbe' - properties: { - enabledState: '' - healthProbeMethod: '' - intervalInSeconds: 60 - path: '/' - protocol: 'Https' - } - } - ] - loadBalancingSettings: [ - { - name: 'loadBalancer' - properties: { - additionalLatencyMilliseconds: 0 - sampleSize: 50 - successfulSamplesRequired: 1 - } - } - ] - routingRules: [ - { - name: 'routingRule' - properties: { - acceptedProtocols: [ - 'Http' - 'Https' - ] - enabledState: 'Enabled' - frontendEndpoints: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/FrontendEndpoints/frontEnd' - } - ] - patternsToMatch: [ - '/*' - ] - routeConfiguration: { - '@odata.type': '#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration' - forwardingProtocol: 'MatchRequest' - backendPool: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/frontDoors/<>-az-fd-x-001/BackendPools/backendPool' - } - } - } - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/frontDoors/version.json b/modules/Microsoft.Network/frontDoors/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/frontDoors/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 7ba5a78310..0000000000 --- a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource ipGroup 'Microsoft.Network/ipGroups@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(ipGroup.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: ipGroup -}] diff --git a/modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json b/modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json deleted file mode 100644 index b30fd0db80..0000000000 --- a/modules/Microsoft.Network/ipGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "iacsGroup-servers" - }, - "lock": { - "value": "CanNotDelete" - }, - "ipAddresses": { - "value": [ - "10.0.0.1", - "10.0.0.2" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/ipGroups/deploy.bicep b/modules/Microsoft.Network/ipGroups/deploy.bicep deleted file mode 100644 index 0f014a980f..0000000000 --- a/modules/Microsoft.Network/ipGroups/deploy.bicep +++ /dev/null @@ -1,79 +0,0 @@ -@description('Required. The name of the ipGroups.') -@minLength(1) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. IpAddresses/IpAddressPrefixes in the IpGroups resource.') -param ipAddresses array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource ipGroup 'Microsoft.Network/ipGroups@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - ipAddresses: ipAddresses - } -} - -resource ipGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${ipGroup.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: ipGroup -} - -module ipGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-IPGroup-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: ipGroup.id - } -}] - -@description('The resource ID of the IP group.') -output resourceId string = ipGroup.id - -@description('The resource group of the IP group was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the IP group.') -output name string = ipGroup.name - -@description('The location the resource was deployed into.') -output location string = ipGroup.location diff --git a/modules/Microsoft.Network/ipGroups/readme.md b/modules/Microsoft.Network/ipGroups/readme.md deleted file mode 100644 index 9a185fe6b9..0000000000 --- a/modules/Microsoft.Network/ipGroups/readme.md +++ /dev/null @@ -1,215 +0,0 @@ -# IP Groups `[Microsoft.Network/ipGroups]` - -This module deploys an IP group. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/ipGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/ipGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the ipGroups. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipAddresses` | array | `[]` | | IpAddresses/IpAddressPrefixes in the IpGroups resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the IP group. | -| `resourceGroupName` | string | The resource group of the IP group was deployed into. | -| `resourceId` | string | The resource ID of the IP group. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "iacsGroup-servers" - }, - "lock": { - "value": "CanNotDelete" - }, - "ipAddresses": { - "value": [ - "10.0.0.1", - "10.0.0.2" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module ipGroups './Microsoft.Network/ipGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-ipGroups' - params: { - name: 'iacsGroup-servers' - lock: 'CanNotDelete' - ipAddresses: [ - '10.0.0.1' - '10.0.0.2' - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/ipGroups/version.json b/modules/Microsoft.Network/ipGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/ipGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index cfde136ee4..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,59 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(loadBalancer.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: loadBalancer -}] diff --git a/modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json deleted file mode 100644 index 4c3ffb022f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.deploymentTests/internal.parameters.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-internal-001" - }, - "loadBalancerSku": { - "value": "Standard" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "privateIPConfig1", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "servers" - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": "62000", - "intervalInSeconds": 5, - "numberOfProbes": 2 - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "privateIPLBRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 0, - "backendPort": 0, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "All", - "loadDistribution": "Default", - "probeName": "probe1", - "disableOutboundSnat": true, - "enableTcpReset": false, - "backendAddressPoolName": "servers" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json deleted file mode 100644 index 695027dc9f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-min-001" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json b/modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json deleted file mode 100644 index df44d93edf..0000000000 --- a/modules/Microsoft.Network/loadBalancers/.deploymentTests/parameters.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "backendAddressPool1" - }, - { - "name": "backendAddressPool2" - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "publicIPLBRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "protocol": "Tcp", - "enableTcpReset": false, - "loadDistribution": "Default", - "disableOutboundSnat": true, - "probeName": "probe1", - "backendAddressPoolName": "backendAddressPool1" - }, - { - "name": "publicIPLBRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 8080, - "backendPort": 8080, - "loadDistribution": "Default", - "probeName": "probe2", - "backendAddressPoolName": "backendAddressPool2" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "outboundRules": { - "value": [ - { - "name": "outboundRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "backendAddressPoolName": "backendAddressPool1", - "allocatedOutboundPorts": 63984 - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": 80, - "intervalInSeconds": 10, - "numberOfProbes": 5 - }, - { - "name": "probe2", - "protocol": "Https", - "port": 443, - "requestPath": "/" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep b/modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep deleted file mode 100644 index 7b71222a1f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/backendAddressPools/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@description('Conditional. The name of the parent load balancer. Required if the template is used in a standalone deployment.') -param loadBalancerName string - -@description('Required. The name of the backend address pool.') -param name string - -@description('Optional. An array of backend addresses.') -param loadBalancerBackendAddresses array = [] - -@description('Optional. An array of gateway load balancer tunnel interfaces.') -param tunnelInterfaces array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' existing = { - name: loadBalancerName -} - -resource backendAddressPool 'Microsoft.Network/loadBalancers/backendAddressPools@2021-05-01' = { - name: name - properties: { - loadBalancerBackendAddresses: loadBalancerBackendAddresses - tunnelInterfaces: tunnelInterfaces - } - parent: loadBalancer -} - -@description('The name of the backend address pool.') -output name string = backendAddressPool.name - -@description('The resource ID of the backend address pool.') -output resourceId string = backendAddressPool.id - -@description('The resource group the backend address pool was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md b/modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md deleted file mode 100644 index 927002a6aa..0000000000 --- a/modules/Microsoft.Network/loadBalancers/backendAddressPools/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Load Balancers Backend Address Pools `[Microsoft.Network/loadBalancers/backendAddressPools]` - -This module deploys load balancer backend address pools. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/loadBalancers/backendAddressPools` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the backend address pool. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `loadBalancerName` | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `loadBalancerBackendAddresses` | array | `[]` | An array of backend addresses. | -| `tunnelInterfaces` | array | `[]` | An array of gateway load balancer tunnel interfaces. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the backend address pool. | -| `resourceGroupName` | string | The resource group the backend address pool was deployed into. | -| `resourceId` | string | The resource ID of the backend address pool. | diff --git a/modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json b/modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/loadBalancers/backendAddressPools/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/loadBalancers/deploy.bicep b/modules/Microsoft.Network/loadBalancers/deploy.bicep deleted file mode 100644 index db0c0aa54f..0000000000 --- a/modules/Microsoft.Network/loadBalancers/deploy.bicep +++ /dev/null @@ -1,273 +0,0 @@ -@description('Required. The Proximity Placement Groups Name.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Name of a load balancer SKU.') -@allowed([ - 'Basic' - 'Standard' -]) -param loadBalancerSku string = 'Standard' - -@description('Required. Array of objects containing all frontend IP configurations.') -@minLength(1) -param frontendIPConfigurations array - -@description('Optional. Collection of backend address pools used by a load balancer.') -param backendAddressPools array = [] - -@description('Optional. Array of objects containing all load balancing rules.') -param loadBalancingRules array = [] - -@description('Optional. Array of objects containing all probes, these are references in the load balancing rules.') -param probes array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules.') -param inboundNatRules array = [] - -@description('Optional. The outbound rules.') -param outboundRules array = [] - -var frontendIPConfigurations_var = [for (frontendIPConfiguration, index) in frontendIPConfigurations: { - name: frontendIPConfiguration.name - properties: { - subnet: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId) ? { - id: frontendIPConfiguration.subnetId - } : null - publicIPAddress: contains(frontendIPConfiguration, 'publicIPAddressId') && !empty(frontendIPConfiguration.publicIPAddressId) ? { - id: frontendIPConfiguration.publicIPAddressId - } : null - privateIPAddress: contains(frontendIPConfiguration, 'privateIPAddress') && !empty(frontendIPConfiguration.privateIPAddress) ? frontendIPConfiguration.privateIPAddress : null - privateIPAddressVersion: contains(frontendIPConfiguration, 'privateIPAddressVersion') ? frontendIPConfiguration.privateIPAddressVersion : 'IPv4' - privateIPAllocationMethod: contains(frontendIPConfiguration, 'subnetId') && !empty(frontendIPConfiguration.subnetId) ? (contains(frontendIPConfiguration, 'privateIPAddress') ? 'Static' : 'Dynamic') : null - gatewayLoadBalancer: contains(frontendIPConfiguration, 'gatewayLoadBalancer') && !empty(frontendIPConfiguration.gatewayLoadBalancer) ? { - id: frontendIPConfiguration.gatewayLoadBalancer - } : null - publicIPPrefix: contains(frontendIPConfiguration, 'publicIPPrefix') && !empty(frontendIPConfiguration.publicIPPrefix) ? { - id: frontendIPConfiguration.publicIPPrefix - } : null - } -}] - -var loadBalancingRules_var = [for loadBalancingRule in loadBalancingRules: { - name: loadBalancingRule.name - properties: { - backendAddressPool: { - id: az.resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, loadBalancingRule.backendAddressPoolName) - } - backendPort: loadBalancingRule.backendPort - disableOutboundSnat: contains(loadBalancingRule, 'disableOutboundSnat') ? loadBalancingRule.disableOutboundSnat : true - enableFloatingIP: contains(loadBalancingRule, 'enableFloatingIP') ? loadBalancingRule.enableFloatingIP : false - enableTcpReset: contains(loadBalancingRule, 'enableTcpReset') ? loadBalancingRule.enableTcpReset : false - frontendIPConfiguration: { - id: az.resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', name, loadBalancingRule.frontendIPConfigurationName) - } - frontendPort: loadBalancingRule.frontendPort - idleTimeoutInMinutes: contains(loadBalancingRule, 'idleTimeoutInMinutes') ? loadBalancingRule.idleTimeoutInMinutes : 4 - loadDistribution: contains(loadBalancingRule, 'loadDistribution') ? loadBalancingRule.loadDistribution : 'Default' - probe: { - id: '${az.resourceId('Microsoft.Network/loadBalancers', name)}/probes/${loadBalancingRule.probeName}' - } - protocol: contains(loadBalancingRule, 'protocol') ? loadBalancingRule.protocol : 'Tcp' - } -}] - -var outboundRules_var = [for outboundRule in outboundRules: { - name: outboundRule.name - properties: { - frontendIPConfigurations: [ - { - id: az.resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', name, outboundRule.frontendIPConfigurationName) - } - ] - backendAddressPool: { - id: az.resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, outboundRule.backendAddressPoolName) - } - protocol: contains(outboundRule, 'protocol') ? outboundRule.protocol : 'All' - allocatedOutboundPorts: contains(outboundRule, 'allocatedOutboundPorts') ? outboundRule.allocatedOutboundPorts : 63984 - enableTcpReset: contains(outboundRule, 'enableTcpReset') ? outboundRule.enableTcpReset : true - idleTimeoutInMinutes: contains(outboundRule, 'idleTimeoutInMinutes') ? outboundRule.idleTimeoutInMinutes : 4 - } -}] - -var probes_var = [for probe in probes: { - name: probe.name - properties: { - protocol: contains(probe, 'protocol') ? probe.protocol : 'Tcp' - requestPath: toLower(probe.protocol) != 'tcp' ? probe.requestPath : null - port: contains(probe, 'port') ? probe.port : 80 - intervalInSeconds: contains(probe, 'intervalInSeconds') ? probe.intervalInSeconds : 5 - numberOfProbes: contains(probe, 'numberOfProbes') ? probe.numberOfProbes : 2 - } -}] - -var backendAddressPoolNames = [for backendAddressPool in backendAddressPools: { - name: backendAddressPool.name -}] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var enableReferencedModulesTelemetry = false - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: loadBalancerSku - } - properties: { - frontendIPConfigurations: frontendIPConfigurations_var - loadBalancingRules: loadBalancingRules_var - backendAddressPools: backendAddressPoolNames - outboundRules: outboundRules_var - probes: probes_var - } -} - -module loadBalancer_backendAddressPools 'backendAddressPools/deploy.bicep' = [for (backendAddressPool, index) in backendAddressPools: { - name: '${uniqueString(deployment().name, location)}-loadBalancer-backendAddressPools-${index}' - params: { - loadBalancerName: loadBalancer.name - name: backendAddressPool.name - tunnelInterfaces: contains(backendAddressPool, 'tunnelInterfaces') && !empty(backendAddressPool.tunnelInterfaces) ? backendAddressPool.tunnelInterfaces : [] - loadBalancerBackendAddresses: contains(backendAddressPool, 'loadBalancerBackendAddresses') && !empty(backendAddressPool.loadBalancerBackendAddresses) ? backendAddressPool.loadBalancerBackendAddresses : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module loadBalancer_inboundNATRules 'inboundNatRules/deploy.bicep' = [for (inboundNATRule, index) in inboundNatRules: { - name: '${uniqueString(deployment().name, location)}-LoadBalancer-inboundNatRules-${index}' - params: { - loadBalancerName: loadBalancer.name - name: inboundNATRule.name - frontendIPConfigurationName: inboundNATRule.frontendIPConfigurationName - frontendPort: inboundNATRule.frontendPort - backendPort: contains(inboundNATRule, 'backendPort') ? inboundNATRule.backendPort : inboundNATRule.frontendPort - backendAddressPoolName: contains(inboundNATRule, 'backendAddressPoolName') ? inboundNATRule.backendAddressPoolName : '' - enableFloatingIP: contains(inboundNATRule, 'enableFloatingIP') ? inboundNATRule.enableFloatingIP : false - enableTcpReset: contains(inboundNATRule, 'enableTcpReset') ? inboundNATRule.enableTcpReset : false - frontendPortRangeEnd: contains(inboundNATRule, 'frontendPortRangeEnd') ? inboundNATRule.frontendPortRangeEnd : -1 - frontendPortRangeStart: contains(inboundNATRule, 'frontendPortRangeStart') ? inboundNATRule.frontendPortRangeStart : -1 - idleTimeoutInMinutes: contains(inboundNATRule, 'idleTimeoutInMinutes') ? inboundNATRule.idleTimeoutInMinutes : 4 - protocol: contains(inboundNATRule, 'protocol') ? inboundNATRule.protocol : 'Tcp' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - loadBalancer_backendAddressPools - ] -}] - -resource loadBalancer_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${loadBalancer.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: loadBalancer -} - -resource loadBalancer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - } - scope: loadBalancer -} - -module loadBalancer_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-LoadBalancer-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: loadBalancer.id - } -}] - -@description('The name of the load balancer.') -output name string = loadBalancer.name - -@description('The resource ID of the load balancer.') -output resourceId string = loadBalancer.id - -@description('The resource group the load balancer was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The backend address pools available in the load balancer.') -output backendpools array = loadBalancer.properties.backendAddressPools - -@description('The location the resource was deployed into.') -output location string = loadBalancer.location diff --git a/modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep b/modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep deleted file mode 100644 index 24edb5b733..0000000000 --- a/modules/Microsoft.Network/loadBalancers/inboundNatRules/deploy.bicep +++ /dev/null @@ -1,97 +0,0 @@ -@description('Conditional. The name of the parent load balancer. Required if the template is used in a standalone deployment.') -param loadBalancerName string - -@description('Required. The name of the inbound NAT rule.') -param name string - -@description('Required. The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer.') -@minValue(1) -@maxValue(65534) -param frontendPort int - -@description('Optional. The port used for the internal endpoint.') -@minValue(1) -@maxValue(65535) -param backendPort int = frontendPort - -@description('Optional. Name of the backend address pool.') -param backendAddressPoolName string = '' - -@description('Optional. Configures a virtual machine\'s endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can\'t be changed after you create the endpoint.') -param enableFloatingIP bool = false - -@description('Optional. Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP.') -param enableTcpReset bool = false - -@description('Required. The name of the frontend IP address to set for the inbound NAT rule.') -param frontendIPConfigurationName string - -@description('Optional. The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool.') -@minValue(-1) -@maxValue(65534) -param frontendPortRangeEnd int = -1 - -@description('Optional. The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool.') -@minValue(-1) -@maxValue(65534) -param frontendPortRangeStart int = -1 - -@description('Optional. The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP.') -param idleTimeoutInMinutes int = 4 - -@description('Optional. The transport protocol for the endpoint.') -@allowed([ - 'All' - 'Tcp' - 'Udp' -]) -param protocol string = 'Tcp' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' existing = { - name: loadBalancerName -} - -resource inboundNatRule 'Microsoft.Network/loadBalancers/inboundNatRules@2021-05-01' = { - name: name - properties: { - frontendPort: frontendPort - backendPort: backendPort - backendAddressPool: !empty(backendAddressPoolName) ? { - id: az.resourceId('Microsoft.Network/loadBalancers/backendAddressPools', name, backendAddressPoolName) - } : null - enableFloatingIP: enableFloatingIP - enableTcpReset: enableTcpReset - frontendIPConfiguration: { - id: '${loadBalancer.id}/frontendIPConfigurations/${frontendIPConfigurationName}' - } - frontendPortRangeStart: frontendPortRangeStart != -1 ? frontendPortRangeStart : null - frontendPortRangeEnd: frontendPortRangeEnd != -1 ? frontendPortRangeEnd : null - idleTimeoutInMinutes: idleTimeoutInMinutes - protocol: protocol - } - parent: loadBalancer -} - -@description('The name of the inbound NAT rule.') -output name string = inboundNatRule.name - -@description('The resource ID of the inbound NAT rule.') -output resourceId string = inboundNatRule.id - -@description('The resource group the inbound NAT rule was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md b/modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md deleted file mode 100644 index fee70c9b38..0000000000 --- a/modules/Microsoft.Network/loadBalancers/inboundNatRules/readme.md +++ /dev/null @@ -1,51 +0,0 @@ -# Load Balancer Inbound NAT Rules `[Microsoft.Network/loadBalancers/inboundNatRules]` - -This module deploys load balancers inbound NAT rules. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/loadBalancers/inboundNatRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `frontendIPConfigurationName` | string | The name of the frontend IP address to set for the inbound NAT rule. | -| `frontendPort` | int | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. | -| `name` | string | The name of the inbound NAT rule. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `loadBalancerName` | string | The name of the parent load balancer. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backendAddressPoolName` | string | `''` | | Name of the backend address pool. | -| `backendPort` | int | `[parameters('frontendPort')]` | | The port used for the internal endpoint. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableFloatingIP` | bool | `False` | | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. | -| `enableTcpReset` | bool | `False` | | Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. | -| `frontendPortRangeEnd` | int | `-1` | | The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | -| `frontendPortRangeStart` | int | `-1` | | The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. | -| `idleTimeoutInMinutes` | int | `4` | | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | -| `protocol` | string | `'Tcp'` | `[All, Tcp, Udp]` | The transport protocol for the endpoint. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the inbound NAT rule. | -| `resourceGroupName` | string | The resource group the inbound NAT rule was deployed into. | -| `resourceId` | string | The resource ID of the inbound NAT rule. | diff --git a/modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json b/modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/loadBalancers/inboundNatRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/loadBalancers/readme.md b/modules/Microsoft.Network/loadBalancers/readme.md deleted file mode 100644 index dc3386a169..0000000000 --- a/modules/Microsoft.Network/loadBalancers/readme.md +++ /dev/null @@ -1,956 +0,0 @@ -# Load Balancers `[Microsoft.Network/loadBalancers]` - -This module deploys a load balancer. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/loadBalancers` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers) | -| `Microsoft.Network/loadBalancers/backendAddressPools` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/backendAddressPools) | -| `Microsoft.Network/loadBalancers/inboundNatRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/loadBalancers/inboundNatRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `frontendIPConfigurations` | array | Array of objects containing all frontend IP configurations. | -| `name` | string | The Proximity Placement Groups Name. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backendAddressPools` | _[backendAddressPools](backendAddressPools/readme.md)_ array | `[]` | | Collection of backend address pools used by a load balancer. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `inboundNatRules` | _[inboundNatRules](inboundNatRules/readme.md)_ array | `[]` | | Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. | -| `loadBalancerSku` | string | `'Standard'` | `[Basic, Standard]` | Name of a load balancer SKU. | -| `loadBalancingRules` | array | `[]` | | Array of objects containing all load balancing rules. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `outboundRules` | array | `[]` | | The outbound rules. | -| `probes` | array | `[]` | | Array of objects containing all probes, these are references in the load balancing rules. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `frontendIPConfigurations` - -

- -Parameter JSON format - -```json -"frontendIPConfigurations": { - "value": [ - { - "name": "p_hub-bfw-server-feip", - "properties": { - "publicIPAddressId": "[reference(variables('deploymentPIP-VPN')).outputs.publicIPAddressResourceId.value]", - "subnetId": "", - "privateIPAddress": "" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -frontendIPConfigurations: [ - { - name: 'p_hub-bfw-server-feip' - properties: { - publicIPAddressId: '[reference(variables('deploymentPIP-VPN')).outputs.publicIPAddressResourceId.value]' - subnetId: '' - privateIPAddress: '' - } - } -] -``` - -
-

- -### Parameter Usage: `backendAddressPools` - -

- -Parameter JSON format - -```json -"backendAddressPools": { - "value": [ - { - "name": "p_hub-bfw-server-bepool", - "properties": { - "loadBalancerBackendAddresses": [ - { - "name": "iacs-sh-main-pd-01-euw-rg-network_awefwa01p-nic-int-01ipconfig-internal", - "properties": { - "virtualNetwork": { - "id": "[reference(variables('deploymentVNET')).outputs.vNetResourceId.value]" - }, - "ipAddress": "172.22.232.5" - } - }, - { - "name": "iacs-sh-main-pd-01-euw-rg-network_awefwa01p-ha-nic-int-01ipconfig-internal", - "properties": { - "virtualNetwork": { - "id": "[reference(variables('deploymentVNET')).outputs.vNetResourceId.value]" - }, - "ipAddress": "172.22.232.6" - } - } - ] - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -backendAddressPools: [ - { - name: 'p_hub-bfw-server-bepool' - properties: { - loadBalancerBackendAddresses: [ - { - name: 'iacs-sh-main-pd-01-euw-rg-network_awefwa01p-nic-int-01ipconfig-internal' - properties: { - virtualNetwork: { - id: '[reference(variables('deploymentVNET')).outputs.vNetResourceId.value]' - } - ipAddress: '172.22.232.5' - } - } - { - name: 'iacs-sh-main-pd-01-euw-rg-network_awefwa01p-ha-nic-int-01ipconfig-internal' - properties: { - virtualNetwork: { - id: '[reference(variables('deploymentVNET')).outputs.vNetResourceId.value]' - } - ipAddress: '172.22.232.6' - } - } - ] - } - } -] -``` - -
-

- -### Parameter Usage: `loadBalancingRules` - -

- -Parameter JSON format - -```json -"loadBalancingRules": { - "value": [ - { - "name": "p_hub-bfw-server-IPSEC-IKE-lbrule", - "properties": { - "frontendIPConfigurationName": "p_hub-bfw-server-feip", - "backendAddressPoolName": "p_hub-bfw-server-bepool", - "protocol": "Udp", - "frontendPort": 500, - "backendPort": 500, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "probeName": "p_hub-bfw-server-tcp-65001-probe" - } - }, - { - "name": "p_hub-bfw-server-IPSEC-NATT-lbrule", - "properties": { - "frontendIPConfigurationName": "p_hub-bfw-server-feip", - "backendAddressPoolName": "p_hub-bfw-server-bepool", - "protocol": "Udp", - "frontendPort": 4500, - "backendPort": 4500, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "probeName": "p_hub-bfw-server-tcp-65001-probe" - } - }, - { - "name": "p_hub-bfw-server-TINA-UDP-lbrule", - "properties": { - "frontendIPConfigurationName": "p_hub-bfw-server-feip", - "backendAddressPoolName": "p_hub-bfw-server-bepool", - "protocol": "Udp", - "frontendPort": 691, - "backendPort": 691, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "probeName": "p_hub-bfw-server-tcp-65001-probe" - } - }, - { - "name": "p_hub-bfw-server-TINA-TCP-lbrule", - "properties": { - "frontendIPConfigurationName": "p_hub-bfw-server-feip", - "backendAddressPoolName": "p_hub-bfw-server-bepool", - "protocol": "Tcp", - "frontendPort": 691, - "backendPort": 691, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "probeName": "p_hub-bfw-server-tcp-65001-probe" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -loadBalancingRules: [ - { - name: 'p_hub-bfw-server-IPSEC-IKE-lbrule' - properties: { - frontendIPConfigurationName: 'p_hub-bfw-server-feip' - backendAddressPoolName: 'p_hub-bfw-server-bepool' - protocol: 'Udp' - frontendPort: 500 - backendPort: 500 - enableFloatingIP: false - idleTimeoutInMinutes: 5 - probeName: 'p_hub-bfw-server-tcp-65001-probe' - } - } - { - name: 'p_hub-bfw-server-IPSEC-NATT-lbrule' - properties: { - frontendIPConfigurationName: 'p_hub-bfw-server-feip' - backendAddressPoolName: 'p_hub-bfw-server-bepool' - protocol: 'Udp' - frontendPort: 4500 - backendPort: 4500 - enableFloatingIP: false - idleTimeoutInMinutes: 5 - probeName: 'p_hub-bfw-server-tcp-65001-probe' - } - } - { - name: 'p_hub-bfw-server-TINA-UDP-lbrule' - properties: { - frontendIPConfigurationName: 'p_hub-bfw-server-feip' - backendAddressPoolName: 'p_hub-bfw-server-bepool' - protocol: 'Udp' - frontendPort: 691 - backendPort: 691 - enableFloatingIP: false - idleTimeoutInMinutes: 5 - probeName: 'p_hub-bfw-server-tcp-65001-probe' - } - } - { - name: 'p_hub-bfw-server-TINA-TCP-lbrule' - properties: { - frontendIPConfigurationName: 'p_hub-bfw-server-feip' - backendAddressPoolName: 'p_hub-bfw-server-bepool' - protocol: 'Tcp' - frontendPort: 691 - backendPort: 691 - enableFloatingIP: false - idleTimeoutInMinutes: 5 - probeName: 'p_hub-bfw-server-tcp-65001-probe' - } - } -] -``` - -
-

- -### Parameter Usage: `probes` - -

- -Parameter JSON format - -```json -"probes": { - "value": [ - { - "name": "p_hub-bfw-server-tcp-65001-probe", - "properties": { - "protocol": "Tcp", - "port": 65001, - "intervalInSeconds": 5, - "numberOfProbes": 2 - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -probes: [ - { - name: 'p_hub-bfw-server-tcp-65001-probe' - properties: { - protocol: 'Tcp' - port: 65001 - intervalInSeconds: 5 - numberOfProbes: 2 - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `backendpools` | array | The backend address pools available in the load balancer. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the load balancer. | -| `resourceGroupName` | string | The resource group the load balancer was deployed into. | -| `resourceId` | string | The resource ID of the load balancer. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-internal-001" - }, - "loadBalancerSku": { - "value": "Standard" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "privateIPConfig1", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "servers" - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": "62000", - "intervalInSeconds": 5, - "numberOfProbes": 2 - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "privateIPLBRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 0, - "backendPort": 0, - "enableFloatingIP": true, - "idleTimeoutInMinutes": 4, - "protocol": "All", - "loadDistribution": "Default", - "probeName": "probe1", - "disableOutboundSnat": true, - "enableTcpReset": false, - "backendAddressPoolName": "servers" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "privateIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-loadBalancers' - params: { - name: '<>-az-lb-internal-001' - loadBalancerSku: 'Standard' - frontendIPConfigurations: [ - { - name: 'privateIPConfig1' - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - } - ] - backendAddressPools: [ - { - name: 'servers' - } - ] - probes: [ - { - name: 'probe1' - protocol: 'Tcp' - port: '62000' - intervalInSeconds: 5 - numberOfProbes: 2 - } - ] - loadBalancingRules: [ - { - name: 'privateIPLBRule1' - frontendIPConfigurationName: 'privateIPConfig1' - frontendPort: 0 - backendPort: 0 - enableFloatingIP: true - idleTimeoutInMinutes: 4 - protocol: 'All' - loadDistribution: 'Default' - probeName: 'probe1' - disableOutboundSnat: true - enableTcpReset: false - backendAddressPoolName: 'servers' - } - ] - inboundNatRules: [ - { - name: 'inboundNatRule1' - frontendIPConfigurationName: 'privateIPConfig1' - frontendPort: 443 - backendPort: 443 - enableFloatingIP: false - idleTimeoutInMinutes: 4 - protocol: 'Tcp' - enableTcpReset: false - } - { - name: 'inboundNatRule2' - frontendIPConfigurationName: 'privateIPConfig1' - frontendPort: 3389 - backendPort: 3389 - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-min-001" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-loadBalancers' - params: { - name: '<>-az-lb-min-001' - frontendIPConfigurations: [ - { - name: 'publicIPConfig1' - publicIPAddressId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-min-lb' - } - ] - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lb-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "frontendIPConfigurations": { - "value": [ - { - "name": "publicIPConfig1", - "publicIPAddressId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb" - } - ] - }, - "backendAddressPools": { - "value": [ - { - "name": "backendAddressPool1" - }, - { - "name": "backendAddressPool2" - } - ] - }, - "loadBalancingRules": { - "value": [ - { - "name": "publicIPLBRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 80, - "backendPort": 80, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 5, - "protocol": "Tcp", - "enableTcpReset": false, - "loadDistribution": "Default", - "disableOutboundSnat": true, - "probeName": "probe1", - "backendAddressPoolName": "backendAddressPool1" - }, - { - "name": "publicIPLBRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 8080, - "backendPort": 8080, - "loadDistribution": "Default", - "probeName": "probe2", - "backendAddressPoolName": "backendAddressPool2" - } - ] - }, - "inboundNatRules": { - "value": [ - { - "name": "inboundNatRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 443, - "backendPort": 443, - "enableFloatingIP": false, - "idleTimeoutInMinutes": 4, - "protocol": "Tcp", - "enableTcpReset": false - }, - { - "name": "inboundNatRule2", - "frontendIPConfigurationName": "publicIPConfig1", - "frontendPort": 3389, - "backendPort": 3389 - } - ] - }, - "outboundRules": { - "value": [ - { - "name": "outboundRule1", - "frontendIPConfigurationName": "publicIPConfig1", - "backendAddressPoolName": "backendAddressPool1", - "allocatedOutboundPorts": 63984 - } - ] - }, - "probes": { - "value": [ - { - "name": "probe1", - "protocol": "Tcp", - "port": 80, - "intervalInSeconds": 10, - "numberOfProbes": 5 - }, - { - "name": "probe2", - "protocol": "Https", - "port": 443, - "requestPath": "/" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module loadBalancers './Microsoft.Network/loadBalancers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-loadBalancers' - params: { - name: '<>-az-lb-x-001' - lock: 'CanNotDelete' - frontendIPConfigurations: [ - { - name: 'publicIPConfig1' - publicIPAddressId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/publicIPAddresses/adp-<>-az-pip-x-lb' - } - ] - backendAddressPools: [ - { - name: 'backendAddressPool1' - } - { - name: 'backendAddressPool2' - } - ] - loadBalancingRules: [ - { - name: 'publicIPLBRule1' - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 80 - backendPort: 80 - enableFloatingIP: false - idleTimeoutInMinutes: 5 - protocol: 'Tcp' - enableTcpReset: false - loadDistribution: 'Default' - disableOutboundSnat: true - probeName: 'probe1' - backendAddressPoolName: 'backendAddressPool1' - } - { - name: 'publicIPLBRule2' - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 8080 - backendPort: 8080 - loadDistribution: 'Default' - probeName: 'probe2' - backendAddressPoolName: 'backendAddressPool2' - } - ] - inboundNatRules: [ - { - name: 'inboundNatRule1' - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 443 - backendPort: 443 - enableFloatingIP: false - idleTimeoutInMinutes: 4 - protocol: 'Tcp' - enableTcpReset: false - } - { - name: 'inboundNatRule2' - frontendIPConfigurationName: 'publicIPConfig1' - frontendPort: 3389 - backendPort: 3389 - } - ] - outboundRules: [ - { - name: 'outboundRule1' - frontendIPConfigurationName: 'publicIPConfig1' - backendAddressPoolName: 'backendAddressPool1' - allocatedOutboundPorts: 63984 - } - ] - probes: [ - { - name: 'probe1' - protocol: 'Tcp' - port: 80 - intervalInSeconds: 10 - numberOfProbes: 5 - } - { - name: 'probe2' - protocol: 'Https' - port: 443 - requestPath: '/' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/loadBalancers/version.json b/modules/Microsoft.Network/loadBalancers/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/loadBalancers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 13456f25a4..0000000000 --- a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-08-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(localNetworkGateway.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: localNetworkGateway -}] diff --git a/modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json b/modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json deleted file mode 100644 index f2d289d373..0000000000 --- a/modules/Microsoft.Network/localNetworkGateways/.deploymentTests/parameters.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lng-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "localAddressPrefixes": { - "value": [ - "192.168.1.0/24" - ] - }, - "localGatewayPublicIpAddress": { - "value": "8.8.8.8" - }, - "localAsn": { - "value": "65123" - }, - "localBgpPeeringAddress": { - "value": "192.168.1.5" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/localNetworkGateways/deploy.bicep b/modules/Microsoft.Network/localNetworkGateways/deploy.bicep deleted file mode 100644 index 085112ac98..0000000000 --- a/modules/Microsoft.Network/localNetworkGateways/deploy.bicep +++ /dev/null @@ -1,105 +0,0 @@ -@description('Required. Name of the Local Network Gateway.') -@minLength(1) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. List of the local (on-premises) IP address ranges.') -param localAddressPrefixes array - -@description('Required. Public IP of the local gateway.') -param localGatewayPublicIpAddress string - -@description('Optional. The BGP speaker\'s ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource.') -param localAsn string = '' - -@description('Optional. The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource.') -param localBgpPeeringAddress string = '' - -@description('Optional. The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided.') -param localPeerWeight string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. FQDN of local network gateway.') -param fqdn string = '' - -var bgpSettings = { - asn: localAsn - bgpPeeringAddress: localBgpPeeringAddress - peerWeight: !empty(localPeerWeight) ? localPeerWeight : '0' -} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-08-01' = { - name: name - location: location - tags: tags - properties: { - localNetworkAddressSpace: { - addressPrefixes: localAddressPrefixes - } - fqdn: !empty(fqdn) ? fqdn : null - gatewayIpAddress: localGatewayPublicIpAddress - bgpSettings: !empty(localAsn) && !empty(localBgpPeeringAddress) ? bgpSettings : null - } -} - -resource localNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${localNetworkGateway.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: localNetworkGateway -} - -module localNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-LocalNetworkGateway-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: localNetworkGateway.id - } -}] - -@description('The resource ID of the local network gateway.') -output resourceId string = localNetworkGateway.id - -@description('The resource group the local network gateway was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the local network gateway.') -output name string = localNetworkGateway.name - -@description('The location the resource was deployed into.') -output location string = localNetworkGateway.location diff --git a/modules/Microsoft.Network/localNetworkGateways/readme.md b/modules/Microsoft.Network/localNetworkGateways/readme.md deleted file mode 100644 index 51276b735a..0000000000 --- a/modules/Microsoft.Network/localNetworkGateways/readme.md +++ /dev/null @@ -1,230 +0,0 @@ -# Local Network Gateways `[Microsoft.Network/localNetworkGateways]` - -This module deploys a local network gateway. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/localNetworkGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/localNetworkGateways) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `localAddressPrefixes` | array | List of the local (on-premises) IP address ranges. | -| `localGatewayPublicIpAddress` | string | Public IP of the local gateway. | -| `name` | string | Name of the Local Network Gateway. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `fqdn` | string | `''` | | FQDN of local network gateway. | -| `localAsn` | string | `''` | | The BGP speaker's ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | -| `localBgpPeeringAddress` | string | `''` | | The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. | -| `localPeerWeight` | string | `''` | | The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the local network gateway. | -| `resourceGroupName` | string | The resource group the local network gateway was deployed into. | -| `resourceId` | string | The resource ID of the local network gateway. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-lng-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "localAddressPrefixes": { - "value": [ - "192.168.1.0/24" - ] - }, - "localGatewayPublicIpAddress": { - "value": "8.8.8.8" - }, - "localAsn": { - "value": "65123" - }, - "localBgpPeeringAddress": { - "value": "192.168.1.5" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module localNetworkGateways './Microsoft.Network/localNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-localNetworkGateways' - params: { - name: '<>-az-lng-x-001' - lock: 'CanNotDelete' - localAddressPrefixes: [ - '192.168.1.0/24' - ] - localGatewayPublicIpAddress: '8.8.8.8' - localAsn: '65123' - localBgpPeeringAddress: '192.168.1.5' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/localNetworkGateways/version.json b/modules/Microsoft.Network/localNetworkGateways/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/localNetworkGateways/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index f39bd3d187..0000000000 --- a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource natGateway 'Microsoft.Network/natGateways@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(natGateway.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: natGateway -}] diff --git a/modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json b/modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json deleted file mode 100644 index ec9c2014d9..0000000000 --- a/modules/Microsoft.Network/natGateways/.deploymentTests/parameters.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ngw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "natGatewayPublicIpAddress": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/natGateways/deploy.bicep b/modules/Microsoft.Network/natGateways/deploy.bicep deleted file mode 100644 index df4e49b9fe..0000000000 --- a/modules/Microsoft.Network/natGateways/deploy.bicep +++ /dev/null @@ -1,217 +0,0 @@ -@description('Required. Name of the Azure Bastion resource.') -param name string - -@description('Optional. The idle timeout of the nat gateway.') -param idleTimeoutInMinutes int = 5 - -@description('Optional. Use to have a new Public IP Address created for the NAT Gateway.') -param natGatewayPublicIpAddress bool = false - -@description('Optional. Specifies the name of the Public IP used by the NAT Gateway. If it\'s not provided, a \'-pip\' suffix will be appended to the Bastion\'s name.') -param natGatewayPipName string = '' - -@description('Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix.') -param natGatewayPublicIPPrefixId string = '' - -@description('Optional. DNS name of the Public IP resource. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com.') -param natGatewayDomainNameLabel string = '' - -@description('Optional. Existing Public IP Address resource names to use for the NAT Gateway.') -param publicIpAddresses array = [] - -@description('Optional. Existing Public IP Prefixes resource names to use for the NAT Gateway.') -param publicIpPrefixes array = [] - -@description('Optional. A list of availability zones denoting the zone in which Nat Gateway should be deployed.') -param zones array = [] - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags for the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -]) -param diagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var natGatewayPipName_var = (empty(natGatewayPipName) ? '${name}-pip' : natGatewayPipName) -var natGatewayPublicIPPrefix = { - id: natGatewayPublicIPPrefixId -} - -var natGatewayPropertyPublicIPPrefixes = [for publicIpPrefix in publicIpPrefixes: { - id: az.resourceId('Microsoft.Network/publicIPPrefixes', publicIpPrefix) -}] -var natGatewayPropertyPublicIPAddresses = [for publicIpAddress in publicIpAddresses: { - id: az.resourceId('Microsoft.Network/publicIPAddresses', publicIpAddress) -}] -var natGatewayProperties = { - idleTimeoutInMinutes: idleTimeoutInMinutes - publicIpPrefixes: natGatewayPropertyPublicIPPrefixes - publicIpAddresses: natGatewayPropertyPublicIPAddresses -} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -// PUBLIC IP -// ========= -resource publicIP 'Microsoft.Network/publicIPAddresses@2021-05-01' = if (natGatewayPublicIpAddress) { - name: natGatewayPipName_var - location: location - tags: tags - sku: { - name: 'Standard' - } - properties: { - publicIPAllocationMethod: 'Static' - publicIPPrefix: !empty(natGatewayPublicIPPrefixId) ? natGatewayPublicIPPrefix : null - dnsSettings: !empty(natGatewayDomainNameLabel) ? json('{"domainNameLabel": "${natGatewayDomainNameLabel}"}') : null - } -} - -resource publicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${publicIP.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: publicIP -} - -resource publicIP_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: publicIP -} - -// NAT GATEWAY -// =========== -resource natGateway 'Microsoft.Network/natGateways@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: 'Standard' - } - properties: natGatewayProperties - zones: zones -} - -resource natGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${natGateway.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: natGateway -} - -module natGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-NatGateway-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: natGateway.id - } -}] - -@description('The name of the NAT Gateway.') -output name string = natGateway.name - -@description('The resource ID of the NAT Gateway.') -output resourceId string = natGateway.id - -@description('The resource group the NAT Gateway was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = natGateway.location diff --git a/modules/Microsoft.Network/natGateways/readme.md b/modules/Microsoft.Network/natGateways/readme.md deleted file mode 100644 index 4dabc5b9b2..0000000000 --- a/modules/Microsoft.Network/natGateways/readme.md +++ /dev/null @@ -1,246 +0,0 @@ -# NAT Gateways `[Microsoft.Network/natGateways]` - -This module deploys a NAT gateway. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/natGateways` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/natGateways) | -| `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Bastion resource. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `idleTimeoutInMinutes` | int | `5` | | The idle timeout of the nat gateway. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natGatewayDomainNameLabel` | string | `''` | | DNS name of the Public IP resource. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | -| `natGatewayPipName` | string | `''` | | Specifies the name of the Public IP used by the NAT Gateway. If it's not provided, a '-pip' suffix will be appended to the Bastion's name. | -| `natGatewayPublicIpAddress` | bool | `False` | | Use to have a new Public IP Address created for the NAT Gateway. | -| `natGatewayPublicIPPrefixId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `publicIpAddresses` | array | `[]` | | Existing Public IP Address resource names to use for the NAT Gateway. | -| `publicIpPrefixes` | array | `[]` | | Existing Public IP Prefixes resource names to use for the NAT Gateway. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags for the resource. | -| `zones` | array | `[]` | | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the NAT Gateway. | -| `resourceGroupName` | string | The resource group the NAT Gateway was deployed into. | -| `resourceId` | string | The resource ID of the NAT Gateway. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ngw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "natGatewayPublicIpAddress": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module natGateways './Microsoft.Network/natGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-natGateways' - params: { - name: '<>-az-ngw-x-001' - lock: 'CanNotDelete' - natGatewayPublicIpAddress: true - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/natGateways/version.json b/modules/Microsoft.Network/natGateways/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/natGateways/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index e66a728227..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,63 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') - 'Domain Services Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') - 'Windows Admin Center Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f') -} - -resource networkInterface 'Microsoft.Network/networkInterfaces@2021-08-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(networkInterface.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: any(!empty(principalType) ? principalType : null) - } - scope: networkInterface -}] diff --git a/modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json deleted file mode 100644 index 9fe27817ce..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nic-min-001" - }, - "ipConfigurations": { - "value": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json b/modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json deleted file mode 100644 index b0cc8d9757..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/.deploymentTests/parameters.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nic-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "ipConfigurations": { - "value": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "loadBalancerBackendAddressPools": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" - } - ], - "applicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/networkInterfaces/deploy.bicep b/modules/Microsoft.Network/networkInterfaces/deploy.bicep deleted file mode 100644 index e7615dfe27..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/deploy.bicep +++ /dev/null @@ -1,168 +0,0 @@ -@description('Required. The name of the network interface.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Indicates whether IP forwarding is enabled on this network interface.') -param enableIPForwarding bool = false - -@description('Optional. If the network interface is accelerated networking enabled.') -param enableAcceleratedNetworking bool = false - -@description('Optional. List of DNS servers IP addresses. Use \'AzureProvidedDNS\' to switch to azure provided DNS resolution. \'AzureProvidedDNS\' value cannot be combined with other IPs, it must be the only value in dnsServers collection.') -param dnsServers array = [] - -@description('Optional. The network security group (NSG) to attach to the network interface.') -param networkSecurityGroupResourceId string = '' - -@description('Required. A list of IPConfigurations of the network interface.') -param ipConfigurations array - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource identifier of log analytics.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - enableIPForwarding: enableIPForwarding - enableAcceleratedNetworking: enableAcceleratedNetworking - dnsSettings: !empty(dnsServers) ? { - dnsServers: dnsServers - } : null - networkSecurityGroup: !empty(networkSecurityGroupResourceId) ? { - id: networkSecurityGroupResourceId - } : null - ipConfigurations: [for (ipConfiguration, index) in ipConfigurations: { - name: !empty(ipConfiguration.name) ? ipConfiguration.name : null - properties: { - primary: index == 0 ? true : false - privateIPAllocationMethod: contains(ipConfiguration, 'privateIPAllocationMethod') ? (!empty(ipConfiguration.privateIPAllocationMethod) ? ipConfiguration.privateIPAllocationMethod : null) : null - privateIPAddress: contains(ipConfiguration, 'vmIPAddress') ? (!empty(ipConfiguration.vmIPAddress) ? ipConfiguration.vmIPAddress : null) : null - publicIPAddress: contains(ipConfiguration, 'publicIPAddressResourceId') ? (ipConfiguration.publicIPAddressResourceId != null ? { - id: ipConfiguration.publicIPAddressResourceId - } : null) : null - subnet: { - id: ipConfiguration.subnetId - } - loadBalancerBackendAddressPools: contains(ipConfiguration, 'loadBalancerBackendAddressPools') ? ipConfiguration.loadBalancerBackendAddressPools : null - applicationSecurityGroups: contains(ipConfiguration, 'applicationSecurityGroups') ? ipConfiguration.applicationSecurityGroups : null - applicationGatewayBackendAddressPools: contains(ipConfiguration, 'applicationGatewayBackendAddressPools') ? ipConfiguration.applicationGatewayBackendAddressPools : null - gatewayLoadBalancer: contains(ipConfiguration, 'gatewayLoadBalancer') ? ipConfiguration.gatewayLoadBalancer : null - loadBalancerInboundNatRules: contains(ipConfiguration, 'loadBalancerInboundNatRules') ? ipConfiguration.loadBalancerInboundNatRules : null - privateIPAddressVersion: contains(ipConfiguration, 'privateIPAddressVersion') ? ipConfiguration.privateIPAddressVersion : null - virtualNetworkTaps: contains(ipConfiguration, 'virtualNetworkTaps') ? ipConfiguration.virtualNetworkTaps : null - } - }] - } -} - -resource networkInterface_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - } - scope: networkInterface -} - -resource networkInterface_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${networkInterface.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: networkInterface -} - -module networkInterface_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-NIC-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: networkInterface.id - } -}] - -@description('The name of the deployed resource.') -output name string = networkInterface.name - -@description('The resource ID of the deployed resource.') -output resourceId string = networkInterface.id - -@description('The resource group of the deployed resource.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = networkInterface.location diff --git a/modules/Microsoft.Network/networkInterfaces/readme.md b/modules/Microsoft.Network/networkInterfaces/readme.md deleted file mode 100644 index cf9e430624..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/readme.md +++ /dev/null @@ -1,342 +0,0 @@ -# Network Interface `[Microsoft.Network/networkInterfaces]` - -This module deploys Network Interfaces. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/networkInterfaces` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkInterfaces) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `ipConfigurations` | array | A list of IPConfigurations of the network interface. | -| `name` | string | The name of the network interface. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource identifier of log analytics. | -| `dnsServers` | array | `[]` | | List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. | -| `enableAcceleratedNetworking` | bool | `False` | | If the network interface is accelerated networking enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableIPForwarding` | bool | `False` | | Indicates whether IP forwarding is enabled on this network interface. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkSecurityGroupResourceId` | string | `''` | | The network security group (NSG) to attach to the network interface. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `ipConfigurations` - -The IP configurations to apply to the network interface. - -```json -{ - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "loadBalancerBackendAddressPools": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" - } - ], - "applicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] -} -``` - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed resource. | -| `resourceGroupName` | string | The resource group of the deployed resource. | -| `resourceId` | string | The resource ID of the deployed resource. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nic-min-001" - }, - "ipConfigurations": { - "value": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkInterfaces' - params: { - name: '<>-az-nic-min-001' - ipConfigurations: [ - { - name: 'ipconfig01' - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nic-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "ipConfigurations": { - "value": [ - { - "name": "ipconfig01", - "subnetId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "loadBalancerBackendAddressPools": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers" - } - ], - "applicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkInterfaces './Microsoft.Network/networkInterfaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkInterfaces' - params: { - name: '<>-az-nic-x-001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - ipConfigurations: [ - { - name: 'ipconfig01' - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - loadBalancerBackendAddressPools: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/loadBalancers/adp-<>-az-lb-internal-001/backendAddressPools/servers' - } - ] - applicationSecurityGroups: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001' - } - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/networkInterfaces/version.json b/modules/Microsoft.Network/networkInterfaces/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/networkInterfaces/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index c25e77324b..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,58 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(networkSecurityGroup.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: networkSecurityGroup -}] diff --git a/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json deleted file mode 100644 index b07946467a..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nsg-min-001" - } - } -} diff --git a/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json b/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json deleted file mode 100644 index 26cbb1eb56..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nsg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "securityRules": { - "value": [ - { - "name": "Specific", - "properties": { - "description": "Tests specific IPs and ports", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "8080", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 100, - "direction": "Inbound" - } - }, - { - "name": "Ranges", - "properties": { - "description": "Tests Ranges", - "protocol": "*", - "access": "Allow", - "priority": 101, - "direction": "Inbound", - "sourcePortRanges": [ - "80", - "81" - ], - "destinationPortRanges": [ - "90", - "91" - ], - "sourceAddressPrefixes": [ - "10.0.0.0/16", - "10.1.0.0/16" - ], - "destinationAddressPrefixes": [ - "10.2.0.0/16", - "10.3.0.0/16" - ] - } - }, - { - "name": "Port_8082", - "properties": { - "description": "Allow inbound access on TCP 8082", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "8082", - "access": "Allow", - "priority": 102, - "direction": "Inbound", - "sourceApplicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ], - "destinationApplicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep deleted file mode 100644 index 38c7baa1a6..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ /dev/null @@ -1,174 +0,0 @@ -@description('Required. Name of the Network Security Group.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed.') -param securityRules array = [] - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the NSG resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'NetworkSecurityGroupEvent' - 'NetworkSecurityGroupRuleCounter' -]) -param diagnosticLogCategoriesToEnable array = [ - 'NetworkSecurityGroupEvent' - 'NetworkSecurityGroupRuleCounter' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var enableReferencedModulesTelemetry = false - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - securityRules: [for securityRule in securityRules: { - name: securityRule.name - properties: { - protocol: securityRule.properties.protocol - access: securityRule.properties.access - priority: securityRule.properties.priority - direction: securityRule.properties.direction - description: contains(securityRule.properties, 'description') ? securityRule.properties.description : '' - sourcePortRange: contains(securityRule.properties, 'sourcePortRange') ? securityRule.properties.sourcePortRange : '' - sourcePortRanges: contains(securityRule.properties, 'sourcePortRanges') ? securityRule.properties.sourcePortRanges : [] - destinationPortRange: contains(securityRule.properties, 'destinationPortRange') ? securityRule.properties.destinationPortRange : '' - destinationPortRanges: contains(securityRule.properties, 'destinationPortRanges') ? securityRule.properties.destinationPortRanges : [] - sourceAddressPrefix: contains(securityRule.properties, 'sourceAddressPrefix') ? securityRule.properties.sourceAddressPrefix : '' - destinationAddressPrefix: contains(securityRule.properties, 'destinationAddressPrefix') ? securityRule.properties.destinationAddressPrefix : '' - sourceAddressPrefixes: contains(securityRule.properties, 'sourceAddressPrefixes') ? securityRule.properties.sourceAddressPrefixes : [] - destinationAddressPrefixes: contains(securityRule.properties, 'destinationAddressPrefixes') ? securityRule.properties.destinationAddressPrefixes : [] - sourceApplicationSecurityGroups: contains(securityRule.properties, 'sourceApplicationSecurityGroups') ? securityRule.properties.sourceApplicationSecurityGroups : [] - destinationApplicationSecurityGroups: contains(securityRule.properties, 'destinationApplicationSecurityGroups') ? securityRule.properties.destinationApplicationSecurityGroups : [] - } - }] - } -} - -module networkSecurityGroup_securityRules 'securityRules/deploy.bicep' = [for (securityRule, index) in securityRules: { - name: '${uniqueString(deployment().name, location)}-securityRule-${index}' - params: { - name: securityRule.name - networkSecurityGroupName: networkSecurityGroup.name - protocol: securityRule.properties.protocol - access: securityRule.properties.access - priority: securityRule.properties.priority - direction: securityRule.properties.direction - description: contains(securityRule.properties, 'description') ? securityRule.properties.description : '' - sourcePortRange: contains(securityRule.properties, 'sourcePortRange') ? securityRule.properties.sourcePortRange : '' - sourcePortRanges: contains(securityRule.properties, 'sourcePortRanges') ? securityRule.properties.sourcePortRanges : [] - destinationPortRange: contains(securityRule.properties, 'destinationPortRange') ? securityRule.properties.destinationPortRange : '' - destinationPortRanges: contains(securityRule.properties, 'destinationPortRanges') ? securityRule.properties.destinationPortRanges : [] - sourceAddressPrefix: contains(securityRule.properties, 'sourceAddressPrefix') ? securityRule.properties.sourceAddressPrefix : '' - destinationAddressPrefix: contains(securityRule.properties, 'destinationAddressPrefix') ? securityRule.properties.destinationAddressPrefix : '' - sourceAddressPrefixes: contains(securityRule.properties, 'sourceAddressPrefixes') ? securityRule.properties.sourceAddressPrefixes : [] - destinationAddressPrefixes: contains(securityRule.properties, 'destinationAddressPrefixes') ? securityRule.properties.destinationAddressPrefixes : [] - sourceApplicationSecurityGroups: contains(securityRule.properties, 'sourceApplicationSecurityGroups') ? securityRule.properties.sourceApplicationSecurityGroups : [] - destinationApplicationSecurityGroups: contains(securityRule.properties, 'destinationApplicationSecurityGroups') ? securityRule.properties.destinationApplicationSecurityGroups : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource networkSecurityGroup_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${networkSecurityGroup.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: networkSecurityGroup -} - -resource networkSecurityGroup_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - logs: diagnosticsLogs - } - scope: networkSecurityGroup -} - -module networkSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-NSG-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: networkSecurityGroup.id - } -}] - -@description('The resource group the network security group was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the network security group.') -output resourceId string = networkSecurityGroup.id - -@description('The name of the network security group.') -output name string = networkSecurityGroup.name - -@description('The location the resource was deployed into.') -output location string = networkSecurityGroup.location diff --git a/modules/Microsoft.Network/networkSecurityGroups/readme.md b/modules/Microsoft.Network/networkSecurityGroups/readme.md deleted file mode 100644 index f7676a388f..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/readme.md +++ /dev/null @@ -1,400 +0,0 @@ -# Network Security Groups `[Microsoft.Network/networkSecurityGroups]` - -This template deploys a network security group (NSG) with optional security rules. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/networkSecurityGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkSecurityGroups) | -| `Microsoft.Network/networkSecurityGroups/securityRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkSecurityGroups/securityRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Network Security Group. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | `[NetworkSecurityGroupEvent, NetworkSecurityGroupRuleCounter]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityRules` | _[securityRules](securityRules/readme.md)_ array | `[]` | | Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | -| `tags` | object | `{object}` | | Tags of the NSG resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the network security group. | -| `resourceGroupName` | string | The resource group the network security group was deployed into. | -| `resourceId` | string | The resource ID of the network security group. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nsg-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkSecurityGroups './Microsoft.Network/networkSecurityGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkSecurityGroups' - params: { - name: '<>-az-nsg-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-nsg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "securityRules": { - "value": [ - { - "name": "Specific", - "properties": { - "description": "Tests specific IPs and ports", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "8080", - "sourceAddressPrefix": "*", - "destinationAddressPrefix": "*", - "access": "Allow", - "priority": 100, - "direction": "Inbound" - } - }, - { - "name": "Ranges", - "properties": { - "description": "Tests Ranges", - "protocol": "*", - "access": "Allow", - "priority": 101, - "direction": "Inbound", - "sourcePortRanges": [ - "80", - "81" - ], - "destinationPortRanges": [ - "90", - "91" - ], - "sourceAddressPrefixes": [ - "10.0.0.0/16", - "10.1.0.0/16" - ], - "destinationAddressPrefixes": [ - "10.2.0.0/16", - "10.3.0.0/16" - ] - } - }, - { - "name": "Port_8082", - "properties": { - "description": "Allow inbound access on TCP 8082", - "protocol": "*", - "sourcePortRange": "*", - "destinationPortRange": "8082", - "access": "Allow", - "priority": 102, - "direction": "Inbound", - "sourceApplicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ], - "destinationApplicationSecurityGroups": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001" - } - ] - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkSecurityGroups './Microsoft.Network/networkSecurityGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkSecurityGroups' - params: { - name: '<>-az-nsg-x-001' - lock: 'CanNotDelete' - securityRules: [ - { - name: 'Specific' - properties: { - description: 'Tests specific IPs and ports' - protocol: '*' - sourcePortRange: '*' - destinationPortRange: '8080' - sourceAddressPrefix: '*' - destinationAddressPrefix: '*' - access: 'Allow' - priority: 100 - direction: 'Inbound' - } - } - { - name: 'Ranges' - properties: { - description: 'Tests Ranges' - protocol: '*' - access: 'Allow' - priority: 101 - direction: 'Inbound' - sourcePortRanges: [ - '80' - '81' - ] - destinationPortRanges: [ - '90' - '91' - ] - sourceAddressPrefixes: [ - '10.0.0.0/16' - '10.1.0.0/16' - ] - destinationAddressPrefixes: [ - '10.2.0.0/16' - '10.3.0.0/16' - ] - } - } - { - name: 'Port_8082' - properties: { - description: 'Allow inbound access on TCP 8082' - protocol: '*' - sourcePortRange: '*' - destinationPortRange: '8082' - access: 'Allow' - priority: 102 - direction: 'Inbound' - sourceApplicationSecurityGroups: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001' - } - ] - destinationApplicationSecurityGroups: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/applicationSecurityGroups/adp-<>-az-asg-x-001' - } - ] - } - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep deleted file mode 100644 index 2b7f0ca3dc..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/securityRules/deploy.bicep +++ /dev/null @@ -1,117 +0,0 @@ -@sys.description('Required. The name of the security rule.') -param name string - -@sys.description('Conditional. The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment.') -param networkSecurityGroupName string - -@sys.description('Optional. Whether network traffic is allowed or denied.') -@allowed([ - 'Allow' - 'Deny' -]) -param access string = 'Deny' - -@sys.description('Optional. A description for this rule.') -@maxLength(140) -param description string = '' - -@sys.description('Optional. The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used.') -param destinationAddressPrefix string = '' - -@sys.description('Optional. The destination address prefixes. CIDR or destination IP ranges.') -param destinationAddressPrefixes array = [] - -@sys.description('Optional. The application security group specified as destination.') -param destinationApplicationSecurityGroups array = [] - -@sys.description('Optional. The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports.') -param destinationPortRange string = '' - -@sys.description('Optional. The destination port ranges.') -param destinationPortRanges array = [] - -@sys.description('Required. The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.') -@allowed([ - 'Inbound' - 'Outbound' -]) -param direction string - -@sys.description('Required. The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.') -param priority int - -@sys.description('Required. Network protocol this rule applies to.') -@allowed([ - '*' - 'Ah' - 'Esp' - 'Icmp' - 'Tcp' - 'Udp' -]) -param protocol string - -@sys.description('Optional. The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from.') -param sourceAddressPrefix string = '' - -@sys.description('Optional. The CIDR or source IP ranges.') -param sourceAddressPrefixes array = [] - -@sys.description('Optional. The application security group specified as source.') -param sourceApplicationSecurityGroups array = [] - -@sys.description('Optional. The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports.') -param sourcePortRange string = '' - -@sys.description('Optional. The source port ranges.') -param sourcePortRanges array = [] - -@sys.description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-05-01' existing = { - name: networkSecurityGroupName -} - -resource securityRule 'Microsoft.Network/networkSecurityGroups/securityRules@2021-05-01' = { - name: name - parent: networkSecurityGroup - properties: { - access: access - description: description - destinationAddressPrefix: destinationAddressPrefix - destinationAddressPrefixes: destinationAddressPrefixes - destinationApplicationSecurityGroups: destinationApplicationSecurityGroups - destinationPortRange: destinationPortRange - destinationPortRanges: destinationPortRanges - direction: direction - priority: priority - protocol: protocol - sourceAddressPrefix: sourceAddressPrefix - sourceAddressPrefixes: sourceAddressPrefixes - sourceApplicationSecurityGroups: sourceApplicationSecurityGroups - sourcePortRange: sourcePortRange - sourcePortRanges: sourcePortRanges - } -} - -@sys.description('The resource group the security rule was deployed into.') -output resourceGroupName string = resourceGroup().name - -@sys.description('The resource ID of the security rule.') -output resourceId string = securityRule.id - -@sys.description('The name of the security rule.') -output name string = securityRule.name diff --git a/modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md b/modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md deleted file mode 100644 index e4740f90de..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/securityRules/readme.md +++ /dev/null @@ -1,56 +0,0 @@ -# Network Security Groups Security Rules `[Microsoft.Network/networkSecurityGroups/securityRules]` - -This module deploys Network Security Group Security Rules. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/networkSecurityGroups/securityRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkSecurityGroups/securityRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `direction` | string | `[Inbound, Outbound]` | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | -| `name` | string | | The name of the security rule. | -| `priority` | int | | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | -| `protocol` | string | `[*, Ah, Esp, Icmp, Tcp, Udp]` | Network protocol this rule applies to. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `networkSecurityGroupName` | string | The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `access` | string | `'Deny'` | `[Allow, Deny]` | Whether network traffic is allowed or denied. | -| `description` | string | `''` | | A description for this rule. | -| `destinationAddressPrefix` | string | `''` | | The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. | -| `destinationAddressPrefixes` | array | `[]` | | The destination address prefixes. CIDR or destination IP ranges. | -| `destinationApplicationSecurityGroups` | array | `[]` | | The application security group specified as destination. | -| `destinationPortRange` | string | `''` | | The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | -| `destinationPortRanges` | array | `[]` | | The destination port ranges. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `sourceAddressPrefix` | string | `''` | | The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from. | -| `sourceAddressPrefixes` | array | `[]` | | The CIDR or source IP ranges. | -| `sourceApplicationSecurityGroups` | array | `[]` | | The application security group specified as source. | -| `sourcePortRange` | string | `''` | | The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | -| `sourcePortRanges` | array | `[]` | | The source port ranges. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the security rule. | -| `resourceGroupName` | string | The resource group the security rule was deployed into. | -| `resourceId` | string | The resource ID of the security rule. | diff --git a/modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json b/modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/securityRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Network/networkSecurityGroups/version.json b/modules/Microsoft.Network/networkSecurityGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/networkSecurityGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index e958197039..0000000000 --- a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource networkWatcher 'Microsoft.Network/networkWatchers@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(networkWatcher.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: networkWatcher -}] diff --git a/modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json deleted file mode 100644 index 78acbb0c7e..0000000000 --- a/modules/Microsoft.Network/networkWatchers/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "value": "northeurope" - } - } -} diff --git a/modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json b/modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json deleted file mode 100644 index 78a7e1f272..0000000000 --- a/modules/Microsoft.Network/networkWatchers/.deploymentTests/parameters.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "adp-<>-az-nw-x-001" - }, - "flowLogs": { - "value": [ - { - "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "enabled": false - }, - { - "name": "adp-<>-az-nsg-x-apgw-flowlog", - "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-apgw", - "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "formatVersion": 1, - "trafficAnalyticsInterval": 10, - "retentionInDays": 8 - } - ] - }, - "connectionMonitors": { - "value": [ - { - "name": "adp-<>-az-conn-mon-x-001", - "endpoints": [ - { - "name": "<>-az-subnet-x-001(validation-rg)", - "type": "AzureVM", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-<>-vm-01" - }, - { - "name": "Office Portal", - "type": "ExternalAddress", - "address": "www.office.com" - } - ], - "testConfigurations": [ - { - "name": "HTTP Test", - "testFrequencySec": 30, - "protocol": "Http", - "httpConfiguration": { - "port": 80, - "method": "Get", - "requestHeaders": [], - "validStatusCodeRanges": [ - "200" - ], - "preferHTTPS": false - }, - "successThreshold": { - "checksFailedPercent": 5, - "roundTripTimeMs": 100 - } - } - ], - "testGroups": [ - { - "name": "TestHTTPBing", - "disable": false, - "testConfigurations": [ - "HTTP Test" - ], - "sources": [ - "<>-az-subnet-x-001(validation-rg)" - ], - "destinations": [ - "Office Portal" - ] - } - ], - "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep b/modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep deleted file mode 100644 index ac2358bc09..0000000000 --- a/modules/Microsoft.Network/networkWatchers/connectionMonitors/deploy.bicep +++ /dev/null @@ -1,76 +0,0 @@ -@description('Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG.') -param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' - -@description('Optional. Name of the resource.') -param name string - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. List of connection monitor endpoints.') -param endpoints array = [] - -@description('Optional. List of connection monitor test configurations.') -param testConfigurations array = [] - -@description('Optional. List of connection monitor test groups.') -param testGroups array = [] - -@description('Optional. Specify the Log Analytics Workspace Resource ID.') -param workspaceResourceId string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var outputs = !empty(workspaceResourceId) ? [ - { - type: 'Workspace' - workspaceSettings: { - workspaceResourceId: workspaceResourceId - } - } -] : null - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkWatcher 'Microsoft.Network/networkWatchers@2021-05-01' existing = { - name: networkWatcherName -} - -resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2021-05-01' = { - name: name - parent: networkWatcher - tags: tags - location: location - properties: { - endpoints: endpoints - testConfigurations: testConfigurations - testGroups: testGroups - outputs: outputs - } -} - -@description('The name of the deployed connection monitor.') -output name string = connectionMonitor.name - -@description('The resource ID of the deployed connection monitor.') -output resourceId string = connectionMonitor.id - -@description('The resource group the connection monitor was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = connectionMonitor.location diff --git a/modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md b/modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md deleted file mode 100644 index a8b0fb6d0e..0000000000 --- a/modules/Microsoft.Network/networkWatchers/connectionMonitors/readme.md +++ /dev/null @@ -1,81 +0,0 @@ -# Network Watchers Connection Monitors `[Microsoft.Network/networkWatchers/connectionMonitors]` - -This template deploys Connection Monitors. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/networkWatchers/connectionMonitors` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers/connectionMonitors) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpoints` | array | `[]` | List of connection monitor endpoints. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `name` | string | | Name of the resource. | -| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | -| `tags` | object | `{object}` | Tags of the resource. | -| `testConfigurations` | array | `[]` | List of connection monitor test configurations. | -| `testGroups` | array | `[]` | List of connection monitor test groups. | -| `workspaceResourceId` | string | `''` | Specify the Log Analytics Workspace Resource ID. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed connection monitor. | -| `resourceGroupName` | string | The resource group the connection monitor was deployed into. | -| `resourceId` | string | The resource ID of the deployed connection monitor. | diff --git a/modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json b/modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/networkWatchers/connectionMonitors/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/networkWatchers/deploy.bicep b/modules/Microsoft.Network/networkWatchers/deploy.bicep deleted file mode 100644 index 91ca4fca57..0000000000 --- a/modules/Microsoft.Network/networkWatchers/deploy.bicep +++ /dev/null @@ -1,112 +0,0 @@ -@description('Required. Name of the Network Watcher resource (hidden).') -@minLength(1) -param name string = 'NetworkWatcher_${location}' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Array that contains the Connection Monitors.') -param connectionMonitors array = [] - -@description('Optional. Array that contains the Flow Logs.') -param flowLogs array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkWatcher 'Microsoft.Network/networkWatchers@2021-05-01' = { - name: name - location: location - tags: tags - properties: {} -} - -resource networkWatcher_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${networkWatcher.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: networkWatcher -} - -module networkWatcher_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-NW-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: networkWatcher.id - } -}] - -module networkWatcher_connectionMonitors 'connectionMonitors/deploy.bicep' = [for (connectionMonitor, index) in connectionMonitors: { - name: '${uniqueString(deployment().name, location)}-NW-ConnectionMonitor-${index}' - params: { - endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : [] - name: connectionMonitor.name - networkWatcherName: networkWatcher.name - testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : [] - testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : [] - workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') ? connectionMonitor.workspaceResourceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module networkWatcher_flowLogs 'flowLogs/deploy.bicep' = [for (flowLog, index) in flowLogs: { - name: '${uniqueString(deployment().name, location)}-NW-FlowLog-${index}' - params: { - enabled: contains(flowLog, 'enabled') ? flowLog.enabled : true - formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2 - location: contains(flowLog, 'location') ? flowLog.location : location - name: contains(flowLog, 'name') ? flowLog.name : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' - networkWatcherName: networkWatcher.name - retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : 365 - storageId: flowLog.storageId - targetResourceId: flowLog.targetResourceId - trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : 60 - workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed network watcher.') -output name string = networkWatcher.name - -@description('The resource ID of the deployed network watcher.') -output resourceId string = networkWatcher.id - -@description('The resource group the network watcher was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = networkWatcher.location diff --git a/modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep b/modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep deleted file mode 100644 index 6b35370156..0000000000 --- a/modules/Microsoft.Network/networkWatchers/flowLogs/deploy.bicep +++ /dev/null @@ -1,105 +0,0 @@ -@description('Optional. Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG.') -param networkWatcherName string = 'NetworkWatcher_${resourceGroup().location}' - -@description('Optional. Name of the resource.') -param name string = '${last(split(targetResourceId, '/'))}-${split(targetResourceId, '/')[4]}-flowlog' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. Resource ID of the NSG that must be enabled for Flow Logs.') -param targetResourceId string - -@description('Required. Resource ID of the diagnostic storage account.') -param storageId string - -@description('Optional. If the flow log should be enabled.') -param enabled bool = true - -@description('Optional. The flow log format version.') -@allowed([ - 1 - 2 -]) -param formatVersion int = 2 - -@description('Optional. Specify the Log Analytics Workspace Resource ID.') -param workspaceResourceId string = '' - -@description('Optional. The interval in minutes which would decide how frequently TA service should do flow analytics.') -@allowed([ - 10 - 60 -]) -param trafficAnalyticsInterval int = 60 - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param retentionInDays int = 365 - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var flowAnalyticsConfiguration = !empty(workspaceResourceId) && enabled == true ? { - networkWatcherFlowAnalyticsConfiguration: { - enabled: true - workspaceResourceId: workspaceResourceId - trafficAnalyticsInterval: trafficAnalyticsInterval - } -} : { - networkWatcherFlowAnalyticsConfiguration: { - enabled: false - } -} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource networkWatcher 'Microsoft.Network/networkWatchers@2021-05-01' existing = { - name: networkWatcherName -} - -resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2021-05-01' = { - name: name - parent: networkWatcher - tags: tags - location: location - properties: { - targetResourceId: targetResourceId - storageId: storageId - enabled: enabled - retentionPolicy: { - days: retentionInDays - enabled: retentionInDays == 0 ? false : true - } - format: { - type: 'JSON' - version: formatVersion - } - flowAnalyticsConfiguration: flowAnalyticsConfiguration - } -} -@description('The name of the flow log.') -output name string = flowLog.name - -@description('The resource ID of the flow log.') -output resourceId string = flowLog.id - -@description('The resource group the flow log was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = flowLog.location diff --git a/modules/Microsoft.Network/networkWatchers/flowLogs/readme.md b/modules/Microsoft.Network/networkWatchers/flowLogs/readme.md deleted file mode 100644 index c0e9053476..0000000000 --- a/modules/Microsoft.Network/networkWatchers/flowLogs/readme.md +++ /dev/null @@ -1,89 +0,0 @@ -# NSG Flow Logs `[Microsoft.Network/networkWatchers/flowLogs]` - -This module controls the Network Security Group Flow Logs and analytics settings -**Note: this module must be run on the Resource Group where Network Watcher is deployed** - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/networkWatchers/flowLogs` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers/flowLogs) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageId` | string | Resource ID of the diagnostic storage account. | -| `targetResourceId` | string | Resource ID of the NSG that must be enabled for Flow Logs. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enabled` | bool | `True` | | If the flow log should be enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `formatVersion` | int | `2` | `[1, 2]` | The flow log format version. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `name` | string | `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` | | Name of the resource. | -| `networkWatcherName` | string | `[format('NetworkWatcher_{0}', resourceGroup().location)]` | | Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. | -| `retentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trafficAnalyticsInterval` | int | `60` | `[10, 60]` | The interval in minutes which would decide how frequently TA service should do flow analytics. | -| `workspaceResourceId` | string | `''` | | Specify the Log Analytics Workspace Resource ID. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the flow log. | -| `resourceGroupName` | string | The resource group the flow log was deployed into. | -| `resourceId` | string | The resource ID of the flow log. | diff --git a/modules/Microsoft.Network/networkWatchers/flowLogs/version.json b/modules/Microsoft.Network/networkWatchers/flowLogs/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/networkWatchers/flowLogs/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/networkWatchers/readme.md b/modules/Microsoft.Network/networkWatchers/readme.md deleted file mode 100644 index 05a8e2d91c..0000000000 --- a/modules/Microsoft.Network/networkWatchers/readme.md +++ /dev/null @@ -1,382 +0,0 @@ -# Network Watchers `[Microsoft.Network/networkWatchers]` - -This template deploys a network watcher. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/networkWatchers` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers) | -| `Microsoft.Network/networkWatchers/connectionMonitors` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers/connectionMonitors) | -| `Microsoft.Network/networkWatchers/flowLogs` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkWatchers/flowLogs) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[format('NetworkWatcher_{0}', parameters('location'))]` | Name of the Network Watcher resource (hidden). | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `connectionMonitors` | _[connectionMonitors](connectionMonitors/readme.md)_ array | `[]` | | Array that contains the Connection Monitors. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `flowLogs` | _[flowLogs](flowLogs/readme.md)_ array | `[]` | | Array that contains the Flow Logs. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed network watcher. | -| `resourceGroupName` | string | The resource group the network watcher was deployed into. | -| `resourceId` | string | The resource ID of the deployed network watcher. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "location": { - "value": "northeurope" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkWatchers './Microsoft.Network/networkWatchers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkWatchers' - params: { - location: 'northeurope' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "adp-<>-az-nw-x-001" - }, - "flowLogs": { - "value": [ - { - "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "enabled": false - }, - { - "name": "adp-<>-az-nsg-x-apgw-flowlog", - "targetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-apgw", - "storageId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "formatVersion": 1, - "trafficAnalyticsInterval": 10, - "retentionInDays": 8 - } - ] - }, - "connectionMonitors": { - "value": [ - { - "name": "adp-<>-az-conn-mon-x-001", - "endpoints": [ - { - "name": "<>-az-subnet-x-001(validation-rg)", - "type": "AzureVM", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-<>-vm-01" - }, - { - "name": "Office Portal", - "type": "ExternalAddress", - "address": "www.office.com" - } - ], - "testConfigurations": [ - { - "name": "HTTP Test", - "testFrequencySec": 30, - "protocol": "Http", - "httpConfiguration": { - "port": 80, - "method": "Get", - "requestHeaders": [], - "validStatusCodeRanges": [ - "200" - ], - "preferHTTPS": false - }, - "successThreshold": { - "checksFailedPercent": 5, - "roundTripTimeMs": 100 - } - } - ], - "testGroups": [ - { - "name": "TestHTTPBing", - "disable": false, - "testConfigurations": [ - "HTTP Test" - ], - "sources": [ - "<>-az-subnet-x-001(validation-rg)" - ], - "destinations": [ - "Office Portal" - ] - } - ], - "workspaceResourceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module networkWatchers './Microsoft.Network/networkWatchers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-networkWatchers' - params: { - name: 'adp-<>-az-nw-x-001' - flowLogs: [ - { - targetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001' - storageId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - enabled: false - } - { - name: 'adp-<>-az-nsg-x-apgw-flowlog' - targetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-apgw' - storageId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - workspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - formatVersion: 1 - trafficAnalyticsInterval: 10 - retentionInDays: 8 - } - ] - connectionMonitors: [ - { - name: 'adp-<>-az-conn-mon-x-001' - endpoints: [ - { - name: '<>-az-subnet-x-001(validation-rg)' - type: 'AzureVM' - resourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/virtualMachines/adp-<>-vm-01' - } - { - name: 'Office Portal' - type: 'ExternalAddress' - address: 'www.office.com' - } - ] - testConfigurations: [ - { - name: 'HTTP Test' - testFrequencySec: 30 - protocol: 'Http' - httpConfiguration: { - port: 80 - method: 'Get' - requestHeaders: [] - validStatusCodeRanges: [ - '200' - ] - preferHTTPS: false - } - successThreshold: { - checksFailedPercent: 5 - roundTripTimeMs: 100 - } - } - ] - testGroups: [ - { - name: 'TestHTTPBing' - disable: false - testConfigurations: [ - 'HTTP Test' - ] - sources: [ - '<>-az-subnet-x-001(validation-rg)' - ] - destinations: [ - 'Office Portal' - ] - } - ] - workspaceResourceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/networkWatchers/version.json b/modules/Microsoft.Network/networkWatchers/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/networkWatchers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b75bab676a..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(privateDnsZone.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: privateDnsZone -}] diff --git a/modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json deleted file mode 100644 index d33fbd032b..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-001.com" - } - } -} diff --git a/modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json b/modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json deleted file mode 100644 index 8b3662c1ee..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/.deploymentTests/parameters.json +++ /dev/null @@ -1,198 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-002.com" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "AAAA": { - "value": [ - { - "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", - "ttl": 3600, - "aaaaRecords": [ - { - "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - } - ] - } - ] - }, - "A": { - "value": [ - { - "name": "A_10.240.4.4", - "ttl": 3600, - "aRecords": [ - { - "ipv4Address": "10.240.4.4" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "CNAME": { - "value": [ - { - "name": "CNAME_test", - "ttl": 3600, - "cnameRecord": { - "cname": "test" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "MX": { - "value": [ - { - "name": "MX_contoso", - "ttl": 3600, - "mxRecords": [ - { - "exchange": "contoso.com", - "preference": 100 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "PTR": { - "value": [ - { - "name": "PTR_contoso", - "ttl": 3600, - "ptrRecords": [ - { - "ptrdname": "contoso.com" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SOA": { - "value": [ - { - "name": "@", - "ttl": 3600, - "soaRecord": { - "email": "azureprivatedns-host.microsoft.com", - "expireTime": 2419200, - "host": "azureprivatedns.net", - "minimumTtl": 10, - "refreshTime": 3600, - "retryTime": 300, - "serialNumber": "1" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SRV": { - "value": [ - { - "name": "SRV_contoso", - "ttl": 3600, - "srvRecords": [ - { - "port": 9332, - "priority": 0, - "target": "test.contoso.com", - "weight": 0 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "TXT": { - "value": [ - { - "name": "TXT_test", - "ttl": 3600, - "txtRecords": [ - { - "value": [ - "test" - ] - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "virtualNetworkLinks": { - "value": [ - { - "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001", - "registrationEnabled": true - } - ] - } - } -} diff --git a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index e7c72f0a22..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource A 'Microsoft.Network/privateDnsZones/A@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(A.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: A -}] diff --git a/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep deleted file mode 100644 index b5318a28cb..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the A record.') -param name string - -@description('Optional. The list of A records in the record set.') -param aRecords array = [] - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource A 'Microsoft.Network/privateDnsZones/A@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - aRecords: aRecords - metadata: metadata - ttl: ttl - } -} - -module A_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSA-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: A.id - } -}] - -@description('The name of the deployed A record.') -output name string = A.name - -@description('The resource ID of the deployed A record.') -output resourceId string = A.id - -@description('The resource group of the deployed A record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/A/readme.md b/modules/Microsoft.Network/privateDnsZones/A/readme.md deleted file mode 100644 index 3f9cc9edd5..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/A/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone A record `[Microsoft.Network/privateDnsZones/A]` - -This module deploys a Private DNS Zone A record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/A` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/A) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the A record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aRecords` | array | `[]` | The list of A records in the record set. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed A record. | -| `resourceGroupName` | string | The resource group of the deployed A record. | -| `resourceId` | string | The resource ID of the deployed A record. | diff --git a/modules/Microsoft.Network/privateDnsZones/A/version.json b/modules/Microsoft.Network/privateDnsZones/A/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/A/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 4c1d7a8055..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource AAAA 'Microsoft.Network/privateDnsZones/AAAA@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(AAAA.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: AAAA -}] diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep deleted file mode 100644 index 75471310d9..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the AAAA record.') -param name string - -@description('Optional. The list of AAAA records in the record set.') -param aaaaRecords array = [] - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource AAAA 'Microsoft.Network/privateDnsZones/AAAA@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - aaaaRecords: aaaaRecords - metadata: metadata - ttl: ttl - } -} - -module AAAA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSAAAA-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: AAAA.id - } -}] - -@description('The name of the deployed AAAA record.') -output name string = AAAA.name - -@description('The resource ID of the deployed AAAA record.') -output resourceId string = AAAA.id - -@description('The resource group of the deployed AAAA record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md b/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md deleted file mode 100644 index 421d37449c..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone AAAA record `[Microsoft.Network/privateDnsZones/AAAA]` - -This module deploys a Private DNS Zone AAAA record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/AAAA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/AAAA) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the AAAA record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aaaaRecords` | array | `[]` | The list of AAAA records in the record set. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed AAAA record. | -| `resourceGroupName` | string | The resource group of the deployed AAAA record. | -| `resourceId` | string | The resource ID of the deployed AAAA record. | diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/version.json b/modules/Microsoft.Network/privateDnsZones/AAAA/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index f35b9ecb27..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,58 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource CNAME 'Microsoft.Network/privateDnsZones/CNAME@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(CNAME.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: CNAME -}] - -output id string = roleAssignment[0].name diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep deleted file mode 100644 index dff254b6c4..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the CNAME record.') -param name string - -@description('Optional. A CNAME record.') -param cnameRecord object = {} - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource CNAME 'Microsoft.Network/privateDnsZones/CNAME@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - cnameRecord: cnameRecord - metadata: metadata - ttl: ttl - } -} - -module CNAME_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSCNAME-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: CNAME.id - } -}] - -@description('The name of the deployed CNAME record.') -output name string = CNAME.name - -@description('The resource ID of the deployed CNAME record.') -output resourceId string = CNAME.id - -@description('The resource group of the deployed CNAME record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md b/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md deleted file mode 100644 index a8ebeab9ee..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone CNAME record `[Microsoft.Network/privateDnsZones/CNAME]` - -This module deploys a Private DNS Zone CNAME record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/CNAME` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/CNAME) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the CNAME record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cnameRecord` | object | `{object}` | A CNAME record. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed CNAME record. | -| `resourceGroupName` | string | The resource group of the deployed CNAME record. | -| `resourceId` | string | The resource ID of the deployed CNAME record. | diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/version.json b/modules/Microsoft.Network/privateDnsZones/CNAME/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index ba3a2d0b69..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource MX 'Microsoft.Network/privateDnsZones/MX@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(MX.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: MX -}] diff --git a/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep deleted file mode 100644 index ad6e1c6e12..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the MX record.') -param name string - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The list of MX records in the record set.') -param mxRecords array = [] - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource MX 'Microsoft.Network/privateDnsZones/MX@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - metadata: metadata - mxRecords: mxRecords - ttl: ttl - } -} - -module MX_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSMX-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: MX.id - } -}] - -@description('The name of the deployed MX record.') -output name string = MX.name - -@description('The resource ID of the deployed MX record.') -output resourceId string = MX.id - -@description('The resource group of the deployed MX record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/MX/readme.md b/modules/Microsoft.Network/privateDnsZones/MX/readme.md deleted file mode 100644 index 33531c7dc9..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/MX/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone MX record `[Microsoft.Network/privateDnsZones/MX]` - -This module deploys a Private DNS Zone MX record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/MX` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/MX) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the MX record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `mxRecords` | array | `[]` | The list of MX records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed MX record. | -| `resourceGroupName` | string | The resource group of the deployed MX record. | -| `resourceId` | string | The resource ID of the deployed MX record. | diff --git a/modules/Microsoft.Network/privateDnsZones/MX/version.json b/modules/Microsoft.Network/privateDnsZones/MX/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/MX/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 1b57ee386f..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource PTR 'Microsoft.Network/privateDnsZones/PTR@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(PTR.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: PTR -}] diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep deleted file mode 100644 index 123347591a..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the PTR record.') -param name string - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The list of PTR records in the record set.') -param ptrRecords array = [] - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -module PTR_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSPTR-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: PTR.id - } -}] - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource PTR 'Microsoft.Network/privateDnsZones/PTR@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - metadata: metadata - ptrRecords: ptrRecords - ttl: ttl - } -} - -@description('The name of the deployed PTR record.') -output name string = PTR.name - -@description('The resource ID of the deployed PTR record.') -output resourceId string = PTR.id - -@description('The resource group of the deployed PTR record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/readme.md b/modules/Microsoft.Network/privateDnsZones/PTR/readme.md deleted file mode 100644 index 3d35efa92f..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/PTR/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone PTR record `[Microsoft.Network/privateDnsZones/PTR]` - -This module deploys a Private DNS Zone PTR record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/PTR` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/PTR) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the PTR record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `ptrRecords` | array | `[]` | The list of PTR records in the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed PTR record. | -| `resourceGroupName` | string | The resource group of the deployed PTR record. | -| `resourceId` | string | The resource ID of the deployed PTR record. | diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/version.json b/modules/Microsoft.Network/privateDnsZones/PTR/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/PTR/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 9181915040..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource SOA 'Microsoft.Network/privateDnsZones/SOA@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(SOA.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: SOA -}] diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep deleted file mode 100644 index 440768cd19..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the SOA record.') -param name string - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. A SOA record.') -param soaRecord object = {} - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource SOA 'Microsoft.Network/privateDnsZones/SOA@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - metadata: metadata - soaRecord: soaRecord - ttl: ttl - } -} - -module SOA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSSOA-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: SOA.id - } -}] - -@description('The name of the deployed SOA record.') -output name string = SOA.name - -@description('The resource ID of the deployed SOA record.') -output resourceId string = SOA.id - -@description('The resource group of the deployed SOA record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/readme.md b/modules/Microsoft.Network/privateDnsZones/SOA/readme.md deleted file mode 100644 index 4e47bfd89e..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SOA/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone SOA record `[Microsoft.Network/privateDnsZones/SOA]` - -This module deploys a Private DNS Zone SOA record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/SOA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SOA) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SOA record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soaRecord` | object | `{object}` | A SOA record. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed SOA record. | -| `resourceGroupName` | string | The resource group of the deployed SOA record. | -| `resourceId` | string | The resource ID of the deployed SOA record. | diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/version.json b/modules/Microsoft.Network/privateDnsZones/SOA/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SOA/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index f77b4b0736..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource SRV 'Microsoft.Network/privateDnsZones/SRV@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(SRV.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: SRV -}] diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep deleted file mode 100644 index 7f3f62be7e..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the SRV record.') -param name string - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The list of SRV records in the record set.') -param srvRecords array = [] - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource SRV 'Microsoft.Network/privateDnsZones/SRV@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - metadata: metadata - srvRecords: srvRecords - ttl: ttl - } -} - -module SRV_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSSRV-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: SRV.id - } -}] - -@description('The name of the deployed SRV record.') -output name string = SRV.name - -@description('The resource ID of the deployed SRV record.') -output resourceId string = SRV.id - -@description('The resource group of the deployed SRV record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/readme.md b/modules/Microsoft.Network/privateDnsZones/SRV/readme.md deleted file mode 100644 index 666950156e..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SRV/readme.md +++ /dev/null @@ -1,105 +0,0 @@ -# Private DNS Zone SRV record `[Microsoft.Network/privateDnsZones/SRV]` - -This module deploys a Private DNS Zone TXT record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/SRV` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SRV) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SRV record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `srvRecords` | array | `[]` | The list of SRV records in the record set. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed SRV record. | -| `resourceGroupName` | string | The resource group of the deployed SRV record. | -| `resourceId` | string | The resource ID of the deployed SRV record. | diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/version.json b/modules/Microsoft.Network/privateDnsZones/SRV/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/SRV/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 8635e9dd44..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource TXT 'Microsoft.Network/privateDnsZones/TXT@2018-09-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(TXT.name, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: TXT -}] diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep deleted file mode 100644 index 22ee2d2c18..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Required. The name of the TXT record.') -param name string - -@description('Optional. The metadata attached to the record set.') -param metadata object = {} - -@description('Optional. The TTL (time-to-live) of the records in the record set.') -param ttl int = 3600 - -@description('Optional. The list of TXT records in the record set.') -param txtRecords array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource TXT 'Microsoft.Network/privateDnsZones/TXT@2020-06-01' = { - name: name - parent: privateDnsZone - properties: { - metadata: metadata - ttl: ttl - txtRecords: txtRecords - } -} - -module TXT_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-PDNSTXT-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: TXT.id - } -}] - -@description('The name of the deployed TXT record.') -output name string = TXT.name - -@description('The resource ID of the deployed TXT record.') -output resourceId string = TXT.id - -@description('The resource group of the deployed TXT record.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/readme.md b/modules/Microsoft.Network/privateDnsZones/TXT/readme.md deleted file mode 100644 index c52714202b..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/TXT/readme.md +++ /dev/null @@ -1,138 +0,0 @@ -# Private DNS Zone TXT record `[Microsoft.Network/privateDnsZones/TXT]` - -This module deploys a Private DNS Zone TXT record. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones/TXT` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/TXT) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the TXT record. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `metadata` | object | `{object}` | The metadata attached to the record set. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ttl` | int | `3600` | The TTL (time-to-live) of the records in the record set. | -| `txtRecords` | array | `[]` | The list of TXT records in the record set. | - - -### Parameter Usage: `txtRecords` - -

- -Parameter JSON format - -```json -"txtRecords": { - "value": [ - { - "value": [ "string" ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -txtRecords: [ - { - value: [ 'string' ] - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed TXT record. | -| `resourceGroupName` | string | The resource group of the deployed TXT record. | -| `resourceId` | string | The resource ID of the deployed TXT record. | diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/version.json b/modules/Microsoft.Network/privateDnsZones/TXT/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/TXT/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/deploy.bicep deleted file mode 100644 index fe12dc9a65..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/deploy.bicep +++ /dev/null @@ -1,218 +0,0 @@ -@description('Required. Private DNS zone name.') -param name string - -@description('Optional. Array of A records.') -param a array = [] - -@description('Optional. Array of AAAA records.') -param aaaa array = [] - -@description('Optional. Array of CNAME records.') -param cname array = [] - -@description('Optional. Array of MX records.') -param mx array = [] - -@description('Optional. Array of PTR records.') -param ptr array = [] - -@description('Optional. Array of SOA records.') -param soa array = [] - -@description('Optional. Array of SRV records.') -param srv array = [] - -@description('Optional. Array of TXT records.') -param txt array = [] - -@description('Optional. Array of custom objects describing vNet links of the DNS zone. Each object should contain properties \'vnetResourceId\' and \'registrationEnabled\'. The \'vnetResourceId\' is a resource ID of a vNet to link, \'registrationEnabled\' (bool) enables automatic DNS registration in the zone for the linked vNet.') -param virtualNetworkLinks array = [] - -@description('Optional. The location of the PrivateDNSZone. Should be global.') -param location string = 'global' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { - name: name - location: location - tags: tags -} - -module privateDnsZone_A 'A/deploy.bicep' = [for (aRecord, index) in a: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-ARecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: aRecord.name - aRecords: contains(aRecord, 'aRecords') ? aRecord.aRecords : [] - metadata: contains(aRecord, 'metadata') ? aRecord.metadata : {} - ttl: contains(aRecord, 'ttl') ? aRecord.ttl : 3600 - roleAssignments: contains(aRecord, 'roleAssignments') ? aRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_AAAA 'AAAA/deploy.bicep' = [for (aaaaRecord, index) in aaaa: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-AAAARecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: aaaaRecord.name - aaaaRecords: contains(aaaaRecord, 'aaaaRecords') ? aaaaRecord.aaaaRecords : [] - metadata: contains(aaaaRecord, 'metadata') ? aaaaRecord.metadata : {} - ttl: contains(aaaaRecord, 'ttl') ? aaaaRecord.ttl : 3600 - roleAssignments: contains(aaaaRecord, 'roleAssignments') ? aaaaRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_CNAME 'CNAME/deploy.bicep' = [for (cnameRecord, index) in cname: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-CNAMERecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: cnameRecord.name - cnameRecord: contains(cnameRecord, 'cnameRecord') ? cnameRecord.cnameRecord : {} - metadata: contains(cnameRecord, 'metadata') ? cnameRecord.metadata : {} - ttl: contains(cnameRecord, 'ttl') ? cnameRecord.ttl : 3600 - roleAssignments: contains(cnameRecord, 'roleAssignments') ? cnameRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_MX 'MX/deploy.bicep' = [for (mxRecord, index) in mx: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-MXRecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: mxRecord.name - metadata: contains(mxRecord, 'metadata') ? mxRecord.metadata : {} - mxRecords: contains(mxRecord, 'mxRecords') ? mxRecord.mxRecords : [] - ttl: contains(mxRecord, 'ttl') ? mxRecord.ttl : 3600 - roleAssignments: contains(mxRecord, 'roleAssignments') ? mxRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_PTR 'PTR/deploy.bicep' = [for (ptrRecord, index) in ptr: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-PTRRecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: ptrRecord.name - metadata: contains(ptrRecord, 'metadata') ? ptrRecord.metadata : {} - ptrRecords: contains(ptrRecord, 'ptrRecords') ? ptrRecord.ptrRecords : [] - ttl: contains(ptrRecord, 'ttl') ? ptrRecord.ttl : 3600 - roleAssignments: contains(ptrRecord, 'roleAssignments') ? ptrRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_SOA 'SOA/deploy.bicep' = [for (soaRecord, index) in soa: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-SOARecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: soaRecord.name - metadata: contains(soaRecord, 'metadata') ? soaRecord.metadata : {} - soaRecord: contains(soaRecord, 'soaRecord') ? soaRecord.soaRecord : {} - ttl: contains(soaRecord, 'ttl') ? soaRecord.ttl : 3600 - roleAssignments: contains(soaRecord, 'roleAssignments') ? soaRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_SRV 'SRV/deploy.bicep' = [for (srvRecord, index) in srv: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-SRVRecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: srvRecord.name - metadata: contains(srvRecord, 'metadata') ? srvRecord.metadata : {} - srvRecords: contains(srvRecord, 'srvRecords') ? srvRecord.srvRecords : [] - ttl: contains(srvRecord, 'ttl') ? srvRecord.ttl : 3600 - roleAssignments: contains(srvRecord, 'roleAssignments') ? srvRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_TXT 'TXT/deploy.bicep' = [for (txtRecord, index) in txt: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-TXTRecord-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: txtRecord.name - metadata: contains(txtRecord, 'metadata') ? txtRecord.metadata : {} - txtRecords: contains(txtRecord, 'txtRecords') ? txtRecord.txtRecords : [] - ttl: contains(txtRecord, 'ttl') ? txtRecord.ttl : 3600 - roleAssignments: contains(txtRecord, 'roleAssignments') ? txtRecord.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module privateDnsZone_virtualNetworkLinks 'virtualNetworkLinks/deploy.bicep' = [for (virtualNetworkLink, index) in virtualNetworkLinks: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-VirtualNetworkLink-${index}' - params: { - privateDnsZoneName: privateDnsZone.name - name: contains(virtualNetworkLink, 'name') ? virtualNetworkLink.name : '${last(split(virtualNetworkLink.virtualNetworkResourceId, '/'))}-vnetlink' - virtualNetworkResourceId: virtualNetworkLink.virtualNetworkResourceId - location: contains(virtualNetworkLink, 'location') ? virtualNetworkLink.location : 'global' - registrationEnabled: contains(virtualNetworkLink, 'registrationEnabled') ? virtualNetworkLink.registrationEnabled : false - tags: contains(virtualNetworkLink, 'tags') ? virtualNetworkLink.tags : {} - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource privateDnsZone_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${privateDnsZone.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: privateDnsZone -} - -module privateDnsZone_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-PrivateDnsZone-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: privateDnsZone.id - } -}] - -@description('The resource group the private DNS zone was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the private DNS zone.') -output name string = privateDnsZone.name - -@description('The resource ID of the private DNS zone.') -output resourceId string = privateDnsZone.id - -@description('The location the resource was deployed into.') -output location string = privateDnsZone.location diff --git a/modules/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md deleted file mode 100644 index 17fe8f45ba..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/readme.md +++ /dev/null @@ -1,592 +0,0 @@ -# Private DNS Zones `[Microsoft.Network/privateDnsZones]` - -This template deploys a private DNS zone. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateDnsZones` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones) | -| `Microsoft.Network/privateDnsZones/A` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/A) | -| `Microsoft.Network/privateDnsZones/AAAA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/AAAA) | -| `Microsoft.Network/privateDnsZones/CNAME` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/CNAME) | -| `Microsoft.Network/privateDnsZones/MX` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/MX) | -| `Microsoft.Network/privateDnsZones/PTR` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/PTR) | -| `Microsoft.Network/privateDnsZones/SOA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SOA) | -| `Microsoft.Network/privateDnsZones/SRV` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SRV) | -| `Microsoft.Network/privateDnsZones/TXT` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/TXT) | -| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Private DNS zone name. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `a` | _[a](a/readme.md)_ array | `[]` | | Array of A records. | -| `aaaa` | _[aaaa](aaaa/readme.md)_ array | `[]` | | Array of AAAA records. | -| `cname` | _[cname](cname/readme.md)_ array | `[]` | | Array of CNAME records. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `'global'` | | The location of the PrivateDNSZone. Should be global. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `mx` | _[mx](mx/readme.md)_ array | `[]` | | Array of MX records. | -| `ptr` | _[ptr](ptr/readme.md)_ array | `[]` | | Array of PTR records. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `soa` | _[soa](soa/readme.md)_ array | `[]` | | Array of SOA records. | -| `srv` | _[srv](srv/readme.md)_ array | `[]` | | Array of SRV records. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `txt` | _[txt](txt/readme.md)_ array | `[]` | | Array of TXT records. | -| `virtualNetworkLinks` | _[virtualNetworkLinks](virtualNetworkLinks/readme.md)_ array | `[]` | | Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private DNS zone. | -| `resourceGroupName` | string | The resource group the private DNS zone was deployed into. | -| `resourceId` | string | The resource ID of the private DNS zone. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-001.com" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateDnsZones' - params: { - name: '<>-az-privdns-x-001.com' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-privdns-x-002.com" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "AAAA": { - "value": [ - { - "name": "AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334", - "ttl": 3600, - "aaaaRecords": [ - { - "ipv6Address": "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - } - ] - } - ] - }, - "A": { - "value": [ - { - "name": "A_10.240.4.4", - "ttl": 3600, - "aRecords": [ - { - "ipv4Address": "10.240.4.4" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "CNAME": { - "value": [ - { - "name": "CNAME_test", - "ttl": 3600, - "cnameRecord": { - "cname": "test" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "MX": { - "value": [ - { - "name": "MX_contoso", - "ttl": 3600, - "mxRecords": [ - { - "exchange": "contoso.com", - "preference": 100 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "PTR": { - "value": [ - { - "name": "PTR_contoso", - "ttl": 3600, - "ptrRecords": [ - { - "ptrdname": "contoso.com" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SOA": { - "value": [ - { - "name": "@", - "ttl": 3600, - "soaRecord": { - "email": "azureprivatedns-host.microsoft.com", - "expireTime": 2419200, - "host": "azureprivatedns.net", - "minimumTtl": 10, - "refreshTime": 3600, - "retryTime": 300, - "serialNumber": "1" - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "SRV": { - "value": [ - { - "name": "SRV_contoso", - "ttl": 3600, - "srvRecords": [ - { - "port": 9332, - "priority": 0, - "target": "test.contoso.com", - "weight": 0 - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "TXT": { - "value": [ - { - "name": "TXT_test", - "ttl": 3600, - "txtRecords": [ - { - "value": [ - "test" - ] - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "virtualNetworkLinks": { - "value": [ - { - "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001", - "registrationEnabled": true - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateDnsZones './Microsoft.Network/privateDnsZones/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateDnsZones' - params: { - name: '<>-az-privdns-x-002.com' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - AAAA: [ - { - name: 'AAAA_2001_0db8_85a3_0000_0000_8a2e_0370_7334' - ttl: 3600 - aaaaRecords: [ - { - ipv6Address: '2001:0db8:85a3:0000:0000:8a2e:0370:7334' - } - ] - } - ] - A: [ - { - name: 'A_10.240.4.4' - ttl: 3600 - aRecords: [ - { - ipv4Address: '10.240.4.4' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - CNAME: [ - { - name: 'CNAME_test' - ttl: 3600 - cnameRecord: { - cname: 'test' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - MX: [ - { - name: 'MX_contoso' - ttl: 3600 - mxRecords: [ - { - exchange: 'contoso.com' - preference: 100 - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - PTR: [ - { - name: 'PTR_contoso' - ttl: 3600 - ptrRecords: [ - { - ptrdname: 'contoso.com' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - SOA: [ - { - name: '@' - ttl: 3600 - soaRecord: { - email: 'azureprivatedns-host.microsoft.com' - expireTime: 2419200 - host: 'azureprivatedns.net' - minimumTtl: 10 - refreshTime: 3600 - retryTime: 300 - serialNumber: '1' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - SRV: [ - { - name: 'SRV_contoso' - ttl: 3600 - srvRecords: [ - { - port: 9332 - priority: 0 - target: 'test.contoso.com' - weight: 0 - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - TXT: [ - { - name: 'TXT_test' - ttl: 3600 - txtRecords: [ - { - value: [ - 'test' - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - ] - virtualNetworkLinks: [ - { - virtualNetworkResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' - registrationEnabled: true - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/privateDnsZones/version.json b/modules/Microsoft.Network/privateDnsZones/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep deleted file mode 100644 index 15962527f0..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/deploy.bicep +++ /dev/null @@ -1,61 +0,0 @@ -@description('Conditional. The name of the parent Private DNS zone. Required if the template is used in a standalone deployment.') -param privateDnsZoneName string - -@description('Optional. The name of the virtual network link.') -param name string = '${last(split(virtualNetworkResourceId, '/'))}-vnetlink' - -@description('Optional. The location of the PrivateDNSZone. Should be global.') -param location string = 'global' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?.') -param registrationEnabled bool = false - -@description('Required. Link to another virtual network resource ID.') -param virtualNetworkResourceId string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { - name: privateDnsZoneName -} - -resource virtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { - name: name - parent: privateDnsZone - location: location - tags: tags - properties: { - registrationEnabled: registrationEnabled - virtualNetwork: { - id: virtualNetworkResourceId - } - } -} - -@description('The name of the deployed virtual network link.') -output name string = virtualNetworkLink.name - -@description('The resource ID of the deployed virtual network link.') -output resourceId string = virtualNetworkLink.id - -@description('The resource group of the deployed virtual network link.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = virtualNetworkLink.location diff --git a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md deleted file mode 100644 index 3a87085148..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/readme.md +++ /dev/null @@ -1,87 +0,0 @@ -# Private DNS Zone Virtual Network Link `[Microsoft.Network/privateDnsZones/virtualNetworkLinks]` - -This module deploys private dns zone virtual network links. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/privateDnsZones/virtualNetworkLinks` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/virtualNetworkLinks) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualNetworkResourceId` | string | Link to another virtual network resource ID. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDnsZoneName` | string | The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `'global'` | The location of the PrivateDNSZone. Should be global. | -| `name` | string | `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` | The name of the virtual network link. | -| `registrationEnabled` | bool | `False` | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. | -| `tags` | object | `{object}` | Tags of the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed virtual network link. | -| `resourceGroupName` | string | The resource group of the deployed virtual network link. | -| `resourceId` | string | The resource ID of the deployed virtual network link. | diff --git a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json b/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/privateDnsZones/virtualNetworkLinks/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index a6cc5bf005..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(privateEndpoint.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: privateEndpoint -}] diff --git a/modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json deleted file mode 100644 index aa3ea8eba2..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pe-kvlt-min-001" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" - }, - "groupIds": { - "value": [ - "vault" - ] - } - } -} diff --git a/modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json b/modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json deleted file mode 100644 index eff507a0b2..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/.deploymentTests/parameters.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pe-kvlt-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" - }, - "groupIds": { - "value": [ - "vault" - ] - }, - "privateDnsZoneGroups": { - "value": [ - { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/privateEndpoints/deploy.bicep b/modules/Microsoft.Network/privateEndpoints/deploy.bicep deleted file mode 100644 index 06cab55b1f..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/deploy.bicep +++ /dev/null @@ -1,117 +0,0 @@ -@description('Required. Name of the private endpoint resource to create.') -param name string - -@description('Required. Resource ID of the subnet where the endpoint needs to be created.') -param subnetResourceId string - -@description('Required. Resource ID of the resource that needs to be connected to the network.') -param serviceResourceId string - -@description('Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to.') -param groupIds array - -@description('Optional. Array of Private DNS zone groups configuration on the private endpoint.') -param privateDnsZoneGroups array = [] - -@description('Optional. Location for all Resources.') -param location string = resourceGroup().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags to be applied on all resources/resource groups in this deployment.') -param tags object = {} - -@description('Optional. Custom DNS configurations.') -param customDnsConfigs array = [] - -@description('Optional. Manual PrivateLink Service Connections.') -param manualPrivateLinkServiceConnections array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - privateLinkServiceConnections: [ - { - name: name - properties: { - privateLinkServiceId: serviceResourceId - groupIds: groupIds - } - } - ] - manualPrivateLinkServiceConnections: manualPrivateLinkServiceConnections - subnet: { - id: subnetResourceId - } - customDnsConfigs: customDnsConfigs - } -} - -module privateEndpoint_privateDnsZoneGroups 'privateDnsZoneGroups/deploy.bicep' = [for (privateDnsZoneGroup, index) in privateDnsZoneGroups: { - name: '${uniqueString(deployment().name, location)}-PrivateEndpoint-PrivateDnsZoneGroup-${index}' - params: { - privateDNSResourceIds: privateDnsZoneGroup.privateDNSResourceIds - privateEndpointName: privateEndpoint.name - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource privateEndpoint_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${privateEndpoint.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: privateEndpoint -} - -module privateEndpoint_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-PrivateEndpoint-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: privateEndpoint.id - } -}] - -@description('The resource group the private endpoint was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the private endpoint.') -output resourceId string = privateEndpoint.id - -@description('The name of the private endpoint.') -output name string = privateEndpoint.name - -@description('The location the resource was deployed into.') -output location string = privateEndpoint.location diff --git a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep deleted file mode 100644 index 46e9dd21b9..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep +++ /dev/null @@ -1,51 +0,0 @@ -@description('Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment.') -param privateEndpointName string - -@description('Required. List of private DNS resource IDs.') -param privateDNSResourceIds array - -@description('Optional. The name of the private DNS Zone Group.') -param name string = 'default' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -var privateDnsZoneConfigs = [for privateDNSResourceId in privateDNSResourceIds: { - name: last(split(privateDNSResourceId, '/')) - properties: { - privateDnsZoneId: privateDNSResourceId - } -}] - -resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' existing = { - name: privateEndpointName -} - -resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-05-01' = { - name: name - parent: privateEndpoint - properties: { - privateDnsZoneConfigs: privateDnsZoneConfigs - } -} - -@description('The name of the private endpoint DNS zone group.') -output name string = privateDnsZoneGroup.name - -@description('The resource ID of the private endpoint DNS zone group.') -output resourceId string = privateDnsZoneGroup.id - -@description('The resource group the private endpoint DNS zone group was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md deleted file mode 100644 index 6d827b810d..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# Network Private Endpoint Private DNS Zone Group `[Microsoft.Network/privateEndpoints/privateDnsZoneGroups]` - -This module deploys a private endpoint private DNS zone group - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateDNSResourceIds` | array | List of private DNS resource IDs. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `privateEndpointName` | string | The name of the parent private endpoint. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | The name of the private DNS Zone Group. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the private endpoint DNS zone group. | -| `resourceGroupName` | string | The resource group the private endpoint DNS zone group was deployed into. | -| `resourceId` | string | The resource ID of the private endpoint DNS zone group. | diff --git a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json b/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/privateEndpoints/readme.md b/modules/Microsoft.Network/privateEndpoints/readme.md deleted file mode 100644 index 66b5e836ff..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/readme.md +++ /dev/null @@ -1,305 +0,0 @@ -# Private Endpoints `[Microsoft.Network/privateEndpoints]` - -This template deploys a private endpoint for a generic service. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | - -### Resource dependency - -The following resources are required to be able to deploy this resource: - -- `PrivateDNSZone` -- `VirtualNetwork/subnet` -- The service that needs to be connected through private endpoint - -**Important**: Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `groupIds` | array | Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. | -| `name` | string | Name of the private endpoint resource to create. | -| `serviceResourceId` | string | Resource ID of the resource that needs to be connected to the network. | -| `subnetResourceId` | string | Resource ID of the subnet where the endpoint needs to be created. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customDnsConfigs` | array | `[]` | | Custom DNS configurations. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `manualPrivateLinkServiceConnections` | array | `[]` | | Manual PrivateLink Service Connections. | -| `privateDnsZoneGroups` | _[privateDnsZoneGroups](privateDnsZoneGroups/readme.md)_ array | `[]` | | Array of Private DNS zone groups configuration on the private endpoint. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags to be applied on all resources/resource groups in this deployment. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private endpoint. | -| `resourceGroupName` | string | The resource group the private endpoint was deployed into. | -| `resourceId` | string | The resource ID of the private endpoint. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pe-kvlt-min-001" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" - }, - "groupIds": { - "value": [ - "vault" - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateEndpoints' - params: { - name: '<>-az-pe-kvlt-min-001' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe' - groupIds: [ - 'vault' - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pe-kvlt-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" - }, - "groupIds": { - "value": [ - "vault" - ] - }, - "privateDnsZoneGroups": { - "value": [ - { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateEndpoints' - params: { - name: '<>-az-pe-kvlt-001' - lock: 'CanNotDelete' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe' - groupIds: [ - 'vault' - ] - privateDnsZoneGroups: [ - { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net' - ] - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/privateEndpoints/version.json b/modules/Microsoft.Network/privateEndpoints/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/privateEndpoints/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 4a612c4c1a..0000000000 --- a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,59 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(publicIpAddress.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: publicIpAddress -}] diff --git a/modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json b/modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json deleted file mode 100644 index 9a95bc279f..0000000000 --- a/modules/Microsoft.Network/publicIPAddresses/.deploymentTests/parameters.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pip-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "skuName": { - "value": "Standard" - }, - "publicIPAllocationMethod": { - "value": "Static" - }, - "zones": { - "value": [ - "1", - "2", - "3" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep deleted file mode 100644 index 1250d6f966..0000000000 --- a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep +++ /dev/null @@ -1,197 +0,0 @@ -@description('Required. The name of the Public IP Address.') -param name string - -@description('Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix.') -param publicIPPrefixResourceId string = '' - -@description('Optional. The public IP address allocation method.') -@allowed([ - 'Dynamic' - 'Static' -]) -param publicIPAllocationMethod string = 'Dynamic' - -@description('Optional. Name of a public IP address SKU.') -@allowed([ - 'Basic' - 'Standard' -]) -param skuName string = 'Basic' - -@description('Optional. Tier of a public IP address SKU.') -@allowed([ - 'Global' - 'Regional' -]) -param skuTier string = 'Regional' - -@description('Optional. A list of availability zones denoting the IP allocated for the resource needs to come from.') -param zones array = [] - -@description('Optional. IP address version.') -@allowed([ - 'IPv4' - 'IPv6' -]) -param publicIPAddressVersion string = 'IPv4' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -]) -param diagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var publicIPPrefix = { - id: publicIPPrefixResourceId -} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: skuName - tier: skuTier - } - zones: zones - properties: { - publicIPAddressVersion: publicIPAddressVersion - publicIPAllocationMethod: publicIPAllocationMethod - publicIPPrefix: !empty(publicIPPrefixResourceId) ? publicIPPrefix : null - idleTimeoutInMinutes: 4 - ipTags: [] - } -} - -resource publicIpAddress_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${publicIpAddress.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: publicIpAddress -} - -resource publicIpAddress_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: publicIpAddress -} - -module publicIpAddress_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-PIPAddress-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: publicIpAddress.id - } -}] - -@description('The resource group the public IP address was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the public IP address.') -output name string = publicIpAddress.name - -@description('The resource ID of the public IP address.') -output resourceId string = publicIpAddress.id - -@description('The public IP address of the public IP address resource.') -output ipAddress string = publicIpAddress.properties.ipAddress - -@description('The location the resource was deployed into.') -output location string = publicIpAddress.location diff --git a/modules/Microsoft.Network/publicIPAddresses/readme.md b/modules/Microsoft.Network/publicIPAddresses/readme.md deleted file mode 100644 index a8cd9907eb..0000000000 --- a/modules/Microsoft.Network/publicIPAddresses/readme.md +++ /dev/null @@ -1,258 +0,0 @@ -# Public IP Addresses `[Microsoft.Network/publicIPAddresses]` - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Public IP Address. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIPAddressVersion` | string | `'IPv4'` | `[IPv4, IPv6]` | IP address version. | -| `publicIPAllocationMethod` | string | `'Dynamic'` | `[Dynamic, Static]` | The public IP address allocation method. | -| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Basic'` | `[Basic, Standard]` | Name of a public IP address SKU. | -| `skuTier` | string | `'Regional'` | `[Global, Regional]` | Tier of a public IP address SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zones` | array | `[]` | | A list of availability zones denoting the IP allocated for the resource needs to come from. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `ipAddress` | string | The public IP address of the public IP address resource. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the public IP address. | -| `resourceGroupName` | string | The resource group the public IP address was deployed into. | -| `resourceId` | string | The resource ID of the public IP address. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pip-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "skuName": { - "value": "Standard" - }, - "publicIPAllocationMethod": { - "value": "Static" - }, - "zones": { - "value": [ - "1", - "2", - "3" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module publicIPAddresses './Microsoft.Network/publicIPAddresses/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-publicIPAddresses' - params: { - name: '<>-az-pip-x-001' - lock: 'CanNotDelete' - skuName: 'Standard' - publicIPAllocationMethod: 'Static' - zones: [ - '1' - '2' - '3' - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/publicIPAddresses/version.json b/modules/Microsoft.Network/publicIPAddresses/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/publicIPAddresses/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index dc6c41bb2e..0000000000 --- a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(publicIpPrefix.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: publicIpPrefix -}] diff --git a/modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json b/modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json deleted file mode 100644 index 4367694850..0000000000 --- a/modules/Microsoft.Network/publicIPPrefixes/.deploymentTests/parameters.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pippfx-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "prefixLength": { - "value": 28 - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep b/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep deleted file mode 100644 index 7243033c9c..0000000000 --- a/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ /dev/null @@ -1,85 +0,0 @@ -@description('Required. Name of the Public IP Prefix.') -@minLength(1) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. Length of the Public IP Prefix.') -@minValue(28) -@maxValue(31) -param prefixLength int - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-05-01' = { - name: name - location: location - tags: tags - sku: { - name: 'Standard' - } - properties: { - publicIPAddressVersion: 'IPv4' - prefixLength: prefixLength - } -} - -resource publicIpPrefix_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${publicIpPrefix.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: publicIpPrefix -} - -module publicIpPrefix_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-PIPPrefix-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: publicIpPrefix.id - } -}] - -@description('The resource ID of the public IP prefix.') -output resourceId string = publicIpPrefix.id - -@description('The resource group the public IP prefix was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the public IP prefix.') -output name string = publicIpPrefix.name - -@description('The location the resource was deployed into.') -output location string = publicIpPrefix.location diff --git a/modules/Microsoft.Network/publicIPPrefixes/readme.md b/modules/Microsoft.Network/publicIPPrefixes/readme.md deleted file mode 100644 index 32881b7905..0000000000 --- a/modules/Microsoft.Network/publicIPPrefixes/readme.md +++ /dev/null @@ -1,209 +0,0 @@ -# Public IP Prefixes `[Microsoft.Network/publicIPPrefixes]` - -This template deploys a public IP prefix. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/publicIPPrefixes` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPPrefixes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Public IP Prefix. | -| `prefixLength` | int | Length of the Public IP Prefix. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the public IP prefix. | -| `resourceGroupName` | string | The resource group the public IP prefix was deployed into. | -| `resourceId` | string | The resource ID of the public IP prefix. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-pippfx-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "prefixLength": { - "value": 28 - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module publicIPPrefixes './Microsoft.Network/publicIPPrefixes/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-publicIPPrefixes' - params: { - name: '<>-az-pippfx-x-001' - lock: 'CanNotDelete' - prefixLength: 28 - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/publicIPPrefixes/version.json b/modules/Microsoft.Network/publicIPPrefixes/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/publicIPPrefixes/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 0d6e78fcec..0000000000 --- a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource routeTable 'Microsoft.Network/routeTables@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(routeTable.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: routeTable -}] diff --git a/modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json b/modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json deleted file mode 100644 index 65fa5d2d91..0000000000 --- a/modules/Microsoft.Network/routeTables/.deploymentTests/parameters.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-udr-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "routes": { - "value": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "nextHopType": "VirtualAppliance", - "nextHopIpAddress": "172.16.0.20" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/routeTables/deploy.bicep b/modules/Microsoft.Network/routeTables/deploy.bicep deleted file mode 100644 index 9f21c8ec56..0000000000 --- a/modules/Microsoft.Network/routeTables/deploy.bicep +++ /dev/null @@ -1,82 +0,0 @@ -@description('Required. Name given for the hub route table.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. An Array of Routes to be established within the hub route table.') -param routes array = [] - -@description('Optional. Switch to disable BGP route propagation.') -param disableBgpRoutePropagation bool = false - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource routeTable 'Microsoft.Network/routeTables@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - routes: routes - disableBgpRoutePropagation: disableBgpRoutePropagation - } -} - -resource routeTable_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${routeTable.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: routeTable -} - -module routeTable_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-RouteTable-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: routeTable.id - } -}] - -@description('The resource group the route table was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the route table.') -output name string = routeTable.name - -@description('The resource ID of the route table.') -output resourceId string = routeTable.id - -@description('The location the resource was deployed into.') -output location string = routeTable.location diff --git a/modules/Microsoft.Network/routeTables/readme.md b/modules/Microsoft.Network/routeTables/readme.md deleted file mode 100644 index 7bbf95c725..0000000000 --- a/modules/Microsoft.Network/routeTables/readme.md +++ /dev/null @@ -1,317 +0,0 @@ -# Route Tables `[Microsoft.Network/routeTables]` - -This module deploys a user defined route table. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/routeTables` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/routeTables) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name given for the hub route table. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `disableBgpRoutePropagation` | bool | `False` | | Switch to disable BGP route propagation. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routes` | array | `[]` | | An Array of Routes to be established within the hub route table. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `routes` - -The `routes` parameter accepts a JSON Array of Route objects to deploy to the Route Table. - -Here's an example of specifying a few routes: - -

- -Parameter JSON format - -```json -"routes": { - "value": [ - { - "name": "tojumpboxes", - "properties": { - "addressPrefix": "172.16.0.48/28", - "nextHopType": "VnetLocal" - } - }, - { - "name": "tosharedservices", - "properties": { - "addressPrefix": "172.16.0.64/27", - "nextHopType": "VnetLocal" - } - }, - { - "name": "toonprem", - "properties": { - "addressPrefix": "10.0.0.0/8", - "nextHopType": "VirtualNetworkGateway" - } - }, - { - "name": "tonva", - "properties": { - "addressPrefix": "172.16.0.0/18", - "nextHopType": "VirtualAppliance", - "nextHopIpAddress": "172.16.0.20" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -routes: [ - { - name: 'tojumpboxes' - properties: { - addressPrefix: '172.16.0.48/28' - nextHopType: 'VnetLocal' - } - } - { - name: 'tosharedservices' - properties: { - addressPrefix: '172.16.0.64/27' - nextHopType: 'VnetLocal' - } - } - { - name: 'toonprem' - properties: { - addressPrefix: '10.0.0.0/8' - nextHopType: 'VirtualNetworkGateway' - } - } - { - name: 'tonva' - properties: { - addressPrefix: '172.16.0.0/18' - nextHopType: 'VirtualAppliance' - nextHopIpAddress: '172.16.0.20' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the route table. | -| `resourceGroupName` | string | The resource group the route table was deployed into. | -| `resourceId` | string | The resource ID of the route table. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-udr-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "routes": { - "value": [ - { - "name": "default", - "properties": { - "addressPrefix": "0.0.0.0/0", - "nextHopType": "VirtualAppliance", - "nextHopIpAddress": "172.16.0.20" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module routeTables './Microsoft.Network/routeTables/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-routeTables' - params: { - name: '<>-az-udr-x-001' - lock: 'CanNotDelete' - routes: [ - { - name: 'default' - properties: { - addressPrefix: '0.0.0.0/0' - nextHopType: 'VirtualAppliance' - nextHopIpAddress: '172.16.0.20' - } - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/routeTables/version.json b/modules/Microsoft.Network/routeTables/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/routeTables/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 10e6217855..0000000000 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Traffic Manager Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource trafficmanagerprofile 'Microsoft.Network/trafficmanagerprofiles@2018-08-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(trafficmanagerprofile.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: trafficmanagerprofile -}] diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json b/modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json deleted file mode 100644 index 220f646c39..0000000000 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.deploymentTests/parameters.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "tm-000001" - }, - "lock": { - "value": "CanNotDelete" - }, - "relativeName": { - "value": "tm-000001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep deleted file mode 100644 index b9b15370e0..0000000000 --- a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ /dev/null @@ -1,191 +0,0 @@ -@description('Required. Name of the Traffic Manager.') -@minLength(1) -param name string - -@description('Optional. The status of the Traffic Manager profile.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param profileStatus string = 'Enabled' - -@description('Optional. The traffic routing method of the Traffic Manager profile.') -@allowed([ - 'Performance' - 'Priority' - 'Weighted' - 'Geographic' - 'MultiValue' - 'Subnet' -]) -param trafficRoutingMethod string = 'Performance' - -@description('Required. The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile.') -param relativeName string - -@description('Optional. The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile.') -param ttl int = 60 - -@description('Optional. The endpoint monitoring settings of the Traffic Manager profile.') -param monitorConfig object = { - protocol: 'http' - port: '80' - path: '/' -} - -@description('Optional. The list of endpoints in the Traffic Manager profile.') -param endpoints array = [] - -@description('Optional. Indicates whether Traffic View is \'Enabled\' or \'Disabled\' for the Traffic Manager profile. Null, indicates \'Disabled\'. Enabling this feature will increase the cost of the Traffic Manage profile.') -@allowed([ - 'Disabled' - 'Enabled' -]) -param trafficViewEnrollmentStatus string = 'Disabled' - -@description('Optional. Maximum number of endpoints to be returned for MultiValue routing type.') -param maxReturn int = 1 - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'ProbeHealthStatusEvents' -]) -param diagnosticLogCategoriesToEnable array = [ - 'ProbeHealthStatusEvents' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource trafficManagerProfile 'Microsoft.Network/trafficmanagerprofiles@2018-08-01' = { - name: name - tags: tags - location: 'global' - properties: { - profileStatus: profileStatus - trafficRoutingMethod: trafficRoutingMethod - dnsConfig: { - relativeName: relativeName - ttl: ttl - } - monitorConfig: monitorConfig - endpoints: endpoints - trafficViewEnrollmentStatus: trafficViewEnrollmentStatus - maxReturn: maxReturn - } -} - -resource trafficManagerProfile_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${trafficManagerProfile.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: trafficManagerProfile -} - -resource trafficManagerProfile_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: trafficManagerProfile -} - -module trafficManagerProfile_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name)}-TrafficManagerProfile-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: trafficManagerProfile.id - } -}] - -@description('The resource ID of the traffic manager.') -output resourceId string = trafficManagerProfile.id - -@description('The resource group the traffic manager was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the traffic manager was deployed into.') -output name string = trafficManagerProfile.name diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md deleted file mode 100644 index 884cf361cb..0000000000 --- a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md +++ /dev/null @@ -1,333 +0,0 @@ -# Traffic Manager Profiles `[Microsoft.Network/trafficmanagerprofiles]` - -This module deploys a traffic manager profile. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/trafficmanagerprofiles` | [2018-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Traffic Manager. | -| `relativeName` | string | The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ProbeHealthStatusEvents]` | `[ProbeHealthStatusEvents]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpoints` | array | `[]` | | The list of endpoints in the Traffic Manager profile. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxReturn` | int | `1` | | Maximum number of endpoints to be returned for MultiValue routing type. | -| `monitorConfig` | object | `{object}` | | The endpoint monitoring settings of the Traffic Manager profile. | -| `profileStatus` | string | `'Enabled'` | `[Enabled, Disabled]` | The status of the Traffic Manager profile. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | -| `trafficRoutingMethod` | string | `'Performance'` | `[Performance, Priority, Weighted, Geographic, MultiValue, Subnet]` | The traffic routing method of the Traffic Manager profile. | -| `trafficViewEnrollmentStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | -| `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | - - -### Parameter Usage: `monitorConfig` - -

- -Parameter JSON format - -```json -"monitorConfig": { - "value": { - "protocol": "http", - "port": "80", - "path": "/" - } -} -``` - -
- -
- -Bicep format - -```bicep -monitorConfig: { - protocol: 'http' - port: '80' - path: '/' -} -``` - -
-

- -### Parameter Usage: `endpoints` - -

- -Parameter JSON format - -```json -"endpoints": { - "value": [ - { - "id": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups//providers/Microsoft.Network/trafficManagerProfiles//azureEndpoints/", - "name": "MyEndpoint001", - "type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints", - "properties": - { - "endpointStatus": "Enabled", - "endpointMonitorStatus": "CheckingEndpoint", - "targetResourceId": "/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups//providers/Microsoft.Network/publicIPAddresses/", - "target": "my-pip-001.eastus.cloudapp.azure.com", - "weight": 1, - "priority": 1, - "endpointLocation": "East US" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -endpoints: [ - { - id: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups//providers/Microsoft.Network/trafficManagerProfiles//azureEndpoints/' - name: 'MyEndpoint001' - type: 'Microsoft.Network/trafficManagerProfiles/azureEndpoints' - properties: - { - endpointStatus: 'Enabled' - endpointMonitorStatus: 'CheckingEndpoint' - targetResourceId: '/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups//providers/Microsoft.Network/publicIPAddresses/' - target: 'my-pip-001.eastus.cloudapp.azure.com' - weight: 1 - priority: 1 - endpointLocation: 'East US' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the traffic manager was deployed into. | -| `resourceGroupName` | string | The resource group the traffic manager was deployed into. | -| `resourceId` | string | The resource ID of the traffic manager. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "tm-000001" - }, - "lock": { - "value": "CanNotDelete" - }, - "relativeName": { - "value": "tm-000001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module trafficmanagerprofiles './Microsoft.Network/trafficmanagerprofiles/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-trafficmanagerprofiles' - params: { - name: 'tm-000001' - lock: 'CanNotDelete' - relativeName: 'tm-000001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/version.json b/modules/Microsoft.Network/trafficmanagerprofiles/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/trafficmanagerprofiles/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json deleted file mode 100644 index dbe2fa650a..0000000000 --- a/modules/Microsoft.Network/virtualHubs/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vhub-min-001" - }, - "addressPrefix": { - "value": "10.0.0.0/16" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json b/modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json deleted file mode 100644 index 2660f1be93..0000000000 --- a/modules/Microsoft.Network/virtualHubs/.deploymentTests/parameters.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vhub-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefix": { - "value": "10.1.0.0/16" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001" - }, - "hubRouteTables": { - "value": [ - { - "name": "routeTable1" - } - ] - }, - "hubVirtualNetworkConnections": { - "value": [ - { - "name": "connection1", - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-vhub", - "routingConfiguration": { - "associatedRouteTable": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1" - }, - "propagatedRouteTables": { - "ids": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1" - } - ], - "labels": [ - "none" - ] - } - } - } - ] - } - } -} diff --git a/modules/Microsoft.Network/virtualHubs/deploy.bicep b/modules/Microsoft.Network/virtualHubs/deploy.bicep deleted file mode 100644 index 3db423a785..0000000000 --- a/modules/Microsoft.Network/virtualHubs/deploy.bicep +++ /dev/null @@ -1,178 +0,0 @@ -@description('Required. The virtual hub name.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Required. Address-prefix for this VirtualHub.') -param addressPrefix string - -@description('Optional. Flag to control transit for VirtualRouter hub.') -param allowBranchToBranchTraffic bool = true - -@description('Optional. Resource ID of the Azure Firewall to link to.') -param azureFirewallId string = '' - -@description('Optional. Resource ID of the Express Route Gateway to link to.') -param expressRouteGatewayId string = '' - -@description('Optional. Resource ID of the Point-to-Site VPN Gateway to link to.') -param p2SVpnGatewayId string = '' - -@description('Optional. The preferred routing gateway types.') -@allowed([ - 'ExpressRoute' - 'None' - 'VpnGateway' - '' -]) -param preferredRoutingGateway string = '' - -@description('Optional. VirtualHub route tables.') -param routeTableRoutes array = [] - -@description('Optional. ID of the Security Partner Provider to link to.') -param securityPartnerProviderId string = '' - -@description('Optional. The Security Provider name.') -param securityProviderName string = '' - -@allowed([ - 'Basic' - 'Standard' -]) -@description('Optional. The sku of this VirtualHub.') -param sku string = 'Standard' - -@description('Optional. List of all virtual hub route table v2s associated with this VirtualHub.') -param virtualHubRouteTableV2s array = [] - -@description('Optional. VirtualRouter ASN.') -param virtualRouterAsn int = -1 - -@description('Optional. VirtualRouter IPs.') -param virtualRouterIps array = [] - -@description('Required. Resource ID of the virtual WAN to link to.') -param virtualWanId string - -@description('Optional. Resource ID of the VPN Gateway to link to.') -param vpnGatewayId string = '' - -@description('Optional. Route tables to create for the virtual hub.') -param hubRouteTables array = [] - -@description('Optional. Virtual network connections to create for the virtual hub.') -param hubVirtualNetworkConnections array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualHub 'Microsoft.Network/virtualHubs@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - addressPrefix: addressPrefix - allowBranchToBranchTraffic: allowBranchToBranchTraffic - azureFirewall: !empty(azureFirewallId) ? { - id: azureFirewallId - } : null - expressRouteGateway: !empty(expressRouteGatewayId) ? { - id: expressRouteGatewayId - } : null - p2SVpnGateway: !empty(p2SVpnGatewayId) ? { - id: p2SVpnGatewayId - } : null - preferredRoutingGateway: !empty(preferredRoutingGateway) ? any(preferredRoutingGateway) : null - routeTable: !empty(routeTableRoutes) ? { - routes: routeTableRoutes - } : null - securityPartnerProvider: !empty(securityPartnerProviderId) ? { - id: securityPartnerProviderId - } : null - securityProviderName: securityProviderName - sku: sku - virtualHubRouteTableV2s: virtualHubRouteTableV2s - virtualRouterAsn: virtualRouterAsn != -1 ? virtualRouterAsn : null - virtualRouterIps: !empty(virtualRouterIps) ? virtualRouterIps : null - virtualWan: { - id: virtualWanId - } - vpnGateway: !empty(vpnGatewayId) ? { - id: vpnGatewayId - } : null - } -} - -resource virtualHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${virtualHub.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualHub -} - -module virtualHub_routeTables 'hubRouteTables/deploy.bicep' = [for (routeTable, index) in hubRouteTables: { - name: '${uniqueString(deployment().name, location)}-routeTable-${index}' - params: { - virtualHubName: virtualHub.name - name: routeTable.name - labels: contains(routeTable, 'labels') ? routeTable.labels : [] - routes: contains(routeTable, 'routes') ? routeTable.routes : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module virtualHub_hubVirtualNetworkConnections 'hubVirtualNetworkConnections/deploy.bicep' = [for (virtualNetworkConnection, index) in hubVirtualNetworkConnections: { - name: '${uniqueString(deployment().name, location)}-connection-${index}' - params: { - virtualHubName: virtualHub.name - name: virtualNetworkConnection.name - enableInternetSecurity: contains(virtualNetworkConnection, 'enableInternetSecurity') ? virtualNetworkConnection.enableInternetSecurity : true - remoteVirtualNetworkId: virtualNetworkConnection.remoteVirtualNetworkId - routingConfiguration: contains(virtualNetworkConnection, 'routingConfiguration') ? virtualNetworkConnection.routingConfiguration : {} - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - virtualHub_routeTables - ] -}] - -@description('The resource group the virtual hub was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the virtual hub.') -output resourceId string = virtualHub.id - -@description('The name of the virtual hub.') -output name string = virtualHub.name - -@description('The location the resource was deployed into.') -output location string = virtualHub.location diff --git a/modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep b/modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep deleted file mode 100644 index 6cda1075f4..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubRouteTables/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@description('Required. The route table name.') -param name string - -@description('Conditional. The name of the parent virtual hub. Required if the template is used in a standalone deployment.') -param virtualHubName string - -@description('Optional. List of labels associated with this route table.') -param labels array = [] - -@description('Optional. List of all routes.') -param routes array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualHub 'Microsoft.Network/virtualHubs@2021-05-01' existing = { - name: virtualHubName -} - -resource hubRouteTable 'Microsoft.Network/virtualHubs/hubRouteTables@2021-05-01' = { - name: name - parent: virtualHub - properties: { - labels: !empty(labels) ? labels : null - routes: !empty(routes) ? routes : null - } -} - -@description('The name of the deployed virtual hub route table.') -output name string = hubRouteTable.name - -@description('The resource ID of the deployed virtual hub route table.') -output resourceId string = hubRouteTable.id - -@description('The resource group the virtual hub route table was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md b/modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md deleted file mode 100644 index b8be56a013..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubRouteTables/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Virtual Hub Route Table `[Microsoft.Network/virtualHubs/hubRouteTables]` - -This module deploys virtual hub route tables. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/virtualHubs/hubRouteTables` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubRouteTables) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The route table name. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `labels` | array | `[]` | List of labels associated with this route table. | -| `routes` | array | `[]` | List of all routes. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed virtual hub route table. | -| `resourceGroupName` | string | The resource group the virtual hub route table was deployed into. | -| `resourceId` | string | The resource ID of the deployed virtual hub route table. | diff --git a/modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json b/modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubRouteTables/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep deleted file mode 100644 index 6d3cc941ab..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/deploy.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@description('Required. The connection name.') -param name string - -@description('Conditional. The name of the parent virtual hub. Required if the template is used in a standalone deployment.') -param virtualHubName string - -@description('Optional. Enable internet security.') -param enableInternetSecurity bool = true - -@description('Required. Resource ID of the virtual network to link to.') -param remoteVirtualNetworkId string - -@description('Optional. Routing Configuration indicating the associated and propagated route tables for this connection.') -param routingConfiguration object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualHub 'Microsoft.Network/virtualHubs@2021-05-01' existing = { - name: virtualHubName -} - -resource hubVirtualNetworkConnection 'Microsoft.Network/virtualHubs/hubVirtualNetworkConnections@2021-05-01' = { - name: name - parent: virtualHub - properties: { - enableInternetSecurity: enableInternetSecurity - remoteVirtualNetwork: { - id: remoteVirtualNetworkId - } - routingConfiguration: !empty(routingConfiguration) ? routingConfiguration : null - } -} - -@description('The resource group the virtual hub connection was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the virtual hub connection.') -output resourceId string = hubVirtualNetworkConnection.id - -@description('The name of the virtual hub connection.') -output name string = hubVirtualNetworkConnection.name diff --git a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md deleted file mode 100644 index a3033acf10..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/readme.md +++ /dev/null @@ -1,48 +0,0 @@ -# Virtual Hub Virtual Network Connections `[Microsoft.Network/virtualHubs/hubVirtualNetworkConnections]` - -This module deploys virtual hub virtual network connections. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubVirtualNetworkConnections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The connection name. | -| `remoteVirtualNetworkId` | string | Resource ID of the virtual network to link to. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableInternetSecurity` | bool | `True` | Enable internet security. | -| `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. | - - -### Parameter Usage: `hubVirtualNetworkConnections` - -... - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual hub connection. | -| `resourceGroupName` | string | The resource group the virtual hub connection was deployed into. | -| `resourceId` | string | The resource ID of the virtual hub connection. | diff --git a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json b/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualHubs/hubVirtualNetworkConnections/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualHubs/readme.md b/modules/Microsoft.Network/virtualHubs/readme.md deleted file mode 100644 index 9d3449bbc6..0000000000 --- a/modules/Microsoft.Network/virtualHubs/readme.md +++ /dev/null @@ -1,252 +0,0 @@ -# Virtual Hubs `[Microsoft.Network/virtualHubs]` - -This module deploys a Virtual Hub. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Network/virtualHubs` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs) | -| `Microsoft.Network/virtualHubs/hubRouteTables` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubRouteTables) | -| `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualHubs/hubVirtualNetworkConnections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefix` | string | Address-prefix for this VirtualHub. | -| `name` | string | The virtual hub name. | -| `virtualWanId` | string | Resource ID of the virtual WAN to link to. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBranchToBranchTraffic` | bool | `True` | | Flag to control transit for VirtualRouter hub. | -| `azureFirewallId` | string | `''` | | Resource ID of the Azure Firewall to link to. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `expressRouteGatewayId` | string | `''` | | Resource ID of the Express Route Gateway to link to. | -| `hubRouteTables` | _[hubRouteTables](hubRouteTables/readme.md)_ array | `[]` | | Route tables to create for the virtual hub. | -| `hubVirtualNetworkConnections` | _[hubVirtualNetworkConnections](hubVirtualNetworkConnections/readme.md)_ array | `[]` | | Virtual network connections to create for the virtual hub. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `p2SVpnGatewayId` | string | `''` | | Resource ID of the Point-to-Site VPN Gateway to link to. | -| `preferredRoutingGateway` | string | `''` | `[ExpressRoute, None, VpnGateway, ]` | The preferred routing gateway types. | -| `routeTableRoutes` | array | `[]` | | VirtualHub route tables. | -| `securityPartnerProviderId` | string | `''` | | ID of the Security Partner Provider to link to. | -| `securityProviderName` | string | `''` | | The Security Provider name. | -| `sku` | string | `'Standard'` | `[Basic, Standard]` | The sku of this VirtualHub. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualHubRouteTableV2s` | array | `[]` | | List of all virtual hub route table v2s associated with this VirtualHub. | -| `virtualRouterAsn` | int | `-1` | | VirtualRouter ASN. | -| `virtualRouterIps` | array | `[]` | | VirtualRouter IPs. | -| `vpnGatewayId` | string | `''` | | Resource ID of the VPN Gateway to link to. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual hub. | -| `resourceGroupName` | string | The resource group the virtual hub was deployed into. | -| `resourceId` | string | The resource ID of the virtual hub. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vhub-min-001" - }, - "addressPrefix": { - "value": "10.0.0.0/16" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualHubs' - params: { - name: '<>-az-vhub-min-001' - addressPrefix: '10.0.0.0/16' - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vhub-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefix": { - "value": "10.1.0.0/16" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001" - }, - "hubRouteTables": { - "value": [ - { - "name": "routeTable1" - } - ] - }, - "hubVirtualNetworkConnections": { - "value": [ - { - "name": "connection1", - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-vhub", - "routingConfiguration": { - "associatedRouteTable": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1" - }, - "propagatedRouteTables": { - "ids": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1" - } - ], - "labels": [ - "none" - ] - } - } - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualHubs './Microsoft.Network/virtualHubs/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualHubs' - params: { - name: '<>-az-vhub-x-001' - lock: 'CanNotDelete' - addressPrefix: '10.1.0.0/16' - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/adp-<>-az-vw-x-001' - hubRouteTables: [ - { - name: 'routeTable1' - } - ] - hubVirtualNetworkConnections: [ - { - name: 'connection1' - remoteVirtualNetworkId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-vhub' - routingConfiguration: { - associatedRouteTable: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1' - } - propagatedRouteTables: { - ids: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vHub-x-001/hubRouteTables/routeTable1' - } - ] - labels: [ - 'none' - ] - } - } - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/virtualHubs/version.json b/modules/Microsoft.Network/virtualHubs/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualHubs/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b9a18dde5a..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(virtualNetworkGateway.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: virtualNetworkGateway -}] diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json deleted file mode 100644 index 3de5a1f41f..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/expressRoute.parameters.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-er-001" - }, - "gatewayPipName": { - "value": "<>-az-gw-er-001-pip" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-er-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "ExpressRoute" - }, - "virtualNetworkGatewaySku": { - "value": "ErGw1AZ" - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "tags": { - "value": { - "Environment": "Validation", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "", - "CostCenter": "", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json b/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json deleted file mode 100644 index cf037dc7e9..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/.deploymentTests/vpn.parameters.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-vpn-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-vpn-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "Vpn" - }, - "virtualNetworkGatewaySku": { - "value": "VpnGw1AZ" - }, - "publicIpZones": { - "value": [ - "1" - ] - }, - "vpnType": { - "value": "RouteBased" - }, - "activeActive": { - "value": true - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep deleted file mode 100644 index b51bbf4793..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ /dev/null @@ -1,411 +0,0 @@ -@description('Required. Specifies the Virtual Network Gateway name.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Specifies the name of the Public IP used by the Virtual Network Gateway. If it\'s not provided, a \'-pip\' suffix will be appended to the gateway\'s name.') -param gatewayPipName string = '${name}-pip1' - -@description('Optional. Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it\'s not provided, a \'-pip\' suffix will be appended to the gateway\'s name.') -param activeGatewayPipName string = '${name}-pip2' - -@description('Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix.') -param publicIPPrefixResourceId string = '' - -@description('Optional. Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones.') -param publicIpZones array = [] - -@description('Optional. DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com.') -param domainNameLabel array = [] - -@description('Required. Specifies the gateway type. E.g. VPN, ExpressRoute.') -@allowed([ - 'Vpn' - 'ExpressRoute' -]) -param virtualNetworkGatewayType string - -@description('Required. The Sku of the Gateway.') -@allowed([ - 'Basic' - 'VpnGw1' - 'VpnGw2' - 'VpnGw3' - 'VpnGw1AZ' - 'VpnGw2AZ' - 'VpnGw3AZ' - 'Standard' - 'HighPerformance' - 'UltraPerformance' - 'ErGw1AZ' - 'ErGw2AZ' - 'ErGw3AZ' -]) -param virtualNetworkGatewaySku string - -@description('Required. Specifies the VPN type.') -@allowed([ - 'PolicyBased' - 'RouteBased' -]) -param vpnType string = 'RouteBased' - -@description('Required. Virtual Network resource ID.') -param vNetResourceId string - -@description('Optional. Value to specify if the Gateway should be deployed in active-active or active-passive configuration.') -param activeActive bool = true - -@description('Optional. Value to specify if BGP is enabled or not.') -param enableBgp bool = true - -@description('Optional. ASN value.') -param asn int = 65815 - -@description('Optional. The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network.') -param vpnClientAddressPoolPrefix string = '' - -@description('Optional. Client root certificate data used to authenticate VPN clients.') -param clientRootCertData string = '' - -@description('Optional. Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet.') -param clientRevokedCertThumbprint string = '' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -]) -param publicIpdiagnosticLogCategoriesToEnable array = [ - 'DDoSProtectionNotifications' - 'DDoSMitigationFlowLogs' - 'DDoSMitigationReports' -] - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'GatewayDiagnosticLog' - 'TunnelDiagnosticLog' - 'RouteDiagnosticLog' - 'IKEDiagnosticLog' - 'P2SDiagnosticLog' -]) -param virtualNetworkGatewaydiagnosticLogCategoriesToEnable array = [ - 'GatewayDiagnosticLog' - 'TunnelDiagnosticLog' - 'RouteDiagnosticLog' - 'IKEDiagnosticLog' - 'P2SDiagnosticLog' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param virtualNetworkGatewayDiagnosticSettingsName string = '${name}-diagnosticSettings' - -@description('Optional. The name of the diagnostic setting, if deployed.') -param publicIpDiagnosticSettingsName string = 'diagnosticSettings' - -// ================// -// Variables // -// ================// - -// Diagnostic Variables -var virtualNetworkGatewayDiagnosticsLogs = [for category in virtualNetworkGatewaydiagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var publicIpDiagnosticsLogs = [for category in publicIpdiagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -// Other Variables -var zoneRedundantSkus = [ - 'VpnGw1AZ' - 'VpnGw2AZ' - 'VpnGw3AZ' - 'VpnGw4AZ' - 'VpnGw5AZ' - 'ErGw1AZ' - 'ErGw2AZ' - 'ErGw3AZ' -] -var gatewayPipSku = contains(zoneRedundantSkus, virtualNetworkGatewaySku) ? 'Standard' : 'Basic' -var gatewayPipAllocationMethod = contains(zoneRedundantSkus, virtualNetworkGatewaySku) ? 'Static' : 'Dynamic' - -var isActiveActiveValid = virtualNetworkGatewayType != 'ExpressRoute' ? activeActive : false -var virtualGatewayPipName_var = isActiveActiveValid ? [ - gatewayPipName - activeGatewayPipName -] : [ - gatewayPipName -] - -var vpnType_var = virtualNetworkGatewayType != 'ExpressRoute' ? vpnType : 'PolicyBased' - -var isBgpValid = virtualNetworkGatewayType != 'ExpressRoute' ? enableBgp : false -var bgpSettings = { - asn: asn -} - -// Potential configurations (active-active vs active-passive) -var ipConfiguration = isActiveActiveValid ? [ - { - properties: { - privateIPAllocationMethod: 'Dynamic' - subnet: { - id: '${vNetResourceId}/subnets/GatewaySubnet' - } - publicIPAddress: { - id: az.resourceId('Microsoft.Network/publicIPAddresses', gatewayPipName) - } - } - name: 'vNetGatewayConfig1' - } - { - properties: { - privateIPAllocationMethod: 'Dynamic' - subnet: { - id: '${vNetResourceId}/subnets/GatewaySubnet' - } - publicIPAddress: { - id: isActiveActiveValid ? az.resourceId('Microsoft.Network/publicIPAddresses', activeGatewayPipName) : az.resourceId('Microsoft.Network/publicIPAddresses', gatewayPipName) - } - } - name: 'vNetGatewayConfig2' - } -] : [ - { - properties: { - privateIPAllocationMethod: 'Dynamic' - subnet: { - id: '${vNetResourceId}/subnets/GatewaySubnet' - } - publicIPAddress: { - id: az.resourceId('Microsoft.Network/publicIPAddresses', gatewayPipName) - } - } - name: 'vNetGatewayConfig1' - } -] - -var vpnClientConfiguration = { - vpnClientAddressPool: { - addressPrefixes: [ - vpnClientAddressPoolPrefix - ] - } - vpnClientRootCertificates: !empty(clientRootCertData) ? [ - { - name: 'RootCert1' - properties: { - PublicCertData: clientRootCertData - } - } - ] : null - vpnClientRevokedCertificates: !empty(clientRevokedCertThumbprint) ? [ - { - name: 'RevokedCert1' - properties: { - Thumbprint: clientRevokedCertThumbprint - } - } - ] : null -} - -// ================// -// Deployments // -// ================// -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -// Public IPs -@batchSize(1) -resource virtualGatewayPublicIP 'Microsoft.Network/publicIPAddresses@2021-05-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: { - name: virtualGatewayPublicIpName - location: location - tags: tags - sku: { - name: gatewayPipSku - } - properties: { - publicIPAllocationMethod: gatewayPipAllocationMethod - publicIPPrefix: !empty(publicIPPrefixResourceId) ? { - id: publicIPPrefixResourceId - } : null - dnsSettings: length(virtualGatewayPipName_var) == length(domainNameLabel) ? { - domainNameLabel: domainNameLabel[index] - } : null - } - zones: contains(zoneRedundantSkus, virtualNetworkGatewaySku) ? publicIpZones : null -}] - -@batchSize(1) -resource virtualGatewayPublicIP_lock 'Microsoft.Authorization/locks@2017-04-01' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if (!empty(lock)) { - name: '${virtualGatewayPublicIpName}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualGatewayPublicIP[index] -}] - -@batchSize(1) -resource virtualNetworkGatewayPublicIp_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = [for (virtualGatewayPublicIpName, index) in virtualGatewayPipName_var: if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: '${virtualGatewayPublicIP[index].name}-${publicIpDiagnosticSettingsName}' - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: publicIpDiagnosticsLogs - } - scope: virtualGatewayPublicIP[index] -}] - -// VNET Gateway -// ============ -resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - ipConfigurations: ipConfiguration - activeActive: isActiveActiveValid - enableBgp: isBgpValid - bgpSettings: isBgpValid ? bgpSettings : null - sku: { - name: virtualNetworkGatewaySku - tier: virtualNetworkGatewaySku - } - gatewayType: virtualNetworkGatewayType - vpnType: vpnType_var - vpnClientConfiguration: !empty(vpnClientAddressPoolPrefix) ? vpnClientConfiguration : null - } - dependsOn: [ - virtualGatewayPublicIP - ] -} - -resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${virtualNetworkGateway.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualNetworkGateway -} - -resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: virtualNetworkGatewayDiagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: virtualNetworkGatewayDiagnosticsLogs - } - scope: virtualNetworkGateway -} - -module virtualNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-VNetGateway-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: virtualNetworkGateway.id - } -}] - -// ================// -// Outputs // -// ================// -@description('The resource group the virtual network gateway was deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the virtual network gateway.') -output name string = virtualNetworkGateway.name - -@description('The resource ID of the virtual network gateway.') -output resourceId string = virtualNetworkGateway.id - -@description('Shows if the virtual network gateway is configured in active-active mode.') -output activeActive bool = virtualNetworkGateway.properties.activeActive - -@description('The location the resource was deployed into.') -output location string = virtualNetworkGateway.location diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md deleted file mode 100644 index 7324b614d0..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ /dev/null @@ -1,471 +0,0 @@ -# Virtual Network Gateways `[Microsoft.Network/virtualNetworkGateways]` - -This module deploys a virtual network gateway. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | -| `Microsoft.Network/virtualNetworkGateways` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworkGateways) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `name` | string | | | Specifies the Virtual Network Gateway name. | -| `virtualNetworkGatewaySku` | string | | `[Basic, VpnGw1, VpnGw2, VpnGw3, VpnGw1AZ, VpnGw2AZ, VpnGw3AZ, Standard, HighPerformance, UltraPerformance, ErGw1AZ, ErGw2AZ, ErGw3AZ]` | The Sku of the Gateway. | -| `virtualNetworkGatewayType` | string | | `[Vpn, ExpressRoute]` | Specifies the gateway type. E.g. VPN, ExpressRoute. | -| `vNetResourceId` | string | | | Virtual Network resource ID. | -| `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeActive` | bool | `True` | | Value to specify if the Gateway should be deployed in active-active or active-passive configuration. | -| `activeGatewayPipName` | string | `[format('{0}-pip2', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | -| `asn` | int | `65815` | | ASN value. | -| `clientRevokedCertThumbprint` | string | `''` | | Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. | -| `clientRootCertData` | string | `''` | | Client root certificate data used to authenticate VPN clients. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainNameLabel` | array | `[]` | | DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. | -| `enableBgp` | bool | `True` | | Value to specify if BGP is enabled or not. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `gatewayPipName` | string | `[format('{0}-pip1', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicIpdiagnosticLogCategoriesToEnable` | array | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | `[DDoSProtectionNotifications, DDoSMitigationFlowLogs, DDoSMitigationReports]` | The name of logs that will be streamed. | -| `publicIpDiagnosticSettingsName` | string | `'diagnosticSettings'` | | The name of the diagnostic setting, if deployed. | -| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. | -| `publicIpZones` | array | `[]` | | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` | array | `[GatewayDiagnosticLog, TunnelDiagnosticLog, RouteDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog]` | `[GatewayDiagnosticLog, TunnelDiagnosticLog, RouteDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog]` | The name of logs that will be streamed. | -| `virtualNetworkGatewayDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `vpnClientAddressPoolPrefix` | string | `''` | | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. | - - -### Parameter Usage: `subnets` - -The `subnets` parameter accepts a JSON Array of `subnet` objects to deploy to the Virtual Network. - -Here's an example of specifying a couple Subnets to deploy: - -

- -Parameter JSON format - -```json -"subnets": { - "value": [ - { - "name": "app", - "properties": { - "addressPrefix": "10.1.0.0/24", - "networkSecurityGroup": { - "id": "[resourceId('Microsoft.Network/networkSecurityGroups', 'app-nsg')]" - }, - "routeTable": { - "id": "[resourceId('Microsoft.Network/routeTables', 'app-udr')]" - } - } - }, - { - "name": "data", - "properties": { - "addressPrefix": "10.1.1.0/24" - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -subnets: [ - { - name: 'app' - properties: { - addressPrefix: '10.1.0.0/24' - networkSecurityGroup: { - id: '[resourceId('Microsoft.Network/networkSecurityGroups' 'app-nsg')]' - } - routeTable: { - id: '[resourceId('Microsoft.Network/routeTables' 'app-udr')]' - } - } - } - { - name: 'data' - properties: { - addressPrefix: '10.1.1.0/24' - } - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `activeActive` | bool | Shows if the virtual network gateway is configured in active-active mode. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual network gateway. | -| `resourceGroupName` | string | The resource group the virtual network gateway was deployed. | -| `resourceId` | string | The resource ID of the virtual network gateway. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-er-001" - }, - "gatewayPipName": { - "value": "<>-az-gw-er-001-pip" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-er-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "ExpressRoute" - }, - "virtualNetworkGatewaySku": { - "value": "ErGw1AZ" - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "tags": { - "value": { - "Environment": "Validation", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "", - "CostCenter": "", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworkGateways' - params: { - name: '<>-az-gw-er-001' - gatewayPipName: '<>-az-gw-er-001-pip' - domainNameLabel: [ - '<>-az-gw-er-dm-001' - ] - virtualNetworkGatewayType: 'ExpressRoute' - virtualNetworkGatewaySku: 'ErGw1AZ' - vNetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' - tags: { - Environment: 'Validation' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '' - CostCenter: '' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-gw-vpn-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "domainNameLabel": { - "value": [ - "<>-az-gw-vpn-dm-001" - ] - }, - "virtualNetworkGatewayType": { - "value": "Vpn" - }, - "virtualNetworkGatewaySku": { - "value": "VpnGw1AZ" - }, - "publicIpZones": { - "value": [ - "1" - ] - }, - "vpnType": { - "value": "RouteBased" - }, - "activeActive": { - "value": true - }, - "vNetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworkGateways './Microsoft.Network/virtualNetworkGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworkGateways' - params: { - name: '<>-az-gw-vpn-001' - lock: 'CanNotDelete' - domainNameLabel: [ - '<>-az-gw-vpn-dm-001' - ] - virtualNetworkGatewayType: 'Vpn' - virtualNetworkGatewaySku: 'VpnGw1AZ' - publicIpZones: [ - '1' - ] - vpnType: 'RouteBased' - activeActive: true - vNetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/virtualNetworkGateways/version.json b/modules/Microsoft.Network/virtualNetworkGateways/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualNetworkGateways/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index ed41068198..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,70 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(virtualNetwork.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: virtualNetwork -}] diff --git a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json deleted file mode 100644 index 2d50642770..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json deleted file mode 100644 index 6cb5292ceb..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/parameters.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001" - }, - { - "name": "<>-az-subnet-x-002", - "addressPrefix": "10.0.3.0/24", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ] - }, - { - "name": "<>-az-subnet-x-003", - "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] - }, - "dnsServers": { - "value": [ - "10.0.1.4", - "10.0.1.5" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json b/modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json deleted file mode 100644 index f8faae3175..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/.deploymentTests/vnetPeering.parameters.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-peer-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/24" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.0.0/26" - } - ] - }, - "virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualNetworks/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/deploy.bicep deleted file mode 100644 index 8788f56ae6..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/deploy.bicep +++ /dev/null @@ -1,265 +0,0 @@ -@description('Required. The Virtual Network (vNet) Name.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. An Array of 1 or more IP Address Prefixes for the Virtual Network.') -param addressPrefixes array - -@description('Optional. An Array of subnets to deploy to the Virtual Network.') -param subnets array = [] - -@description('Optional. DNS Servers associated to the Virtual Network.') -param dnsServers array = [] - -@description('Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it\'s left blank, DDoS protection will not be configured. If it\'s provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription.') -param ddosProtectionPlanId string = '' - -@description('Optional. Virtual Network Peerings configurations.') -param virtualNetworkPeerings array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'VMProtectionAlerts' -]) -param diagnosticLogCategoriesToEnable array = [ - 'VMProtectionAlerts' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var dnsServers_var = { - dnsServers: array(dnsServers) -} - -var ddosProtectionPlan = { - id: ddosProtectionPlanId -} - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - addressSpace: { - addressPrefixes: addressPrefixes - } - ddosProtectionPlan: !empty(ddosProtectionPlanId) ? ddosProtectionPlan : null - dhcpOptions: !empty(dnsServers) ? dnsServers_var : null - enableDdosProtection: !empty(ddosProtectionPlanId) - subnets: [for subnet in subnets: { - name: subnet.name - properties: { - addressPrefix: subnet.addressPrefix - addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] - applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] - delegations: contains(subnet, 'delegations') ? subnet.delegations : [] - ipAllocations: contains(subnet, 'ipAllocations') ? subnet.ipAllocations : [] - natGateway: contains(subnet, 'natGatewayId') ? { - 'id': subnet.natGatewayId - } : json('null') - networkSecurityGroup: contains(subnet, 'networkSecurityGroupId') ? { - 'id': subnet.networkSecurityGroupId - } : json('null') - privateEndpointNetworkPolicies: contains(subnet, 'privateEndpointNetworkPolicies') ? subnet.privateEndpointNetworkPolicies : null - privateLinkServiceNetworkPolicies: contains(subnet, 'privateLinkServiceNetworkPolicies') ? subnet.privateLinkServiceNetworkPolicies : null - routeTable: contains(subnet, 'routeTableId') ? { - 'id': subnet.routeTableId - } : json('null') - serviceEndpoints: contains(subnet, 'serviceEndpoints') ? subnet.serviceEndpoints : [] - serviceEndpointPolicies: contains(subnet, 'serviceEndpointPolicies') ? subnet.serviceEndpointPolicies : [] - } - }] - } -} - -//NOTE Start: ------------------------------------ -// The below module (virtualNetwork_subnets) is a duplicate of the child resource (subnets) defined in the parent module (virtualNetwork). -// The reason it exists so that deployment validation tests can be performed on the child module (subnets), in case that module needed to be deployed alone outside of this template. -// The reason for duplication is due to the current design for the (virtualNetworks) resource from Azure, where if the child module (subnets) does not exist within it, causes -// an issue, where the child resource (subnets) gets all of its properties removed, hence not as 'idempotent' as it should be. See https://github.com/Azure/azure-quickstart-templates/issues/2786 for more details. -// You can safely remove the below child module (virtualNetwork_subnets) in your consumption of the module (virtualNetworks) to reduce the template size and duplication. -//NOTE End : ------------------------------------ - -module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in subnets: { - name: '${uniqueString(deployment().name, location)}-subnet-${index}' - params: { - virtualNetworkName: virtualNetwork.name - name: subnet.name - addressPrefix: subnet.addressPrefix - addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] - applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] - delegations: contains(subnet, 'delegations') ? subnet.delegations : [] - ipAllocations: contains(subnet, 'ipAllocations') ? subnet.ipAllocations : [] - natGatewayId: contains(subnet, 'natGatewayId') ? subnet.natGatewayId : '' - networkSecurityGroupId: contains(subnet, 'networkSecurityGroupId') ? subnet.networkSecurityGroupId : '' - privateEndpointNetworkPolicies: contains(subnet, 'privateEndpointNetworkPolicies') ? subnet.privateEndpointNetworkPolicies : '' - privateLinkServiceNetworkPolicies: contains(subnet, 'privateLinkServiceNetworkPolicies') ? subnet.privateLinkServiceNetworkPolicies : '' - roleAssignments: contains(subnet, 'roleAssignments') ? subnet.roleAssignments : [] - routeTableId: contains(subnet, 'routeTableId') ? subnet.routeTableId : '' - serviceEndpointPolicies: contains(subnet, 'serviceEndpointPolicies') ? subnet.serviceEndpointPolicies : [] - serviceEndpoints: contains(subnet, 'serviceEndpoints') ? subnet.serviceEndpoints : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -// Local to Remote peering -module virtualNetwork_peering_local 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: { - name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-local-${index}' - params: { - localVnetName: virtualNetwork.name - remoteVirtualNetworkId: peering.remoteVirtualNetworkId - name: contains(peering, 'name') ? peering.name : '${name}-${last(split(peering.remoteVirtualNetworkId, '/'))}' - allowForwardedTraffic: contains(peering, 'allowForwardedTraffic') ? peering.allowForwardedTraffic : true - allowGatewayTransit: contains(peering, 'allowGatewayTransit') ? peering.allowGatewayTransit : false - allowVirtualNetworkAccess: contains(peering, 'allowVirtualNetworkAccess') ? peering.allowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(peering, 'doNotVerifyRemoteGateways') ? peering.doNotVerifyRemoteGateways : true - useRemoteGateways: contains(peering, 'useRemoteGateways') ? peering.useRemoteGateways : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -// Remote to local peering (reverse) -module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: if (contains(peering, 'remotePeeringEnabled') ? peering.remotePeeringEnabled == true : false) { - name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-remote-${index}' - scope: resourceGroup(split(peering.remoteVirtualNetworkId, '/')[2], split(peering.remoteVirtualNetworkId, '/')[4]) - params: { - localVnetName: last(split(peering.remoteVirtualNetworkId, '/')) - remoteVirtualNetworkId: virtualNetwork.id - name: contains(peering, 'remotePeeringName') ? peering.remotePeeringName : '${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}' - allowForwardedTraffic: contains(peering, 'remotePeeringAllowForwardedTraffic') ? peering.remotePeeringAllowForwardedTraffic : true - allowGatewayTransit: contains(peering, 'remotePeeringAllowGatewayTransit') ? peering.remotePeeringAllowGatewayTransit : false - allowVirtualNetworkAccess: contains(peering, 'remotePeeringAllowVirtualNetworkAccess') ? peering.remotePeeringAllowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(peering, 'remotePeeringDoNotVerifyRemoteGateways') ? peering.remotePeeringDoNotVerifyRemoteGateways : true - useRemoteGateways: contains(peering, 'remotePeeringUseRemoteGateways') ? peering.remotePeeringUseRemoteGateways : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${virtualNetwork.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualNetwork -} - -resource virtualNetwork_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: virtualNetwork -} - -module virtualNetwork_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-VNet-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: virtualNetwork.id - } -}] - -@description('The resource group the virtual network was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the virtual network.') -output resourceId string = virtualNetwork.id - -@description('The name of the virtual network.') -output name string = virtualNetwork.name - -@description('The names of the deployed subnets.') -output subnetNames array = [for subnet in subnets: subnet.name] - -@description('The resource IDs of the deployed subnets.') -output subnetResourceIds array = [for subnet in subnets: az.resourceId('Microsoft.Network/virtualNetworks/subnets', name, subnet.name)] - -@description('The location the resource was deployed into.') -output location string = virtualNetwork.location diff --git a/modules/Microsoft.Network/virtualNetworks/readme.md b/modules/Microsoft.Network/virtualNetworks/readme.md deleted file mode 100644 index 9e5d73bf64..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/readme.md +++ /dev/null @@ -1,689 +0,0 @@ -# Virtual Networks `[Microsoft.Network/virtualNetworks]` - -This template deploys a virtual network (vNet). - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Considerations](#Considerations) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/virtualNetworks` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks) | -| `Microsoft.Network/virtualNetworks/subnets` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/subnets) | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/virtualNetworkPeerings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefixes` | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. | -| `name` | string | The Virtual Network (vNet) Name. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `ddosProtectionPlanId` | string | `''` | | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[VMProtectionAlerts]` | `[VMProtectionAlerts]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsServers` | array | `[]` | | DNS Servers associated to the Virtual Network. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `subnets` | _[subnets](subnets/readme.md)_ array | `[]` | | An Array of subnets to deploy to the Virtual Network. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Virtual Network Peerings configurations. | - - -### Parameter Usage: `subnets` - -Below you can find an example for the subnet property's usage. For all remaining properties, please refer to the _[subnets](subnets/readme.md)_ readme. - -

- -Template JSON format - -```json -"subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.255.0/24' - } - { - name: '<>-az-subnet-x-001' - addressPrefix: '10.0.0.0/24' - networkSecurityGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - { - service: 'Microsoft.Sql' - } - ] - routeTableId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001' - delegations: [ - { - name: 'netappDel' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - } - ] - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Enabled' - } -] -``` - -
-

- -### Parameter Usage: `virtualNetworkPeerings` - -As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following ***additional*** properties on top of what is documented in _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_. - -| Parameter Name | Type | Default Value | Possible Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | -| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | -| `remotePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | -| `remotePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | -| `remotePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | -| `remotePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | -| `remotePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | - -

- -Parameter JSON format - -```json -"virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -virtualNetworkPeerings: [ - { - remoteVirtualNetworkId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01' - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: 'customName' - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringAllowForwardedTraffic: true - } -] -``` - -
-

- -### Parameter Usage: `addressPrefixes` - -The `addressPrefixes` parameter accepts a JSON Array of string values containing the IP Address Prefixes for the Virtual Network (vNet). - -Here's an example of specifying a single Address Prefix: - - -

- -Parameter JSON format - -```json -"addressPrefixes": { - "value": [ - "10.1.0.0/16" - ] -} -``` - -
- -
- -Bicep format - -```bicep -addressPrefixes: [ - '10.1.0.0/16' -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Considerations - -The network security group and route table resources must reside in the same resource group as the virtual network. - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual network. | -| `resourceGroupName` | string | The resource group the virtual network was deployed into. | -| `resourceId` | string | The resource ID of the virtual network. | -| `subnetNames` | array | The names of the deployed subnets. | -| `subnetResourceIds` | array | The resource IDs of the deployed subnets. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-min-001' - addressPrefixes: [ - '10.0.0.0/16' - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001" - }, - { - "name": "<>-az-subnet-x-002", - "addressPrefix": "10.0.3.0/24", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ] - }, - { - "name": "<>-az-subnet-x-003", - "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] - }, - "dnsServers": { - "value": [ - "10.0.1.4", - "10.0.1.5" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-x-001' - lock: 'CanNotDelete' - addressPrefixes: [ - '10.0.0.0/16' - ] - subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.255.0/24' - } - { - name: '<>-az-subnet-x-001' - addressPrefix: '10.0.0.0/24' - networkSecurityGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - { - service: 'Microsoft.Sql' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - routeTableId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001' - } - { - name: '<>-az-subnet-x-002' - addressPrefix: '10.0.3.0/24' - delegations: [ - { - name: 'netappDel' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - } - ] - } - { - name: '<>-az-subnet-x-003' - addressPrefix: '10.0.6.0/24' - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Enabled' - } - ] - dnsServers: [ - '10.0.1.4' - '10.0.1.5' - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-peer-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/24" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.0.0/26" - } - ] - }, - "virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-peer-001' - addressPrefixes: [ - '10.0.0.0/24' - ] - subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.0.0/26' - } - ] - virtualNetworkPeerings: [ - { - remoteVirtualNetworkId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01' - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: 'customName' - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringAllowForwardedTraffic: true - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 36751d8e3a..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,70 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(subnet.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: subnet -}] diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep deleted file mode 100644 index 481ff70914..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ /dev/null @@ -1,124 +0,0 @@ -@description('Optional. The Name of the subnet resource.') -param name string - -@description('Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment.') -param virtualNetworkName string - -@description('Required. The address prefix for the subnet.') -param addressPrefix string - -@description('Optional. The resource ID of the network security group to assign to the subnet.') -param networkSecurityGroupId string = '' - -@description('Optional. The resource ID of the route table to assign to the subnet.') -param routeTableId string = '' - -@description('Optional. The service endpoints to enable on the subnet.') -param serviceEndpoints array = [] - -@description('Optional. The delegations to enable on the subnet.') -param delegations array = [] - -@description('Optional. The resource ID of the NAT Gateway to use for the subnet.') -param natGatewayId string = '' - -@description('Optional. enable or disable apply network policies on private endpoint in the subnet.') -@allowed([ - 'Disabled' - 'Enabled' - '' -]) -param privateEndpointNetworkPolicies string = '' - -@description('Optional. enable or disable apply network policies on private link service in the subnet.') -@allowed([ - 'Disabled' - 'Enabled' - '' -]) -param privateLinkServiceNetworkPolicies string = '' - -@description('Optional. List of address prefixes for the subnet.') -param addressPrefixes array = [] - -@description('Optional. Application gateway IP configurations of virtual network resource.') -param applicationGatewayIpConfigurations array = [] - -@description('Optional. Array of IpAllocation which reference this subnet.') -param ipAllocations array = [] - -@description('Optional. An array of service endpoint policies.') -param serviceEndpointPolicies array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: virtualNetworkName -} - -resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = { - name: name - parent: virtualNetwork - properties: { - addressPrefix: addressPrefix - networkSecurityGroup: !empty(networkSecurityGroupId) ? { - id: networkSecurityGroupId - } : null - routeTable: !empty(routeTableId) ? { - id: routeTableId - } : null - natGateway: !empty(natGatewayId) ? { - id: natGatewayId - } : null - serviceEndpoints: serviceEndpoints - delegations: delegations - privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null - privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies) ? any(privateLinkServiceNetworkPolicies) : null - addressPrefixes: addressPrefixes - applicationGatewayIpConfigurations: applicationGatewayIpConfigurations - ipAllocations: ipAllocations - serviceEndpointPolicies: serviceEndpointPolicies - } -} - -module subnet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, subnet.id)}-Subnet-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: subnet.id - } -}] - -@description('The resource group the virtual network peering was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the virtual network peering.') -output name string = subnet.name - -@description('The resource ID of the virtual network peering.') -output resourceId string = subnet.id - -@description('The address prefix for the subnet.') -output subnetAddressPrefix string = subnet.properties.addressPrefix - -@description('List of address prefixes for the subnet.') -output subnetAddressPrefixes array = !empty(addressPrefixes) ? subnet.properties.addressPrefixes : [] diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/readme.md b/modules/Microsoft.Network/virtualNetworks/subnets/readme.md deleted file mode 100644 index d399554d64..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/subnets/readme.md +++ /dev/null @@ -1,192 +0,0 @@ -# Virtual Network Subnets `[Microsoft.Network/virtualNetworks/subnets]` - -This module deploys a virtual network subnet. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Considerations](#Considerations) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/virtualNetworks/subnets` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/subnets) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefix` | string | The address prefix for the subnet. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualNetworkName` | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addressPrefixes` | array | `[]` | | List of address prefixes for the subnet. | -| `applicationGatewayIpConfigurations` | array | `[]` | | Application gateway IP configurations of virtual network resource. | -| `delegations` | array | `[]` | | The delegations to enable on the subnet. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipAllocations` | array | `[]` | | Array of IpAllocation which reference this subnet. | -| `name` | string | | | The Name of the subnet resource. | -| `natGatewayId` | string | `''` | | The resource ID of the NAT Gateway to use for the subnet. | -| `networkSecurityGroupId` | string | `''` | | The resource ID of the network security group to assign to the subnet. | -| `privateEndpointNetworkPolicies` | string | `''` | `[Disabled, Enabled, ]` | enable or disable apply network policies on private endpoint in the subnet. | -| `privateLinkServiceNetworkPolicies` | string | `''` | `[Disabled, Enabled, ]` | enable or disable apply network policies on private link service in the subnet. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routeTableId` | string | `''` | | The resource ID of the route table to assign to the subnet. | -| `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. | -| `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. | - - -### Parameter Usage: `delegations` - -

- -Parameter JSON format - -```json -"delegations": [ - { - "name": "sqlMiDel", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } -] -``` - -
- -
- -Bicep format - -```bicep -delegations: [ - { - name: 'sqlMiDel' - properties: { - serviceName: 'Microsoft.Sql/managedInstances' - } - } -] -``` - -
-

- -### Parameter Usage: `serviceEndpoints` - -

- -Parameter JSON format - -```json -"serviceEndpoints": [ - "Microsoft.EventHub", - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" -] -``` - -
- - -
- -Bicep format - -```bicep -serviceEndpoints: [ - 'Microsoft.EventHub' - 'Microsoft.Sql' - 'Microsoft.Storage' - 'Microsoft.KeyVault' -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Considerations - -The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | -| `subnetAddressPrefix` | string | The address prefix for the subnet. | -| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/version.json b/modules/Microsoft.Network/virtualNetworks/subnets/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/subnets/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualNetworks/version.json b/modules/Microsoft.Network/virtualNetworks/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep deleted file mode 100644 index 2b03c2c930..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName.') -param name string = '${localVnetName}-${last(split(remoteVirtualNetworkId, '/'))}' - -@description('Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment.') -param localVnetName string - -@description('Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID.') -param remoteVirtualNetworkId string - -@description('Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true.') -param allowForwardedTraffic bool = true - -@description('Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false.') -param allowGatewayTransit bool = false - -@description('Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true.') -param allowVirtualNetworkAccess bool = true - -@description('Optional. If we need to verify the provisioning state of the remote gateway. Default is true.') -param doNotVerifyRemoteGateways bool = true - -@description('Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false.') -param useRemoteGateways bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: localVnetName -} - -resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-05-01' = { - name: name - parent: virtualNetwork - properties: { - allowForwardedTraffic: allowForwardedTraffic - allowGatewayTransit: allowGatewayTransit - allowVirtualNetworkAccess: allowVirtualNetworkAccess - doNotVerifyRemoteGateways: doNotVerifyRemoteGateways - useRemoteGateways: useRemoteGateways - remoteVirtualNetwork: { - id: remoteVirtualNetworkId - } - } -} - -@description('The resource group the virtual network peering was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the virtual network peering.') -output name string = virtualNetworkPeering.name - -@description('The resource ID of the virtual network peering.') -output resourceId string = virtualNetworkPeering.id diff --git a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md deleted file mode 100644 index cc666c6e36..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md +++ /dev/null @@ -1,54 +0,0 @@ -# VirtualNetworkPeering `[Microsoft.Network/virtualNetworks/virtualNetworkPeerings]` - -This template deploys Virtual Network Peering. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/virtualNetworkPeerings) | - -### Resource dependency - -The following resources are required to be able to deploy this resource. - -- Local Virtual Network (Identified by the `localVnetName` parameter). -- Remote Virtual Network (Identified by the `remoteVirtualNetworkId` parameter) - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `remoteVirtualNetworkId` | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `localVnetName` | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowForwardedTraffic` | bool | `True` | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. | -| `allowGatewayTransit` | bool | `False` | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. | -| `allowVirtualNetworkAccess` | bool | `True` | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. | -| `doNotVerifyRemoteGateways` | bool | `True` | If we need to verify the provisioning state of the remote gateway. Default is true. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. | -| `useRemoteGateways` | bool | `False` | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | diff --git a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json b/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index d5b4eb8c6b..0000000000 --- a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(virtualWan.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: virtualWan -}] diff --git a/modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json deleted file mode 100644 index badddffd7e..0000000000 --- a/modules/Microsoft.Network/virtualWans/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vw-min-001" - } - } -} diff --git a/modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json b/modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json deleted file mode 100644 index 15f8aa96f5..0000000000 --- a/modules/Microsoft.Network/virtualWans/.deploymentTests/parameters.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "type": { - "value": "Basic" - }, - "allowBranchToBranchTraffic": { - "value": true - }, - "allowVnetToVnetTraffic": { - "value": true - }, - "disableVpnEncryption": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/virtualWans/deploy.bicep b/modules/Microsoft.Network/virtualWans/deploy.bicep deleted file mode 100644 index 55b2d69b2c..0000000000 --- a/modules/Microsoft.Network/virtualWans/deploy.bicep +++ /dev/null @@ -1,94 +0,0 @@ -@description('Optional. Location where all resources will be created.') -param location string = resourceGroup().location - -@description('Required. Name of the Virtual WAN.') -param name string - -@description('Optional. The type of the Virtual WAN.') -@allowed([ - 'Standard' - 'Basic' -]) -param type string = 'Standard' - -@description('Optional. True if branch to branch traffic is allowed.') -param allowBranchToBranchTraffic bool = false - -@description('Optional. True if VNET to VNET traffic is allowed.') -param allowVnetToVnetTraffic bool = false - -@description('Optional. VPN encryption to be disabled or not.') -param disableVpnEncryption bool = false - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualWan 'Microsoft.Network/virtualWans@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - allowBranchToBranchTraffic: allowBranchToBranchTraffic - allowVnetToVnetTraffic: allowVnetToVnetTraffic ? allowVnetToVnetTraffic : null - disableVpnEncryption: disableVpnEncryption - type: type - } -} - -resource virtualWan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${virtualWan.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualWan -} - -module virtualWan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-VWan-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: virtualWan.id - } -}] - -@description('The name of the virtual WAN.') -output name string = virtualWan.name - -@description('The resource ID of the virtual WAN.') -output resourceId string = virtualWan.id - -@description('The resource group the virtual WAN was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = virtualWan.location diff --git a/modules/Microsoft.Network/virtualWans/readme.md b/modules/Microsoft.Network/virtualWans/readme.md deleted file mode 100644 index f081449087..0000000000 --- a/modules/Microsoft.Network/virtualWans/readme.md +++ /dev/null @@ -1,260 +0,0 @@ -# Virtual WANs `[Microsoft.Network/virtualWans]` - -This template deploys a virtual WAN. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/virtualWans` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualWans) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Virtual WAN. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBranchToBranchTraffic` | bool | `False` | | True if branch to branch traffic is allowed. | -| `allowVnetToVnetTraffic` | bool | `False` | | True if VNET to VNET traffic is allowed. | -| `disableVpnEncryption` | bool | `False` | | VPN encryption to be disabled or not. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `type` | string | `'Standard'` | `[Standard, Basic]` | The type of the Virtual WAN. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual WAN. | -| `resourceGroupName` | string | The resource group the virtual WAN was deployed into. | -| `resourceId` | string | The resource ID of the virtual WAN. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vw-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualWans './Microsoft.Network/virtualWans/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualWans' - params: { - name: '<>-az-vw-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "type": { - "value": "Basic" - }, - "allowBranchToBranchTraffic": { - "value": true - }, - "allowVnetToVnetTraffic": { - "value": true - }, - "disableVpnEncryption": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module virtualWans './Microsoft.Network/virtualWans/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualWans' - params: { - name: '<>-az-vw-x-001' - lock: 'CanNotDelete' - type: 'Basic' - allowBranchToBranchTraffic: true - allowVnetToVnetTraffic: true - disableVpnEncryption: true - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/virtualWans/version.json b/modules/Microsoft.Network/virtualWans/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Network/virtualWans/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json deleted file mode 100644 index 4ed3a736e6..0000000000 --- a/modules/Microsoft.Network/vpnGateways/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vpngw-min-001" - }, - "virtualHubResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-min-001" - } - } -} diff --git a/modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json b/modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json deleted file mode 100644 index 620e1c6ff7..0000000000 --- a/modules/Microsoft.Network/vpnGateways/.deploymentTests/parameters.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vpngw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "virtualHubResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001" - }, - "bgpSettings": { - "value": { - "asn": 65515, - "peerWeight": 0 - } - }, - "connections": { - "value": [ - { - "name": "Connection-<>-az-vsite-x-001", - "connectionBandwidth": 10, - "enableBgp": true, - "routingConfiguration": { - "associatedRouteTable": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable" - }, - "propagatedRouteTables": { - "labels": [ - "default" - ], - "ids": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable" - } - ] - }, - "vnetRoutes": { - "staticRoutes": [] - } - }, - "remoteVpnSiteResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<>-az-vsite-x-001" - } - ] - }, - "natRules": { - "value": [ - { - "name": "natRule1", - "internalMappings": [ - { - "addressSpace": "10.4.0.0/24" - } - ], - "externalMappings": [ - { - "addressSpace": "192.168.21.0/24" - } - ], - "type": "Static", - "mode": "EgressSnat" - } - ] - } - } -} diff --git a/modules/Microsoft.Network/vpnGateways/connections/deploy.bicep b/modules/Microsoft.Network/vpnGateways/connections/deploy.bicep deleted file mode 100644 index 7e63d366cd..0000000000 --- a/modules/Microsoft.Network/vpnGateways/connections/deploy.bicep +++ /dev/null @@ -1,102 +0,0 @@ -@description('Required. The name of the VPN connection.') -param name string - -@description('Conditional. The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment.') -param vpnGatewayName string - -@description('Optional. The IPSec policies to be considered by this connection.') -param ipsecPolicies array = [] - -@description('Optional. The traffic selector policies to be considered by this connection.') -param trafficSelectorPolicies array = [] - -@description('Optional. List of all VPN site link connections to the gateway.') -param vpnLinkConnections array = [] - -@description('Optional. Routing configuration indicating the associated and propagated route tables for this connection.') -param routingConfiguration object = {} - -@description('Optional. Enable policy-based traffic selectors.') -param usePolicyBasedTrafficSelectors bool = false - -@description('Optional. Use local Azure IP to initiate connection.') -param useLocalAzureIpAddress bool = false - -@description('Optional. Enable rate limiting.') -param enableRateLimiting bool = false - -@description('Optional. Enable internet security.') -param enableInternetSecurity bool = false - -@description('Optional. Enable BGP flag.') -param enableBgp bool = false - -@description('Optional. Routing weight for VPN connection.') -param routingWeight int = 0 - -@description('Optional. Expected bandwidth in MBPS.') -param connectionBandwidth int = 10 - -@description('Optional. Gateway connection protocol.') -@allowed([ - 'IKEv1' - 'IKEv2' -]) -param vpnConnectionProtocolType string = 'IKEv2' - -@description('Optional. SharedKey for the VPN connection.') -param sharedKey string = '' - -@description('Optional. Reference to a VPN site to link to.') -param remoteVpnSiteResourceId string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource vpnGateway 'Microsoft.Network/vpnGateways@2021-05-01' existing = { - name: vpnGatewayName -} - -resource vpnConnection 'Microsoft.Network/vpnGateways/vpnConnections@2021-05-01' = { - name: name - parent: vpnGateway - properties: { - connectionBandwidth: connectionBandwidth - enableBgp: enableBgp - enableInternetSecurity: enableInternetSecurity - enableRateLimiting: enableRateLimiting - ipsecPolicies: ipsecPolicies - remoteVpnSite: !empty(remoteVpnSiteResourceId) ? { - id: remoteVpnSiteResourceId - } : null - routingConfiguration: routingConfiguration - routingWeight: routingWeight - sharedKey: sharedKey - trafficSelectorPolicies: trafficSelectorPolicies - useLocalAzureIpAddress: useLocalAzureIpAddress - usePolicyBasedTrafficSelectors: usePolicyBasedTrafficSelectors - vpnConnectionProtocolType: vpnConnectionProtocolType - vpnLinkConnections: vpnLinkConnections - } -} - -@description('The name of the VPN connection.') -output name string = vpnConnection.name - -@description('The resource ID of the VPN connection.') -output resourceId string = vpnConnection.id - -@description('The name of the resource group the VPN connection was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/vpnGateways/connections/readme.md b/modules/Microsoft.Network/vpnGateways/connections/readme.md deleted file mode 100644 index 09b52842d2..0000000000 --- a/modules/Microsoft.Network/vpnGateways/connections/readme.md +++ /dev/null @@ -1,112 +0,0 @@ -# VPN Gateways Connections `[Microsoft.Network/vpnGateways/connections]` - -This module deploys VPN Gateways Connections. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/vpnGateways/vpnConnections` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/vpnConnections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the VPN connection. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `vpnGatewayName` | string | The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `connectionBandwidth` | int | `10` | | Expected bandwidth in MBPS. | -| `enableBgp` | bool | `False` | | Enable BGP flag. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableInternetSecurity` | bool | `False` | | Enable internet security. | -| `enableRateLimiting` | bool | `False` | | Enable rate limiting. | -| `ipsecPolicies` | array | `[]` | | The IPSec policies to be considered by this connection. | -| `remoteVpnSiteResourceId` | string | `''` | | Reference to a VPN site to link to. | -| `routingConfiguration` | object | `{object}` | | Routing configuration indicating the associated and propagated route tables for this connection. | -| `routingWeight` | int | `0` | | Routing weight for VPN connection. | -| `sharedKey` | string | `''` | | SharedKey for the VPN connection. | -| `trafficSelectorPolicies` | array | `[]` | | The traffic selector policies to be considered by this connection. | -| `useLocalAzureIpAddress` | bool | `False` | | Use local Azure IP to initiate connection. | -| `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. | -| `vpnConnectionProtocolType` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Gateway connection protocol. | -| `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. | - - -### Parameter Usage: `routingConfiguration` - -

- -Parameter JSON format - -```json -"routingConfiguration": { - "associatedRouteTable": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/SampleVirtualHub/hubRouteTables/defaultRouteTable" - }, - "propagatedRouteTables": { - "labels": [ - "default" - ], - "ids": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/SampleVirtualHub/hubRouteTables/defaultRouteTable" - } - ] - }, - "vnetRoutes": { - "staticRoutes": [] - } -} -``` - -
- -
- -Bicep format - -```bicep -routingConfiguration: { - associatedRouteTable: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/SampleVirtualHub/hubRouteTables/defaultRouteTable' - } - propagatedRouteTables: { - labels: [ - 'default' - ] - ids: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/SampleVirtualHub/hubRouteTables/defaultRouteTable' - } - ] - } - vnetRoutes: { - staticRoutes: [] - } -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the VPN connection. | -| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. | -| `resourceId` | string | The resource ID of the VPN connection. | diff --git a/modules/Microsoft.Network/vpnGateways/connections/version.json b/modules/Microsoft.Network/vpnGateways/connections/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/vpnGateways/connections/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Network/vpnGateways/deploy.bicep b/modules/Microsoft.Network/vpnGateways/deploy.bicep deleted file mode 100644 index 2efca6d541..0000000000 --- a/modules/Microsoft.Network/vpnGateways/deploy.bicep +++ /dev/null @@ -1,124 +0,0 @@ -@description('Required. Name of the VPN gateway.') -param name string - -@description('Optional. Location where all resources will be created.') -param location string = resourceGroup().location - -@description('Optional. The connections to create in the VPN gateway.') -param connections array = [] - -@description('Optional. List of all the NAT Rules to associate with the gateway.') -param natRules array = [] - -@description('Required. The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location.') -param virtualHubResourceId string - -@description('Optional. BGP settings details.') -param bgpSettings object = {} - -@description('Optional. Enable BGP routes translation for NAT on this VPN gateway.') -param enableBgpRouteTranslationForNat bool = false - -@description('Optional. Enable routing preference property for the public IP interface of the VPN gateway.') -param isRoutingPreferenceInternet bool = false - -@description('Optional. The scale unit for this VPN gateway.') -param vpnGatewayScaleUnit int = 2 - -@description('Optional. Tags of the resource.') -param tags object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource vpnGateway 'Microsoft.Network/vpnGateways@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - bgpSettings: bgpSettings - enableBgpRouteTranslationForNat: enableBgpRouteTranslationForNat - isRoutingPreferenceInternet: isRoutingPreferenceInternet - vpnGatewayScaleUnit: vpnGatewayScaleUnit - virtualHub: { - id: virtualHubResourceId - } - } -} - -resource vpnGateway_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${vpnGateway.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: vpnGateway -} - -module vpnGateway_natRules 'natRules/deploy.bicep' = [for (natRule, index) in natRules: { - name: '${deployment().name}-NATRule-${index}' - params: { - name: natRule.name - vpnGatewayName: vpnGateway.name - externalMappings: contains(natRule, 'externalMappings') ? natRule.externalMappings : [] - internalMappings: contains(natRule, 'internalMappings') ? natRule.internalMappings : [] - ipConfigurationId: contains(natRule, 'ipConfigurationId') ? natRule.ipConfigurationId : '' - mode: contains(natRule, 'mode') ? natRule.mode : '' - type: contains(natRule, 'type') ? natRule.type : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module vpnGateway_connections 'connections/deploy.bicep' = [for (connection, index) in connections: { - name: '${deployment().name}-Connection-${index}' - params: { - name: connection.name - vpnGatewayName: vpnGateway.name - connectionBandwidth: contains(connection, 'connectionBandwidth') ? connection.connectionBandwidth : 10 - enableBgp: contains(connection, 'enableBgp') ? connection.enableBgp : false - enableInternetSecurity: contains(connection, 'enableInternetSecurity') ? connection.enableInternetSecurity : false - remoteVpnSiteResourceId: contains(connection, 'remoteVpnSiteResourceId') ? connection.remoteVpnSiteResourceId : '' - enableRateLimiting: contains(connection, 'enableRateLimiting') ? connection.enableRateLimiting : false - routingConfiguration: contains(connection, 'routingConfiguration') ? connection.routingConfiguration : {} - routingWeight: contains(connection, 'routingWeight') ? connection.routingWeight : 0 - sharedKey: contains(connection, 'sharedKey') ? connection.sharedKey : '' - useLocalAzureIpAddress: contains(connection, 'useLocalAzureIpAddress') ? connection.useLocalAzureIpAddress : false - usePolicyBasedTrafficSelectors: contains(connection, 'usePolicyBasedTrafficSelectors') ? connection.usePolicyBasedTrafficSelectors : false - vpnConnectionProtocolType: contains(connection, 'vpnConnectionProtocolType') ? connection.vpnConnectionProtocolType : 'IKEv2' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the VPN gateway.') -output name string = vpnGateway.name - -@description('The resource ID of the VPN gateway.') -output resourceId string = vpnGateway.id - -@description('The name of the resource group the VPN gateway was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = vpnGateway.location diff --git a/modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep b/modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep deleted file mode 100644 index 53156ffe17..0000000000 --- a/modules/Microsoft.Network/vpnGateways/natRules/deploy.bicep +++ /dev/null @@ -1,70 +0,0 @@ -@description('Required. The name of the NAT rule.') -param name string - -@description('Conditional. The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment.') -param vpnGatewayName string - -@description('Optional. An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range.') -param externalMappings array = [] - -@description('Optional. An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range.') -param internalMappings array = [] - -@description('Optional. A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances.') -param ipConfigurationId string = '' - -@description('Optional. The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub\'s site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub\'s Site-to-site VPN gateway.') -@allowed([ - '' - 'EgressSnat' - 'IngressSnat' -]) -param mode string = '' - -@description('Optional. The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability.') -@allowed([ - '' - 'Dynamic' - 'Static' -]) -param type string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource vpnGateway 'Microsoft.Network/vpnGateways@2021-05-01' existing = { - name: vpnGatewayName -} - -resource natRule 'Microsoft.Network/vpnGateways/natRules@2021-05-01' = { - name: name - parent: vpnGateway - properties: { - externalMappings: externalMappings - internalMappings: internalMappings - ipConfigurationId: !empty(ipConfigurationId) ? ipConfigurationId : null - mode: !empty(mode) ? any(mode) : null - type: !empty(type) ? any(type) : null - } -} - -@description('The name of the NAT rule.') -output name string = natRule.name - -@description('The resource ID of the NAT rule.') -output resourceId string = natRule.id - -@description('The name of the resource group the NAT rule was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Network/vpnGateways/natRules/readme.md b/modules/Microsoft.Network/vpnGateways/natRules/readme.md deleted file mode 100644 index fbb6699e83..0000000000 --- a/modules/Microsoft.Network/vpnGateways/natRules/readme.md +++ /dev/null @@ -1,46 +0,0 @@ -# VPN Gateways NATRules `[Microsoft.Network/vpnGateways/natRules]` - -This module deploys VPN Gateways NATRules - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/vpnGateways/natRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/natRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the NAT rule. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `vpnGatewayName` | string | The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `externalMappings` | array | `[]` | | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. | -| `internalMappings` | array | `[]` | | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. | -| `ipConfigurationId` | string | `''` | | A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. | -| `mode` | string | `''` | `[, EgressSnat, IngressSnat]` | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. | -| `type` | string | `''` | `[, Dynamic, Static]` | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the NAT rule. | -| `resourceGroupName` | string | The name of the resource group the NAT rule was deployed into. | -| `resourceId` | string | The resource ID of the NAT rule. | diff --git a/modules/Microsoft.Network/vpnGateways/natRules/version.json b/modules/Microsoft.Network/vpnGateways/natRules/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/vpnGateways/natRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Network/vpnGateways/readme.md b/modules/Microsoft.Network/vpnGateways/readme.md deleted file mode 100644 index 5f162f0fd3..0000000000 --- a/modules/Microsoft.Network/vpnGateways/readme.md +++ /dev/null @@ -1,355 +0,0 @@ -# VPN Gateways `[Microsoft.Network/vpnGateways]` - -This module deploys VPN Gateways. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Network/vpnGateways` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways) | -| `Microsoft.Network/vpnGateways/natRules` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/natRules) | -| `Microsoft.Network/vpnGateways/vpnConnections` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnGateways/vpnConnections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the VPN gateway. | -| `virtualHubResourceId` | string | The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `bgpSettings` | object | `{object}` | | BGP settings details. | -| `connections` | _[connections](connections/readme.md)_ array | `[]` | | The connections to create in the VPN gateway. | -| `enableBgpRouteTranslationForNat` | bool | `False` | | Enable BGP routes translation for NAT on this VPN gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `isRoutingPreferenceInternet` | bool | `False` | | Enable routing preference property for the public IP interface of the VPN gateway. | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `natRules` | _[natRules](natRules/readme.md)_ array | `[]` | | List of all the NAT Rules to associate with the gateway. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. | - - -### Parameter Usage: `bgpSettings` - -

- -Parameter JSON format - -```json -"bgpSettings": { - "asn": 65515, - "peerWeight": 0, - "bgpPeeringAddresses": [ - { - "ipconfigurationId": "Instance0", - "defaultBgpIpAddresses": [ - "10.0.0.12" - ], - "customBgpIpAddresses": [], - "tunnelIpAddresses": [ - "20.84.35.53", - "10.0.0.4" - ] - }, - { - "ipconfigurationId": "Instance1", - "defaultBgpIpAddresses": [ - "10.0.0.13" - ], - "customBgpIpAddresses": [], - "tunnelIpAddresses": [ - "20.84.34.225", - "10.0.0.5" - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -bgpSettings: { - asn: 65515 - peerWeight: 0 - bgpPeeringAddresses: [ - { - ipconfigurationId: 'Instance0' - defaultBgpIpAddresses: [ - '10.0.0.12' - ] - customBgpIpAddresses: [] - tunnelIpAddresses: [ - '20.84.35.53' - '10.0.0.4' - ] - } - { - ipconfigurationId: 'Instance1' - defaultBgpIpAddresses: [ - '10.0.0.13' - ] - customBgpIpAddresses: [] - tunnelIpAddresses: [ - '20.84.34.225' - '10.0.0.5' - ] - } - ] -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VPN gateway. | -| `resourceGroupName` | string | The name of the resource group the VPN gateway was deployed into. | -| `resourceId` | string | The resource ID of the VPN gateway. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vpngw-min-001" - }, - "virtualHubResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vpnGateways' - params: { - name: '<>-az-vpngw-min-001' - virtualHubResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vpngw-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "virtualHubResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001" - }, - "bgpSettings": { - "value": { - "asn": 65515, - "peerWeight": 0 - } - }, - "connections": { - "value": [ - { - "name": "Connection-<>-az-vsite-x-001", - "connectionBandwidth": 10, - "enableBgp": true, - "routingConfiguration": { - "associatedRouteTable": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable" - }, - "propagatedRouteTables": { - "labels": [ - "default" - ], - "ids": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable" - } - ] - }, - "vnetRoutes": { - "staticRoutes": [] - } - }, - "remoteVpnSiteResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<>-az-vsite-x-001" - } - ] - }, - "natRules": { - "value": [ - { - "name": "natRule1", - "internalMappings": [ - { - "addressSpace": "10.4.0.0/24" - } - ], - "externalMappings": [ - { - "addressSpace": "192.168.21.0/24" - } - ], - "type": "Static", - "mode": "EgressSnat" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vpnGateways './Microsoft.Network/vpnGateways/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vpnGateways' - params: { - name: '<>-az-vpngw-x-001' - lock: 'CanNotDelete' - virtualHubResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001' - bgpSettings: { - asn: 65515 - peerWeight: 0 - } - connections: [ - { - name: 'Connection-<>-az-vsite-x-001' - connectionBandwidth: 10 - enableBgp: true - routingConfiguration: { - associatedRouteTable: { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable' - } - propagatedRouteTables: { - labels: [ - 'default' - ] - ids: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualHubs/<>-az-vhub-x-001/hubRouteTables/defaultRouteTable' - } - ] - } - vnetRoutes: { - staticRoutes: [] - } - } - remoteVpnSiteResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/vpnSites/<>-az-vsite-x-001' - } - ] - natRules: [ - { - name: 'natRule1' - internalMappings: [ - { - addressSpace: '10.4.0.0/24' - } - ] - externalMappings: [ - { - addressSpace: '192.168.21.0/24' - } - ] - type: 'Static' - mode: 'EgressSnat' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/vpnGateways/version.json b/modules/Microsoft.Network/vpnGateways/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/vpnGateways/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 52b018b360..0000000000 --- a/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,37 +0,0 @@ -param principalIds array -param principalType string = '' -param roleDefinitionIdOrName string -param resourceId string - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource vpnSite 'Microsoft.Network/vpnSites@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(vpnSite.id, principalId, roleDefinitionIdOrName) - properties: { - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: vpnSite -}] diff --git a/modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json b/modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json deleted file mode 100644 index 24791e0339..0000000000 --- a/modules/Microsoft.Network/vpnSites/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "ipAddress": { - "value": "1.2.3.4" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - } - } -} diff --git a/modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json b/modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json deleted file mode 100644 index 94c534c5e4..0000000000 --- a/modules/Microsoft.Network/vpnSites/.deploymentTests/parameters.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "tagA": "valueA", - "tagB": "valueB" - } - }, - "deviceProperties": { - "value": { - "linkSpeedInMbps": 0 - } - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - }, - "vpnSiteLinks": { - "value": [ - { - "name": "<>-az-vSite-x-001", - "properties": { - "bgpProperties": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1" - }, - "ipAddress": "1.2.3.4", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - }, - { - "name": "Link1", - "properties": { - "bgpProperties": { - "asn": 65020, - "bgpPeeringAddress": "192.168.1.0" - }, - "ipAddress": "2.2.2.2", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - } - ] - }, - "o365Policy": { - "value": { - "breakOutCategories": { - "optimize": true, - "allow": true, - "default": true - } - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Network/vpnSites/deploy.bicep b/modules/Microsoft.Network/vpnSites/deploy.bicep deleted file mode 100644 index 6bb79563e8..0000000000 --- a/modules/Microsoft.Network/vpnSites/deploy.bicep +++ /dev/null @@ -1,108 +0,0 @@ -@description('Required. Name of the VPN Site.') -param name string - -@description('Required. Resource ID of the virtual WAN to link to.') -param virtualWanId string - -@description('Optional. Location where all resources will be created.') -param location string = resourceGroup().location - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured.') -param addressPrefixes array = [] - -@description('Optional. BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead.') -param bgpProperties object = {} - -@description('Optional. List of properties of the device.') -param deviceProperties object = {} - -@description('Optional. The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead.') -param ipAddress string = '' - -@description('Optional. IsSecuritySite flag.') -param isSecuritySite bool = false - -@description('Optional. The Office365 breakout policy.') -param o365Policy object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. List of all VPN site links.') -param vpnSiteLinks array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource vpnSite 'Microsoft.Network/vpnSites@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - addressSpace: !empty(addressPrefixes) ? { - addressPrefixes: addressPrefixes - } : null - bgpProperties: !empty(bgpProperties) ? bgpProperties : null - deviceProperties: !empty(deviceProperties) ? deviceProperties : null - ipAddress: !empty(ipAddress) ? ipAddress : null - isSecuritySite: isSecuritySite - o365Policy: !empty(o365Policy) ? o365Policy : null - virtualWan: { - id: virtualWanId - } - vpnSiteLinks: !empty(vpnSiteLinks) ? vpnSiteLinks : null - } -} - -resource vpnSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${vpnSite.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: vpnSite -} - -module vpnSite_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-VWan-Rbac-${index}' - params: { - principalIds: roleAssignment.principalIds - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: vpnSite.id - } -}] - -@description('The name of the VPN site.') -output name string = vpnSite.name - -@description('The resource ID of the VPN site.') -output resourceId string = vpnSite.id - -@description('The resource group the VPN site was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = vpnSite.location diff --git a/modules/Microsoft.Network/vpnSites/readme.md b/modules/Microsoft.Network/vpnSites/readme.md deleted file mode 100644 index 05d815968d..0000000000 --- a/modules/Microsoft.Network/vpnSites/readme.md +++ /dev/null @@ -1,529 +0,0 @@ -# VPN Sites `[Microsoft.Network/vpnSites]` - -This module deploys a VPN Site. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/vpnSites` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/vpnSites) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the VPN Site. | -| `virtualWanId` | string | Resource ID of the virtual WAN to link to. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addressPrefixes` | array | `[]` | | An array of IP address ranges that can be used by subnets of the virtual network. Must be provided if no bgpProperties or VPNSiteLinks are configured. | -| `bgpProperties` | object | `{object}` | | BGP settings details. Must be provided if no addressPrefixes or VPNSiteLinks are configured. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | -| `deviceProperties` | object | `{object}` | | List of properties of the device. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipAddress` | string | `''` | | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. | -| `isSecuritySite` | bool | `False` | | IsSecuritySite flag. | -| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `o365Policy` | object | `{object}` | | The Office365 breakout policy. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vpnSiteLinks` | array | `[]` | | List of all VPN site links. | - - -### Parameter Usage `o365Policy` - -

- -Parameter JSON format - -```json -"o365Policy": { - "value": { - "breakOutCategories": { - "optimize": true, - "allow": true, - "default": true - } - } -} -``` - -
- - -
- -Bicep format - -```bicep -o365Policy: { - breakOutCategories: { - optimize: true - allow: true - default: true - } -} -``` - -
-

- -### Parameter Usage `deviceProperties` - -

- -Parameter JSON format - -```json -"deviceProperties": { - "value": { - "deviceModel": "morty", - "deviceVendor": "contoso", - "linkSpeedInMbps": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -deviceProperties: { - deviceModel: 'morty' - deviceVendor: 'contoso' - linkSpeedInMbps: 0 -} -``` - -
-

- -### Parameter Usage `bgpProperties` - -The BGP properties. Note: This is a deprecated property, please use the corresponding `VpnSiteLinks` property instead. - -

- -Parameter JSON format - -```json -"bgpProperties": { - "value": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1", - "peerWeight": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -bgpProperties: { - asn: 65010 - bgpPeeringAddress: '1.1.1.1' - peerWeight: 0 -} -``` - -
-

- -### Parameter Usage `vpnSiteLinks` - -An array of links. Should be used instead of the top-level `ipAddress` & `bgpProperties` properties. If using links, one default link with same name and properties as VpnSite itself is mandatory. - -

- -Parameter JSON format - -```json -"vpnSiteLinks": { - "value": [ - { - "name": "<>-az-vSite-x-001", - "properties": { - "bgpProperties": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1" - }, - "ipAddress": "1.2.3.4", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -vpnSiteLinks: [ - { - name: '<>-az-vSite-x-001' - properties: { - bgpProperties: { - asn: 65010 - bgpPeeringAddress: '1.1.1.1' - } - ipAddress: '1.2.3.4' - linkProperties: { - linkProviderName: 'contoso' - linkSpeedInMbps: 5 - } - } - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VPN site. | -| `resourceGroupName` | string | The resource group the VPN site was deployed into. | -| `resourceId` | string | The resource ID of the VPN site. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "ipAddress": { - "value": "1.2.3.4" - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vpnSites' - params: { - name: '<>-az-vSite-min-001' - addressPrefixes: [ - '10.0.0.0/16' - ] - ipAddress: '1.2.3.4' - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vSite-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "tagA": "valueA", - "tagB": "valueB" - } - }, - "deviceProperties": { - "value": { - "linkSpeedInMbps": 0 - } - }, - "virtualWanId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001" - }, - "vpnSiteLinks": { - "value": [ - { - "name": "<>-az-vSite-x-001", - "properties": { - "bgpProperties": { - "asn": 65010, - "bgpPeeringAddress": "1.1.1.1" - }, - "ipAddress": "1.2.3.4", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - }, - { - "name": "Link1", - "properties": { - "bgpProperties": { - "asn": 65020, - "bgpPeeringAddress": "192.168.1.0" - }, - "ipAddress": "2.2.2.2", - "linkProperties": { - "linkProviderName": "contoso", - "linkSpeedInMbps": 5 - } - } - } - ] - }, - "o365Policy": { - "value": { - "breakOutCategories": { - "optimize": true, - "allow": true, - "default": true - } - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vpnSites './Microsoft.Network/vpnSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vpnSites' - params: { - name: '<>-az-vSite-x-001' - lock: 'CanNotDelete' - tags: { - tagA: 'valueA' - tagB: 'valueB' - } - deviceProperties: { - linkSpeedInMbps: 0 - } - virtualWanId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualWans/apd-<>-az-vw-x-001' - vpnSiteLinks: [ - { - name: '<>-az-vSite-x-001' - properties: { - bgpProperties: { - asn: 65010 - bgpPeeringAddress: '1.1.1.1' - } - ipAddress: '1.2.3.4' - linkProperties: { - linkProviderName: 'contoso' - linkSpeedInMbps: 5 - } - } - } - { - name: 'Link1' - properties: { - bgpProperties: { - asn: 65020 - bgpPeeringAddress: '192.168.1.0' - } - ipAddress: '2.2.2.2' - linkProperties: { - linkProviderName: 'contoso' - linkSpeedInMbps: 5 - } - } - } - ] - o365Policy: { - breakOutCategories: { - optimize: true - allow: true - default: true - } - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Network/vpnSites/version.json b/modules/Microsoft.Network/vpnSites/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Network/vpnSites/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index e2c0ea3228..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Automation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f353d9bd-d4a6-484e-a77a-8050b599b867') - 'Azure Sentinel Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ab8e14d6-4a74-4a29-9ba8-549422addade') - 'Azure Sentinel Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8d289c81-5878-46d4-8554-54e1e3d8b5cb') - 'Azure Sentinel Responder': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e150937-b8fe-4cfb-8069-0eaf05ecd056') - 'Data Purger': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '150f5e0c-0603-4f03-8c7f-cf70034c4e90') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Security Admin': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb1c8493-542b-48eb-b624-b4c8fea62acd') - 'Security Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '39bc4728-0917-49c7-9d2c-d95423bc2eb4') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(logAnalyticsWorkspace.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: logAnalyticsWorkspace -}] diff --git a/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json deleted file mode 100644 index 97fc2fafe4..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-law-min-001" - } - } -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json b/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json deleted file mode 100644 index e69b24d3ff..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/.deploymentTests/parameters.json +++ /dev/null @@ -1,171 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-law-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "publicNetworkAccessForIngestion": { - "value": "Disabled" - }, - "publicNetworkAccessForQuery": { - "value": "Disabled" - }, - "dailyQuotaGb": { - "value": 10 - }, - "storageInsightsConfigs": { - "value": [ - { - "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsalaw001", - "tables": [ - "WADWindowsEventLogsTable", - "WADETWEventTable", - "WADServiceFabric*EventTable", - "LinuxsyslogVer2v0" - ] - } - ] - }, - "linkedServices": { - "value": [ - { - "name": "Automation", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Automation/automationAccounts/adp-<>-az-aut-x-001" - } - ] - }, - "savedSearches": { - "value": [ - { - "name": "VMSSQueries", - "displayName": "VMSS Instance Count2", - "category": "VDC Saved Searches", - "query": "Event | where Source == 'ServiceFabricNodeBootstrapAgent' | summarize AggregatedValue = count() by Computer" - } - ] - }, - "dataSources": { - "value": [ - { - "name": "applicationEvent", - "kind": "WindowsEvent", - "eventLogName": "Application", - "eventTypes": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "windowsPerfCounter1", - "kind": "WindowsPerformanceCounter", - "objectName": "Processor", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Processor Time" - }, - { - "name": "sampleIISLog1", - "kind": "IISLogs", - "state": "OnPremiseEnabled" - }, - { - "name": "sampleSyslog1", - "kind": "LinuxSyslog", - "syslogName": "kern", - "syslogSeverities": [ - { - "severity": "emerg" - }, - { - "severity": "alert" - }, - { - "severity": "crit" - }, - { - "severity": "err" - }, - { - "severity": "warning" - } - ] - }, - { - "name": "sampleSyslogCollection1", - "kind": "LinuxSyslogCollection", - "state": "Enabled" - }, - { - "name": "sampleLinuxPerf1", - "kind": "LinuxPerformanceObject", - "syslogSeverities": [ - { - "counterName": "% Used Inodes" - }, - { - "counterName": "Free Megabytes" - }, - { - "counterName": "% Used Space" - }, - { - "counterName": "Disk Transfers/sec" - }, - { - "counterName": "Disk Reads/sec" - }, - { - "counterName": "Disk Writes/sec" - } - ], - "objectName": "Logical Disk", - "instanceName": "*", - "intervalSeconds": 10 - }, - { - "name": "sampleLinuxPerfCollection1", - "kind": "LinuxPerformanceCollection", - "state": "Enabled" - } - ] - }, - "gallerySolutions": { - "value": [ - { - "name": "AzureAutomation", - "product": "OMSGallery", - "publisher": "Microsoft" - } - ] - }, - "useResourcePermissions": { - "value": true - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep deleted file mode 100644 index 9ecbbcb6c4..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/dataSources/deploy.bicep +++ /dev/null @@ -1,102 +0,0 @@ -@description('Conditional. The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.') -param logAnalyticsWorkspaceName string - -@description('Required. Name of the solution.') -param name string - -@description('Required. The kind of the DataSource.') -@allowed([ - 'AzureActivityLog' - 'WindowsEvent' - 'WindowsPerformanceCounter' - 'IISLogs' - 'LinuxSyslog' - 'LinuxSyslogCollection' - 'LinuxPerformanceObject' - 'LinuxPerformanceCollection' -]) -param kind string = 'AzureActivityLog' - -@description('Optional. Tags to configure in the resource.') -param tags object = {} - -@description('Optional. Resource ID of the resource to be linked.') -param linkedResourceId string = '' - -@description('Optional. Windows event log name to configure when kind is WindowsEvent.') -param eventLogName string = '' - -@description('Optional. Windows event types to configure when kind is WindowsEvent.') -param eventTypes array = [] - -@description('Optional. Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.') -param objectName string = '' - -@description('Optional. Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.') -param instanceName string = '*' - -@description('Optional. Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.') -param intervalSeconds int = 60 - -@description('Optional. List of counters to configure when the kind is LinuxPerformanceObject.') -param performanceCounters array = [] - -@description('Optional. Counter name to configure when kind is WindowsPerformanceCounter.') -param counterName string = '' - -@description('Optional. State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection.') -param state string = '' - -@description('Optional. System log to configure when kind is LinuxSyslog.') -param syslogName string = '' - -@description('Optional. Severities to configure when kind is LinuxSyslog.') -param syslogSeverities array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource workspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource dataSource 'Microsoft.OperationalInsights/workspaces/dataSources@2020-08-01' = { - name: name - parent: workspace - kind: kind - tags: tags - properties: { - linkedResourceId: !empty(kind) && kind == 'AzureActivityLog' ? linkedResourceId : null - eventLogName: !empty(kind) && kind == 'WindowsEvent' ? eventLogName : null - eventTypes: !empty(kind) && kind == 'WindowsEvent' ? eventTypes : null - objectName: !empty(kind) && (kind == 'WindowsPerformanceCounter' || kind == 'LinuxPerformanceObject') ? objectName : null - instanceName: !empty(kind) && (kind == 'WindowsPerformanceCounter' || kind == 'LinuxPerformanceObject') ? instanceName : null - intervalSeconds: !empty(kind) && (kind == 'WindowsPerformanceCounter' || kind == 'LinuxPerformanceObject') ? intervalSeconds : null - counterName: !empty(kind) && kind == 'WindowsPerformanceCounter' ? counterName : null - state: !empty(kind) && (kind == 'IISLogs' || kind == 'LinuxSyslogCollection' || kind == 'LinuxPerformanceCollection') ? state : null - syslogName: !empty(kind) && kind == 'LinuxSyslog' ? syslogName : null - syslogSeverities: !empty(kind) && (kind == 'LinuxSyslog' || kind == 'LinuxPerformanceObject') ? syslogSeverities : null - performanceCounters: !empty(kind) && kind == 'LinuxPerformanceObject' ? performanceCounters : null - } -} - -@description('The resource ID of the deployed data source.') -output resourceId string = dataSource.id - -@description('The resource group where the data source is deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployed data source.') -output name string = dataSource.name diff --git a/modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md b/modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md deleted file mode 100644 index c37bc5db58..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/dataSources/readme.md +++ /dev/null @@ -1,95 +0,0 @@ -# Operationalinsights Workspaces Datasources `[Microsoft.OperationalInsights/workspaces/dataSources]` - -This template deploys a data source for a Log Analytics workspace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.OperationalInsights/workspaces/dataSources` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `kind` | string | `'AzureActivityLog'` | `[AzureActivityLog, WindowsEvent, WindowsPerformanceCounter, IISLogs, LinuxSyslog, LinuxSyslogCollection, LinuxPerformanceObject, LinuxPerformanceCollection]` | The kind of the DataSource. | -| `name` | string | | | Name of the solution. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `counterName` | string | `''` | Counter name to configure when kind is WindowsPerformanceCounter. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `eventLogName` | string | `''` | Windows event log name to configure when kind is WindowsEvent. | -| `eventTypes` | array | `[]` | Windows event types to configure when kind is WindowsEvent. | -| `instanceName` | string | `'*'` | Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `intervalSeconds` | int | `60` | Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `linkedResourceId` | string | `''` | Resource ID of the resource to be linked. | -| `objectName` | string | `''` | Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. | -| `performanceCounters` | array | `[]` | List of counters to configure when the kind is LinuxPerformanceObject. | -| `state` | string | `''` | State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. | -| `syslogName` | string | `''` | System log to configure when kind is LinuxSyslog. | -| `syslogSeverities` | array | `[]` | Severities to configure when kind is LinuxSyslog. | -| `tags` | object | `{object}` | Tags to configure in the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed data source. | -| `resourceGroupName` | string | The resource group where the data source is deployed. | -| `resourceId` | string | The resource ID of the deployed data source. | diff --git a/modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json b/modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/dataSources/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep deleted file mode 100644 index 92f5c27c3c..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ /dev/null @@ -1,283 +0,0 @@ -@description('Required. Name of the Log Analytics workspace.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Service Tier: PerGB2018, Free, Standalone, PerGB or PerNode.') -@allowed([ - 'Free' - 'Standalone' - 'PerNode' - 'PerGB2018' -]) -param serviceTier string = 'PerGB2018' - -@description('Optional. List of storage accounts to be read by the workspace.') -param storageInsightsConfigs array = [] - -@description('Optional. List of services to be linked.') -param linkedServices array = [] - -@description('Optional. Kusto Query Language searches to save.') -param savedSearches array = [] - -@description('Optional. LAW data sources to configure.') -param dataSources array = [] - -@description('Optional. List of gallerySolutions to be created in the log analytics workspace.') -param gallerySolutions array = [] - -@description('Optional. Number of days data will be retained for.') -@minValue(0) -@maxValue(730) -param dataRetention int = 365 - -@description('Optional. The workspace daily quota for ingestion.') -@minValue(-1) -param dailyQuotaGb int = -1 - -@description('Optional. The network access type for accessing Log Analytics ingestion.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param publicNetworkAccessForIngestion string = 'Enabled' - -@description('Optional. The network access type for accessing Log Analytics query.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param publicNetworkAccessForQuery string = 'Enabled' - -@description('Optional. Set to \'true\' to use resource or workspace permissions and \'false\' (or leave empty) to require workspace permissions.') -param useResourcePermissions bool = false - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of a log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'Audit' -]) -param diagnosticLogCategoriesToEnable array = [ - 'Audit' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var logAnalyticsSearchVersion = 1 - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' = { - location: location - name: name - tags: tags - properties: { - features: { - searchVersion: logAnalyticsSearchVersion - enableLogAccessUsingOnlyResourcePermissions: useResourcePermissions - } - sku: { - name: serviceTier - } - retentionInDays: dataRetention - workspaceCapping: { - dailyQuotaGb: dailyQuotaGb - } - publicNetworkAccessForIngestion: publicNetworkAccessForIngestion - publicNetworkAccessForQuery: publicNetworkAccessForQuery - } -} - -resource logAnalyticsWorkspace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: logAnalyticsWorkspace -} - -module logAnalyticsWorkspace_storageInsightConfigs 'storageInsightConfigs/deploy.bicep' = [for (storageInsightsConfig, index) in storageInsightsConfigs: { - name: '${uniqueString(deployment().name, location)}-LAW-StorageInsightsConfig-${index}' - params: { - logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - containers: contains(storageInsightsConfig, 'containers') ? storageInsightsConfig.containers : [] - tables: contains(storageInsightsConfig, 'tables') ? storageInsightsConfig.tables : [] - storageAccountId: storageInsightsConfig.storageAccountId - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module logAnalyticsWorkspace_linkedServices 'linkedServices/deploy.bicep' = [for (linkedService, index) in linkedServices: { - name: '${uniqueString(deployment().name, location)}-LAW-LinkedService-${index}' - params: { - logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - name: linkedService.name - resourceId: contains(linkedService, 'resourceId') ? linkedService.resourceId : '' - writeAccessResourceId: contains(linkedService, 'writeAccessResourceId') ? linkedService.writeAccessResourceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module logAnalyticsWorkspace_savedSearches 'savedSearches/deploy.bicep' = [for (savedSearch, index) in savedSearches: { - name: '${uniqueString(deployment().name, location)}-LAW-SavedSearch-${index}' - params: { - logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - name: '${savedSearch.name}${uniqueString(deployment().name)}' - etag: contains(savedSearch, 'eTag') ? savedSearch.etag : '*' - displayName: savedSearch.displayName - category: savedSearch.category - query: savedSearch.query - functionAlias: contains(savedSearch, 'functionAlias') ? savedSearch.functionAlias : '' - functionParameters: contains(savedSearch, 'functionParameters') ? savedSearch.functionParameters : '' - version: contains(savedSearch, 'version') ? savedSearch.version : 2 - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module logAnalyticsWorkspace_dataSources 'dataSources/deploy.bicep' = [for (dataSource, index) in dataSources: { - name: '${uniqueString(deployment().name, location)}-LAW-DataSource-${index}' - params: { - logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - name: dataSource.name - kind: dataSource.kind - linkedResourceId: contains(dataSource, 'linkedResourceId') ? dataSource.linkedResourceId : '' - eventLogName: contains(dataSource, 'eventLogName') ? dataSource.eventLogName : '' - eventTypes: contains(dataSource, 'eventTypes') ? dataSource.eventTypes : [] - objectName: contains(dataSource, 'objectName') ? dataSource.objectName : '' - instanceName: contains(dataSource, 'instanceName') ? dataSource.instanceName : '' - intervalSeconds: contains(dataSource, 'intervalSeconds') ? dataSource.intervalSeconds : 60 - counterName: contains(dataSource, 'counterName') ? dataSource.counterName : '' - state: contains(dataSource, 'state') ? dataSource.state : '' - syslogName: contains(dataSource, 'syslogName') ? dataSource.syslogName : '' - syslogSeverities: contains(dataSource, 'syslogSeverities') ? dataSource.syslogSeverities : [] - performanceCounters: contains(dataSource, 'performanceCounters') ? dataSource.performanceCounters : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module logAnalyticsWorkspace_solutions '../../Microsoft.OperationsManagement/solutions/deploy.bicep' = [for (gallerySolution, index) in gallerySolutions: if (!empty(gallerySolutions)) { - name: '${uniqueString(deployment().name, location)}-LAW-Solution-${index}' - params: { - name: gallerySolution.name - location: location - logAnalyticsWorkspaceName: logAnalyticsWorkspace.name - product: contains(gallerySolution, 'product') ? gallerySolution.product : 'OMSGallery' - publisher: contains(gallerySolution, 'publisher') ? gallerySolution.publisher : 'Microsoft' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource logAnalyticsWorkspace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${logAnalyticsWorkspace.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: logAnalyticsWorkspace -} - -module logAnalyticsWorkspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-LAW-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: logAnalyticsWorkspace.id - } -}] - -@description('The resource ID of the deployed log analytics workspace.') -output resourceId string = logAnalyticsWorkspace.id - -@description('The resource group of the deployed log analytics workspace.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployed log analytics workspace.') -output name string = logAnalyticsWorkspace.name - -@description('The ID associated with the workspace.') -output logAnalyticsWorkspaceId string = logAnalyticsWorkspace.properties.customerId - -@description('The location the resource was deployed into.') -output location string = logAnalyticsWorkspace.location diff --git a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep deleted file mode 100644 index 73f552cbd0..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/deploy.bicep +++ /dev/null @@ -1,52 +0,0 @@ -@description('Conditional. The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.') -param logAnalyticsWorkspaceName string - -@description('Required. Name of the link.') -param name string - -@description('Required. The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access.') -param resourceId string = '' - -@description('Optional. The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access.') -param writeAccessResourceId string = '' - -@description('Optional. Tags to configure in the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource workspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource linkedService 'Microsoft.OperationalInsights/workspaces/linkedServices@2020-08-01' = { - name: name - parent: workspace - tags: tags - properties: { - resourceId: resourceId - writeAccessResourceId: empty(writeAccessResourceId) ? null : writeAccessResourceId - } -} - -@description('The name of the deployed linked service.') -output name string = linkedService.name - -@description('The resource ID of the deployed linked service.') -output resourceId string = linkedService.id - -@description('The resource group where the linked service is deployed.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md deleted file mode 100644 index 628a822f41..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/readme.md +++ /dev/null @@ -1,85 +0,0 @@ -# Operationalinsights Workspaces Linked Services `[Microsoft.OperationalInsights/workspaces/linkedServices]` - -This template deploys a linked service for a Log Analytics workspace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the link. | -| `resourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `tags` | object | `{object}` | Tags to configure in the resource. | -| `writeAccessResourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed linked service. | -| `resourceGroupName` | string | The resource group where the linked service is deployed. | -| `resourceId` | string | The resource ID of the deployed linked service. | diff --git a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json b/modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/linkedServices/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/readme.md b/modules/Microsoft.OperationalInsights/workspaces/readme.md deleted file mode 100644 index 7ab03028f1..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/readme.md +++ /dev/null @@ -1,807 +0,0 @@ -# Log Analytics Workspaces `[Microsoft.OperationalInsights/workspaces]` - -This template deploys a log analytics workspace. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.OperationalInsights/workspaces` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces) | -| `Microsoft.OperationalInsights/workspaces/dataSources` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) | -| `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | -| `Microsoft.OperationalInsights/workspaces/savedSearches` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/savedSearches) | -| `Microsoft.OperationalInsights/workspaces/storageInsightConfigs` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/storageInsightConfigs) | -| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Log Analytics workspace. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dailyQuotaGb` | int | `-1` | | The workspace daily quota for ingestion. | -| `dataRetention` | int | `365` | | Number of days data will be retained for. | -| `dataSources` | _[dataSources](dataSources/readme.md)_ array | `[]` | | LAW data sources to configure. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[Audit]` | `[Audit]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the log analytics workspace. | -| `linkedServices` | _[linkedServices](linkedServices/readme.md)_ array | `[]` | | List of services to be linked. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Enabled, Disabled]` | The network access type for accessing Log Analytics ingestion. | -| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Enabled, Disabled]` | The network access type for accessing Log Analytics query. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `savedSearches` | _[savedSearches](savedSearches/readme.md)_ array | `[]` | | Kusto Query Language searches to save. | -| `serviceTier` | string | `'PerGB2018'` | `[Free, Standalone, PerNode, PerGB2018]` | Service Tier: PerGB2018, Free, Standalone, PerGB or PerNode. | -| `storageInsightsConfigs` | array | `[]` | | List of storage accounts to be read by the workspace. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | - - -### Parameter Usage: `gallerySolutions` - -Ref cross-referenced _[solutions](../../Microsoft.OperationsManagement/solutions/readme.md)_ - -

- -Parameter JSON format - -```json -"gallerySolutions": { - "value": [ - { - "name": "AgentHealthAssessment", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AlertManagement", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AntiMalware", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureActivity", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureAutomation", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureCdnCoreAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureDataFactoryAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureNSGAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "AzureSQLAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ChangeTracking", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Containers", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "InfrastructureInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "KeyVaultAnalytics", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "LogicAppsManagement", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "NetworkMonitoring", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Security", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "SecurityCenterFree", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ServiceFabric", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "ServiceMap", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "SQLAssessment", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "Updates", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "VMInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "WireData2", - "product": "OMSGallery", - "publisher": "Microsoft" - }, - { - "name": "WaaSUpdateInsights", - "product": "OMSGallery", - "publisher": "Microsoft" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -gallerySolutions: [ - { - name: 'AgentHealthAssessment' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AlertManagement' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AntiMalware' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureActivity' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureAutomation' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureCdnCoreAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureDataFactoryAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureNSGAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'AzureSQLAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ChangeTracking' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Containers' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'InfrastructureInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'KeyVaultAnalytics' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'LogicAppsManagement' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'NetworkMonitoring' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Security' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'SecurityCenterFree' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ServiceFabric' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'ServiceMap' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'SQLAssessment' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'Updates' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'VMInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'WireData2' - product: 'OMSGallery' - publisher: 'Microsoft' - } - { - name: 'WaaSUpdateInsights' - product: 'OMSGallery' - publisher: 'Microsoft' - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `logAnalyticsWorkspaceId` | string | The ID associated with the workspace. | -| `name` | string | The name of the deployed log analytics workspace. | -| `resourceGroupName` | string | The resource group of the deployed log analytics workspace. | -| `resourceId` | string | The resource ID of the deployed log analytics workspace. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-law-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module workspaces './Microsoft.OperationalInsights/workspaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-workspaces' - params: { - name: '<>-az-law-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-law-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "publicNetworkAccessForIngestion": { - "value": "Disabled" - }, - "publicNetworkAccessForQuery": { - "value": "Disabled" - }, - "dailyQuotaGb": { - "value": 10 - }, - "storageInsightsConfigs": { - "value": [ - { - "storageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsalaw001", - "tables": [ - "WADWindowsEventLogsTable", - "WADETWEventTable", - "WADServiceFabric*EventTable", - "LinuxsyslogVer2v0" - ] - } - ] - }, - "linkedServices": { - "value": [ - { - "name": "Automation", - "resourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Automation/automationAccounts/adp-<>-az-aut-x-001" - } - ] - }, - "savedSearches": { - "value": [ - { - "name": "VMSSQueries", - "displayName": "VMSS Instance Count2", - "category": "VDC Saved Searches", - "query": "Event | where Source == 'ServiceFabricNodeBootstrapAgent' | summarize AggregatedValue = count() by Computer" - } - ] - }, - "dataSources": { - "value": [ - { - "name": "applicationEvent", - "kind": "WindowsEvent", - "eventLogName": "Application", - "eventTypes": [ - { - "eventType": "Error" - }, - { - "eventType": "Warning" - }, - { - "eventType": "Information" - } - ] - }, - { - "name": "windowsPerfCounter1", - "kind": "WindowsPerformanceCounter", - "objectName": "Processor", - "instanceName": "*", - "intervalSeconds": 60, - "counterName": "% Processor Time" - }, - { - "name": "sampleIISLog1", - "kind": "IISLogs", - "state": "OnPremiseEnabled" - }, - { - "name": "sampleSyslog1", - "kind": "LinuxSyslog", - "syslogName": "kern", - "syslogSeverities": [ - { - "severity": "emerg" - }, - { - "severity": "alert" - }, - { - "severity": "crit" - }, - { - "severity": "err" - }, - { - "severity": "warning" - } - ] - }, - { - "name": "sampleSyslogCollection1", - "kind": "LinuxSyslogCollection", - "state": "Enabled" - }, - { - "name": "sampleLinuxPerf1", - "kind": "LinuxPerformanceObject", - "syslogSeverities": [ - { - "counterName": "% Used Inodes" - }, - { - "counterName": "Free Megabytes" - }, - { - "counterName": "% Used Space" - }, - { - "counterName": "Disk Transfers/sec" - }, - { - "counterName": "Disk Reads/sec" - }, - { - "counterName": "Disk Writes/sec" - } - ], - "objectName": "Logical Disk", - "instanceName": "*", - "intervalSeconds": 10 - }, - { - "name": "sampleLinuxPerfCollection1", - "kind": "LinuxPerformanceCollection", - "state": "Enabled" - } - ] - }, - "gallerySolutions": { - "value": [ - { - "name": "AzureAutomation", - "product": "OMSGallery", - "publisher": "Microsoft" - } - ] - }, - "useResourcePermissions": { - "value": true - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module workspaces './Microsoft.OperationalInsights/workspaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-workspaces' - params: { - name: '<>-az-law-x-001' - lock: 'CanNotDelete' - publicNetworkAccessForIngestion: 'Disabled' - publicNetworkAccessForQuery: 'Disabled' - dailyQuotaGb: 10 - storageInsightsConfigs: [ - { - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsalaw001' - tables: [ - 'WADWindowsEventLogsTable' - 'WADETWEventTable' - 'WADServiceFabric*EventTable' - 'LinuxsyslogVer2v0' - ] - } - ] - linkedServices: [ - { - name: 'Automation' - resourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Automation/automationAccounts/adp-<>-az-aut-x-001' - } - ] - savedSearches: [ - { - name: 'VMSSQueries' - displayName: 'VMSS Instance Count2' - category: 'VDC Saved Searches' - query: 'Event | where Source == 'ServiceFabricNodeBootstrapAgent' | summarize AggregatedValue = count() by Computer' - } - ] - dataSources: [ - { - name: 'applicationEvent' - kind: 'WindowsEvent' - eventLogName: 'Application' - eventTypes: [ - { - eventType: 'Error' - } - { - eventType: 'Warning' - } - { - eventType: 'Information' - } - ] - } - { - name: 'windowsPerfCounter1' - kind: 'WindowsPerformanceCounter' - objectName: 'Processor' - instanceName: '*' - intervalSeconds: 60 - counterName: '% Processor Time' - } - { - name: 'sampleIISLog1' - kind: 'IISLogs' - state: 'OnPremiseEnabled' - } - { - name: 'sampleSyslog1' - kind: 'LinuxSyslog' - syslogName: 'kern' - syslogSeverities: [ - { - severity: 'emerg' - } - { - severity: 'alert' - } - { - severity: 'crit' - } - { - severity: 'err' - } - { - severity: 'warning' - } - ] - } - { - name: 'sampleSyslogCollection1' - kind: 'LinuxSyslogCollection' - state: 'Enabled' - } - { - name: 'sampleLinuxPerf1' - kind: 'LinuxPerformanceObject' - syslogSeverities: [ - { - counterName: '% Used Inodes' - } - { - counterName: 'Free Megabytes' - } - { - counterName: '% Used Space' - } - { - counterName: 'Disk Transfers/sec' - } - { - counterName: 'Disk Reads/sec' - } - { - counterName: 'Disk Writes/sec' - } - ] - objectName: 'Logical Disk' - instanceName: '*' - intervalSeconds: 10 - } - { - name: 'sampleLinuxPerfCollection1' - kind: 'LinuxPerformanceCollection' - state: 'Enabled' - } - ] - gallerySolutions: [ - { - name: 'AzureAutomation' - product: 'OMSGallery' - publisher: 'Microsoft' - } - ] - useResourcePermissions: true - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep deleted file mode 100644 index aed7b98e04..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/deploy.bicep +++ /dev/null @@ -1,73 +0,0 @@ -@description('Conditional. The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.') -param logAnalyticsWorkspaceName string - -@description('Required. Name of the saved search.') -param name string - -@description('Required. Display name for the search.') -param displayName string - -@description('Required. Query category.') -param category string - -@description('Required. Kusto Query to be stored.') -param query string - -@description('Optional. Tags to configure in the resource.') -param tags array = [] - -@description('Optional. The function alias if query serves as a function.') -param functionAlias string = '' - -@description('Optional. The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions.') -param functionParameters string = '' - -@description('Optional. The version number of the query language.') -param version int = 2 - -@description('Optional. The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag.') -param etag string = '*' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource workspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource savedSearch 'Microsoft.OperationalInsights/workspaces/savedSearches@2020-08-01' = { - name: name - parent: workspace - //etag: etag // According to API, the variable should be here, but it doesn't work here. - properties: { - etag: etag - tags: tags - displayName: displayName - category: category - query: query - functionAlias: functionAlias - functionParameters: functionParameters - version: version - } -} - -@description('The resource ID of the deployed saved search.') -output resourceId string = savedSearch.id - -@description('The resource group where the saved search is deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployed saved search.') -output name string = savedSearch.name diff --git a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md deleted file mode 100644 index c9abffff23..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/readme.md +++ /dev/null @@ -1,90 +0,0 @@ -# Operationalinsights Workspaces Saved Searches `[Microsoft.OperationalInsights/workspaces/savedSearches]` - -This template deploys a saved search for a Log Analytics workspace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.OperationalInsights/workspaces/savedSearches` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/savedSearches) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `category` | string | Query category. | -| `displayName` | string | Display name for the search. | -| `name` | string | Name of the saved search. | -| `query` | string | Kusto Query to be stored. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `etag` | string | `'*'` | The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. | -| `functionAlias` | string | `''` | The function alias if query serves as a function. | -| `functionParameters` | string | `''` | The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. | -| `tags` | array | `[]` | Tags to configure in the resource. | -| `version` | int | `2` | The version number of the query language. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed saved search. | -| `resourceGroupName` | string | The resource group where the saved search is deployed. | -| `resourceId` | string | The resource ID of the deployed saved search. | diff --git a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json b/modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/savedSearches/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep deleted file mode 100644 index 4ded2de2f2..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/deploy.bicep +++ /dev/null @@ -1,63 +0,0 @@ -@description('Conditional. The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.') -param logAnalyticsWorkspaceName string - -@description('Optional. The name of the storage insights config.') -param name string = '${last(split(storageAccountId, '/'))}-stinsconfig' - -@description('Required. The Azure Resource Manager ID of the storage account resource.') -param storageAccountId string - -@description('Optional. The names of the blob containers that the workspace should read.') -param containers array = [] - -@description('Optional. The names of the Azure tables that the workspace should read.') -param tables array = [] - -@description('Optional. Tags to configure in the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: last(split(storageAccountId, '/')) -} - -resource workspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = { - name: logAnalyticsWorkspaceName -} - -resource storageinsightconfig 'Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2020-08-01' = { - name: name - parent: workspace - tags: tags - properties: { - containers: containers - tables: tables - storageAccount: { - id: storageAccountId - key: storageAccount.listKeys().keys[0].value - } - } -} - -@description('The resource ID of the deployed storage insights configuration.') -output resourceId string = storageinsightconfig.id - -@description('The resource group where the storage insight configuration is deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the storage insights configuration.') -output name string = storageinsightconfig.name diff --git a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md deleted file mode 100644 index 8d5830e233..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/readme.md +++ /dev/null @@ -1,86 +0,0 @@ -# Operationalinsights Workspaces Storage Insight Configs `[Microsoft.OperationalInsights/workspaces/storageInsightConfigs]` - -This template deploys a storage insights configuration for a Log Analytics workspace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.OperationalInsights/workspaces/storageInsightConfigs` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/storageInsightConfigs) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountId` | string | The Azure Resource Manager ID of the storage account resource. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `containers` | array | `[]` | The names of the blob containers that the workspace should read. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[format('{0}-stinsconfig', last(split(parameters('storageAccountId'), '/')))]` | The name of the storage insights config. | -| `tables` | array | `[]` | The names of the Azure tables that the workspace should read. | -| `tags` | object | `{object}` | Tags to configure in the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the storage insights configuration. | -| `resourceGroupName` | string | The resource group where the storage insight configuration is deployed. | -| `resourceId` | string | The resource ID of the deployed storage insights configuration. | diff --git a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json b/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/storageInsightConfigs/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.OperationalInsights/workspaces/version.json b/modules/Microsoft.OperationalInsights/workspaces/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.OperationalInsights/workspaces/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json deleted file mode 100644 index 6844bb4688..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Updates" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - } - } -} diff --git a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json deleted file mode 100644 index c7dcb66400..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/ms.parameters.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "AzureAutomation" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - }, - "product": { - "value": "OMSGallery" - }, - "publisher": { - "value": "Microsoft" - } - } -} diff --git a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json b/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json deleted file mode 100644 index a040bf8d2f..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/.deploymentTests/nonms.parameters.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "nonmsTestSolution" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - }, - "product": { - "value": "nonmsTestSolutionProduct" - }, - "publisher": { - "value": "nonmsTestSolutionPublisher" - } - } -} diff --git a/modules/Microsoft.OperationsManagement/solutions/deploy.bicep b/modules/Microsoft.OperationsManagement/solutions/deploy.bicep deleted file mode 100644 index 3438041ddd..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/deploy.bicep +++ /dev/null @@ -1,63 +0,0 @@ -@description('Required. Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`.') -param name string - -@description('Required. Name of the Log Analytics workspace where the solution will be deployed/enabled.') -param logAnalyticsWorkspaceName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive.') -param product string = 'OMSGallery' - -@description('Optional. The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`.') -param publisher string = 'Microsoft' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { - name: logAnalyticsWorkspaceName -} - -var solutionName = publisher == 'Microsoft' ? '${name}(${logAnalyticsWorkspace.name})' : name - -var solutionProduct = publisher == 'Microsoft' ? 'OMSGallery/${name}' : product - -resource solution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview' = { - name: solutionName - location: location - properties: { - workspaceResourceId: logAnalyticsWorkspace.id - } - plan: { - name: solutionName - promotionCode: '' - product: solutionProduct - publisher: publisher - } -} - -@description('The name of the deployed solution.') -output name string = solution.name - -@description('The resource ID of the deployed solution.') -output resourceId string = solution.id - -@description('The resource group where the solution is deployed.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = solution.location diff --git a/modules/Microsoft.OperationsManagement/solutions/readme.md b/modules/Microsoft.OperationsManagement/solutions/readme.md deleted file mode 100644 index f3f67ea393..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/readme.md +++ /dev/null @@ -1,180 +0,0 @@ -# OperationsManagement Solutions `[Microsoft.OperationsManagement/solutions]` - -This module deploys OperationsManagement Solutions. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceName` | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. | -| `name` | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. | -| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed solution. | -| `resourceGroupName` | string | The resource group where the solution is deployed. | -| `resourceId` | string | The resource ID of the deployed solution. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "Updates" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-solutions' - params: { - name: 'Updates' - logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "AzureAutomation" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - }, - "product": { - "value": "OMSGallery" - }, - "publisher": { - "value": "Microsoft" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-solutions' - params: { - name: 'AzureAutomation' - logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' - product: 'OMSGallery' - publisher: 'Microsoft' - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "nonmsTestSolution" - }, - "logAnalyticsWorkspaceName": { - "value": "adp-<>-az-law-sol-001" - }, - "product": { - "value": "nonmsTestSolutionProduct" - }, - "publisher": { - "value": "nonmsTestSolutionPublisher" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module solutions './Microsoft.OperationsManagement/solutions/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-solutions' - params: { - name: 'nonmsTestSolution' - logAnalyticsWorkspaceName: 'adp-<>-az-law-sol-001' - product: 'nonmsTestSolutionProduct' - publisher: 'nonmsTestSolutionPublisher' - } -} -``` - -
-

diff --git a/modules/Microsoft.OperationsManagement/solutions/version.json b/modules/Microsoft.OperationsManagement/solutions/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.OperationsManagement/solutions/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index a16c2390fa..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,60 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a795c7a0-d4a2-40c1-ae25-d81f01202912') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Site Recovery Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'dbaa88c4-0c30-4179-9fb3-46319faa6149') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(rsv.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: rsv -}] diff --git a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json deleted file mode 100644 index 53bc617617..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/dr.parameters.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-dr-001" - }, - "replicationFabrics": { - "value": [ - { - "location": "NorthEurope", - "replicationContainers": [ - { - "name": "ne-container1", - "replicationContainerMappings": [ - { - "targetProtectionContainerId": "/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-min-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container2", - "policyName": "Default_values", - "targetContainerName": "pluto" - } - ] - }, - { - "name": "ne-container2", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "WE-2", - "targetContainerName": "we-container1" - } - ] - } - ] - }, - { - "name": "WE-2", - "location": "WestEurope", - "replicationContainers": [ - { - "name": "we-container1", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "NorthEurope", - "targetContainerName": "ne-container2" - } - ] - } - ] - } - ] - }, - "replicationPolicies": { - "value": [ - { - "name": "Default_values" - }, - { - "name": "Custom_values", - "appConsistentFrequencyInMinutes": 240, - "crashConsistentFrequencyInMinutes": 7, - "multiVmSyncStatus": "Disable", - "recoveryPointHistory": 2880 - } - ] - } - } -} diff --git a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json deleted file mode 100644 index 81ba350a36..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-min-001" - } - } -} diff --git a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json b/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json deleted file mode 100644 index 67f01a8bb6..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/.deploymentTests/parameters.json +++ /dev/null @@ -1,289 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backupConfig": { - "value": { - "enhancedSecurityState": "Disabled", - "softDeleteFeatureState": "Disabled" - } - }, - "backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - }, - { - "name": "sqlpolicy", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 - } - }, - { - "name": "filesharepolicy", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - } - ] - }, - "backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - } - } -} diff --git a/modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep deleted file mode 100644 index 195fab06f3..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupConfig/deploy.bicep +++ /dev/null @@ -1,88 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Optional. Name of the Azure Recovery Service Vault Backup Policy.') -param name string = 'vaultconfig' - -@description('Optional. Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations.') -@allowed([ - 'Disabled' - 'Enabled' -]) -param enhancedSecurityState string = 'Enabled' - -@description('Optional. ResourceGuard Operation Requests.') -param resourceGuardOperationRequests array = [] - -@description('Optional. Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes.') -@allowed([ - 'Disabled' - 'Enabled' -]) -param softDeleteFeatureState string = 'Enabled' - -@description('Optional. Storage type.') -@allowed([ - 'GeoRedundant' - 'LocallyRedundant' - 'ReadAccessGeoZoneRedundant' - 'ZoneRedundant' -]) -param storageModelType string = 'GeoRedundant' - -@description('Optional. Storage type.') -@allowed([ - 'GeoRedundant' - 'LocallyRedundant' - 'ReadAccessGeoZoneRedundant' - 'ZoneRedundant' -]) -param storageType string = 'GeoRedundant' - -@description('Optional. Once a machine is registered against a resource, the storageTypeState is always Locked.') -@allowed([ - 'Locked' - 'Unlocked' -]) -param storageTypeState string = 'Locked' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { - name: recoveryVaultName -} - -resource backupConfig 'Microsoft.RecoveryServices/vaults/backupconfig@2021-10-01' = { - name: name - parent: rsv - properties: { - enhancedSecurityState: enhancedSecurityState - resourceGuardOperationRequests: resourceGuardOperationRequests - softDeleteFeatureState: softDeleteFeatureState - storageModelType: storageModelType - storageType: storageType - storageTypeState: storageTypeState - } -} - -@description('The name of the backup config.') -output name string = backupConfig.name - -@description('The resource ID of the backup config.') -output resourceId string = backupConfig.id - -@description('The name of the resource group the backup config was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md deleted file mode 100644 index 5e4530261b..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupConfig/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# Recovery Services Vault Backup Config `[Microsoft.RecoveryServices/vaults/backupconfig]` - -This module deploys recovery services vault backup config. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/backupconfig` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-10-01/vaults/backupconfig) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enhancedSecurityState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. | -| `name` | string | `'vaultconfig'` | | Name of the Azure Recovery Service Vault Backup Policy. | -| `resourceGuardOperationRequests` | array | `[]` | | ResourceGuard Operation Requests. | -| `softDeleteFeatureState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. | -| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. | -| `storageType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. | -| `storageTypeState` | string | `'Locked'` | `[Locked, Unlocked]` | Once a machine is registered against a resource, the storageTypeState is always Locked. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the backup config. | -| `resourceGroupName` | string | The name of the resource group the backup config was created in. | -| `resourceId` | string | The resource ID of the backup config. | diff --git a/modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json b/modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupConfig/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep deleted file mode 100644 index 6c6360d4c5..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/deploy.bicep +++ /dev/null @@ -1,42 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Required. Name of the Azure Recovery Service Vault Backup Policy.') -param name string - -@description('Required. Configuration of the Azure Recovery Service Vault Backup Policy.') -param backupPolicyProperties object - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { - name: recoveryVaultName -} - -resource backupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2021-08-01' = { - name: name - parent: rsv - properties: backupPolicyProperties -} - -@description('The name of the backup policy.') -output name string = backupPolicy.name - -@description('The resource ID of the backup policy.') -output resourceId string = backupPolicy.id - -@description('The name of the resource group the backup policy was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md deleted file mode 100644 index 23d8bd9f15..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/readme.md +++ /dev/null @@ -1,224 +0,0 @@ -# RecoveryServicesVaultsBackupPolicies `[Microsoft.RecoveryServices/vaults/backupPolicies]` - -This module deploys a Backup Policy for a Recovery Services Vault - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/backupPolicies` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `backupPolicyProperties` | object | Configuration of the Azure Recovery Service Vault Backup Policy. | -| `name` | string | Name of the Azure Recovery Service Vault Backup Policy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | - - -### Parameter Usage: `backupPolicyProperties` - -Object continaining the configuration for backup policies. It needs to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows a VM backup policy. - -

- -Parameter JSON format - -```json -"backupPolicyProperties": { - "value": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } -} -``` - -
- - -
- -Bicep format - -```bicep -backupPolicyProperties: { - backupManagementType: 'AzureIaasVM' - instantRPDetails: {} - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T07:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 180 - durationType: 'Days' - } - } - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 12 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - instantRpRetentionRangeInDays: 2 - timeZone: 'UTC' - protectedItemsCount: 0 -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the backup policy. | -| `resourceGroupName` | string | The name of the resource group the backup policy was created in. | -| `resourceId` | string | The resource ID of the backup policy. | diff --git a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json b/modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep deleted file mode 100644 index b6e4c37347..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/deploy.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Optional. The name of the backup storage config.') -param name string = 'vaultstorageconfig' - -@description('Optional. Change Vault Storage Type (Works if vault has not registered any backup instance).') -@allowed([ - 'GeoRedundant' - 'LocallyRedundant' - 'ReadAccessGeoZoneRedundant' - 'ZoneRedundant' -]) -param storageModelType string = 'GeoRedundant' - -@description('Optional. Opt in details of Cross Region Restore feature.') -param crossRegionRestoreFlag bool = true - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { - name: recoveryVaultName -} - -resource backupStorageConfig 'Microsoft.RecoveryServices/vaults/backupstorageconfig@2021-08-01' = { - name: name - parent: rsv - properties: { - storageModelType: storageModelType - crossRegionRestoreFlag: crossRegionRestoreFlag - } -} - -@description('The name of the backup storage config.') -output name string = backupStorageConfig.name - -@description('The resource ID of the backup storage config.') -output resourceId string = backupStorageConfig.id - -@description('The name of the Resource Group the backup storage configuration was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md deleted file mode 100644 index 47b0868c02..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/readme.md +++ /dev/null @@ -1,38 +0,0 @@ -# RecoveryServicesVaultsBackupStorageConfig `[Microsoft.RecoveryServices/vaults/backupstorageconfig]` - -This module deploys the Backup Storage Configuration for the Recovery Service Vault -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/backupstorageconfig` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupstorageconfig) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `crossRegionRestoreFlag` | bool | `True` | | Opt in details of Cross Region Restore feature. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'vaultstorageconfig'` | | The name of the backup storage config. | -| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Change Vault Storage Type (Works if vault has not registered any backup instance). | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the backup storage config. | -| `resourceGroupName` | string | The name of the Resource Group the backup storage configuration was created in. | -| `resourceId` | string | The resource ID of the backup storage config. | diff --git a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json b/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/backupStorageConfig/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep deleted file mode 100644 index bf14eeb3cb..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep +++ /dev/null @@ -1,288 +0,0 @@ -@description('Required. Name of the Azure Recovery Service Vault.') -param name string - -@description('Optional. The storage configuration for the Azure Recovery Service Vault.') -param backupStorageConfig object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. List of all backup policies.') -param backupPolicies array = [] - -@description('Optional. The backup configuration.') -param backupConfig object = {} - -@description('Optional. List of all protection containers.') -@minLength(0) -param protectionContainers array = [] - -@description('Optional. List of all replication fabrics.') -@minLength(0) -param replicationFabrics array = [] - -@description('Optional. List of all replication policies.') -@minLength(0) -param replicationPolicies array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Tags of the Recovery Service Vault resource.') -param tags object = {} - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'AzureBackupReport' - 'CoreAzureBackup' - 'AddonAzureBackupJobs' - 'AddonAzureBackupAlerts' - 'AddonAzureBackupPolicy' - 'AddonAzureBackupStorage' - 'AddonAzureBackupProtectedInstance' - 'AzureSiteRecoveryJobs' - 'AzureSiteRecoveryEvents' - 'AzureSiteRecoveryReplicatedItems' - 'AzureSiteRecoveryReplicationStats' - 'AzureSiteRecoveryRecoveryPoints' - 'AzureSiteRecoveryReplicationDataUploadRate' - 'AzureSiteRecoveryProtectedDiskDataChurn' -]) -param diagnosticLogCategoriesToEnable array = [ - 'AzureBackupReport' - 'CoreAzureBackup' - 'AddonAzureBackupJobs' - 'AddonAzureBackupAlerts' - 'AddonAzureBackupPolicy' - 'AddonAzureBackupStorage' - 'AddonAzureBackupProtectedInstance' - 'AzureSiteRecoveryJobs' - 'AzureSiteRecoveryEvents' - 'AzureSiteRecoveryReplicatedItems' - 'AzureSiteRecoveryReplicationStats' - 'AzureSiteRecoveryRecoveryPoints' - 'AzureSiteRecoveryReplicationDataUploadRate' - 'AzureSiteRecoveryProtectedDiskDataChurn' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Health' -]) -param diagnosticMetricsToEnable array = [ - 'Health' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource rsv 'Microsoft.RecoveryServices/vaults@2022-02-01' = { - name: name - location: location - tags: tags - identity: any(identity) - sku: { - name: 'RS0' - tier: 'Standard' - } - properties: {} -} - -module rsv_replicationFabrics 'replicationFabrics/deploy.bicep' = [for (replicationFabric, index) in replicationFabrics: { - name: '${uniqueString(deployment().name, location)}-RSV-Fabric-${index}' - params: { - recoveryVaultName: rsv.name - name: contains(replicationFabric, 'name') ? replicationFabric.name : replicationFabric.location - location: replicationFabric.location - replicationContainers: contains(replicationFabric, 'replicationContainers') ? replicationFabric.replicationContainers : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - rsv_replicationPolicies - ] -}] - -module rsv_replicationPolicies 'replicationPolicies/deploy.bicep' = [for (replicationPolicy, index) in replicationPolicies: { - name: '${uniqueString(deployment().name, location)}-RSV-Policy-${index}' - params: { - name: replicationPolicy.name - recoveryVaultName: rsv.name - appConsistentFrequencyInMinutes: contains(replicationPolicy, 'appConsistentFrequencyInMinutes') ? replicationPolicy.appConsistentFrequencyInMinutes : 60 - crashConsistentFrequencyInMinutes: contains(replicationPolicy, 'crashConsistentFrequencyInMinutes') ? replicationPolicy.crashConsistentFrequencyInMinutes : 5 - multiVmSyncStatus: contains(replicationPolicy, 'multiVmSyncStatus') ? replicationPolicy.multiVmSyncStatus : 'Enable' - recoveryPointHistory: contains(replicationPolicy, 'recoveryPointHistory') ? replicationPolicy.recoveryPointHistory : 1440 - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module rsv_backupStorageConfiguration 'backupStorageConfig/deploy.bicep' = if (!empty(backupStorageConfig)) { - name: '${uniqueString(deployment().name, location)}-RSV-BackupStorageConfig' - params: { - recoveryVaultName: rsv.name - storageModelType: backupStorageConfig.storageModelType - crossRegionRestoreFlag: backupStorageConfig.crossRegionRestoreFlag - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module rsv_protectionContainers 'protectionContainers/deploy.bicep' = [for (protectionContainer, index) in protectionContainers: { - name: '${uniqueString(deployment().name, location)}-RSV-ProtectionContainers-${index}' - params: { - recoveryVaultName: rsv.name - name: protectionContainer.name - sourceResourceId: protectionContainer.sourceResourceId - friendlyName: protectionContainer.friendlyName - backupManagementType: protectionContainer.backupManagementType - containerType: protectionContainer.containerType - enableDefaultTelemetry: enableReferencedModulesTelemetry - protectedItems: contains(protectionContainer, 'protectedItems') ? protectionContainer.protectedItems : [] - location: location - } -}] - -module rsv_backupPolicies 'backupPolicies/deploy.bicep' = [for (backupPolicy, index) in backupPolicies: { - name: '${uniqueString(deployment().name, location)}-RSV-BackupPolicy-${index}' - params: { - recoveryVaultName: rsv.name - name: backupPolicy.name - backupPolicyProperties: backupPolicy.properties - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module rsv_backupConfig 'backupConfig/deploy.bicep' = if (!empty(backupConfig)) { - name: '${uniqueString(deployment().name, location)}-RSV-BackupConfig' - params: { - recoveryVaultName: rsv.name - name: contains(backupConfig, 'name') ? backupConfig.name : 'vaultconfig' - enhancedSecurityState: contains(backupConfig, 'enhancedSecurityState') ? backupConfig.enhancedSecurityState : 'Enabled' - resourceGuardOperationRequests: contains(backupConfig, 'resourceGuardOperationRequests') ? backupConfig.resourceGuardOperationRequests : [] - softDeleteFeatureState: contains(backupConfig, 'softDeleteFeatureState') ? backupConfig.softDeleteFeatureState : 'Enabled' - storageModelType: contains(backupConfig, 'storageModelType') ? backupConfig.storageModelType : 'GeoRedundant' - storageType: contains(backupConfig, 'storageType') ? backupConfig.storageType : 'GeoRedundant' - storageTypeState: contains(backupConfig, 'storageTypeState') ? backupConfig.storageTypeState : 'Locked' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -resource rsv_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${rsv.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: rsv -} - -resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: rsv -} - -module rsv_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-RSV-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: rsv.id - } -}] - -@description('The resource ID of the recovery services vault.') -output resourceId string = rsv.id - -@description('The name of the resource group the recovery services vault was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The Name of the recovery services vault.') -output name string = rsv.name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(rsv.identity, 'principalId') ? rsv.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = rsv.location diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep deleted file mode 100644 index cb49b30499..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/deploy.bicep +++ /dev/null @@ -1,98 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Required. Name of the Azure Recovery Service Vault Protection Container.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Backup management type to execute the current Protection Container job.') -@allowed([ - 'AzureBackupServer' - 'AzureIaasVM' - 'AzureSql' - 'AzureStorage' - 'AzureWorkload' - 'DPM' - 'DefaultBackup' - 'Invalid' - 'MAB' - '' -]) -param backupManagementType string = '' - -@description('Optional. Resource ID of the target resource for the Protection Container.') -param sourceResourceId string = '' - -@description('Optional. Friendly name of the Protection Container.') -param friendlyName string = '' - -@description('Optional. Protected items to register in the container.') -param protectedItems array = [] - -@description('Optional. Type of the container.') -@allowed([ - 'AzureBackupServerContainer' - 'AzureSqlContainer' - 'GenericContainer' - 'Microsoft.ClassicCompute/virtualMachines' - 'Microsoft.Compute/virtualMachines' - 'SQLAGWorkLoadContainer' - 'StorageContainer' - 'VMAppContainer' - 'Windows' - '' -]) -param containerType string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource protectionContainer 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers@2021-08-01' = { - name: '${recoveryVaultName}/Azure/${name}' - properties: { - sourceResourceId: !empty(sourceResourceId) ? sourceResourceId : null - friendlyName: !empty(friendlyName) ? friendlyName : null - backupManagementType: !empty(backupManagementType) ? backupManagementType : null - containerType: !empty(containerType) ? any(containerType) : null - } -} - -module protectionContainer_protectedItems 'protectedItems/deploy.bicep' = [for (protectedItem, index) in protectedItems: { - name: '${uniqueString(deployment().name, location)}-ProtectedItem-${index}' - params: { - policyId: protectedItem.policyId - name: protectedItem.name - protectedItemType: protectedItem.protectedItemType - protectionContainerName: name - recoveryVaultName: recoveryVaultName - sourceResourceId: protectedItem.sourceResourceId - location: location - enableDefaultTelemetry: enableDefaultTelemetry - } - dependsOn: [ - protectionContainer - ] -}] - -@description('The name of the Resource Group the Protection Container was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the Protection Container.') -output resourceId string = protectionContainer.id - -@description('The Name of the Protection Container.') -output name string = protectionContainer.name diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep deleted file mode 100644 index bc2b5c610d..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Required. Name of the resource.') -param name string - -@description('Conditional. Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment.') -param protectionContainerName string - -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@allowed([ - 'AzureFileShareProtectedItem' - 'AzureVmWorkloadSAPAseDatabase' - 'AzureVmWorkloadSAPHanaDatabase' - 'AzureVmWorkloadSQLDatabase' - 'DPMProtectedItem' - 'GenericProtectedItem' - 'MabFileFolderProtectedItem' - 'Microsoft.ClassicCompute/virtualMachines' - 'Microsoft.Compute/virtualMachines' - 'Microsoft.Sql/servers/databases' -]) -@description('Required. The backup item type.') -param protectedItemType string - -@description('Required. ID of the backup policy with which this item is backed up.') -param policyId string - -@description('Required. Resource ID of the resource to back up.') -param sourceResourceId string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource protectedItem 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems@2021-06-01' = { - name: '${recoveryVaultName}/Azure/${protectionContainerName}/${name}' - location: location - properties: { - protectedItemType: any(protectedItemType) - policyId: policyId - sourceResourceId: sourceResourceId - } -} - -@description('The name of the Resource Group the protected item was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the protected item.') -output resourceId string = protectedItem.id - -@description('The Name of the protected item.') -output name string = protectedItem.name diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md deleted file mode 100644 index fb3a8f11bc..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/readme.md +++ /dev/null @@ -1,46 +0,0 @@ -# Recovery Service Vault Protection Container Protected Item `[Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems]` - -This module deploys a Protection Container Protected Item for a Recovery Services Vault - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the resource. | -| `policyId` | string | | ID of the backup policy with which this item is backed up. | -| `protectedItemType` | string | `[AzureFileShareProtectedItem, AzureVmWorkloadSAPAseDatabase, AzureVmWorkloadSAPHanaDatabase, AzureVmWorkloadSQLDatabase, DPMProtectedItem, GenericProtectedItem, MabFileFolderProtectedItem, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, Microsoft.Sql/servers/databases]` | The backup item type. | -| `sourceResourceId` | string | | Resource ID of the resource to back up. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `protectionContainerName` | string | Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The Name of the protected item. | -| `resourceGroupName` | string | The name of the Resource Group the protected item was created in. | -| `resourceId` | string | The resource ID of the protected item. | diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/protectedItems/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md deleted file mode 100644 index 5ca0d767ef..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/readme.md +++ /dev/null @@ -1,48 +0,0 @@ -# RecoveryServicesProtectionContainer `[Microsoft.RecoveryServices/vaults/protectionContainers]` - -This module deploys a Protection Container for a Recovery Services Vault - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Recovery Service Vault Protection Container. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupManagementType` | string | `''` | `[AzureBackupServer, AzureIaasVM, AzureSql, AzureStorage, AzureWorkload, DPM, DefaultBackup, Invalid, MAB, ]` | Backup management type to execute the current Protection Container job. | -| `containerType` | string | `''` | `[AzureBackupServerContainer, AzureSqlContainer, GenericContainer, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, SQLAGWorkLoadContainer, StorageContainer, VMAppContainer, Windows, ]` | Type of the container. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `friendlyName` | string | `''` | | Friendly name of the Protection Container. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `protectedItems` | _[protectedItems](protectedItems/readme.md)_ array | `[]` | | Protected items to register in the container. | -| `sourceResourceId` | string | `''` | | Resource ID of the target resource for the Protection Container. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The Name of the Protection Container. | -| `resourceGroupName` | string | The name of the Resource Group the Protection Container was created in. | -| `resourceId` | string | The resource ID of the Protection Container. | diff --git a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json b/modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/protectionContainers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md deleted file mode 100644 index 22f06d96eb..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/readme.md +++ /dev/null @@ -1,1572 +0,0 @@ -# Recovery Services Vaults `[Microsoft.RecoveryServices/vaults]` - -This module deploys a recovery service vault. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.RecoveryServices/vaults` | [2022-02-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-02-01/vaults) | -| `Microsoft.RecoveryServices/vaults/backupconfig` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-10-01/vaults/backupconfig) | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupFabrics/protectionContainers) | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) | -| `Microsoft.RecoveryServices/vaults/backupPolicies` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupPolicies) | -| `Microsoft.RecoveryServices/vaults/backupstorageconfig` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-08-01/vaults/backupstorageconfig) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) | -| `Microsoft.RecoveryServices/vaults/replicationPolicies` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Recovery Service Vault. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupConfig` | _[backupConfig](backupConfig/readme.md)_ object | `{object}` | | The backup configuration. | -| `backupPolicies` | _[backupPolicies](backupPolicies/readme.md)_ array | `[]` | | List of all backup policies. | -| `backupStorageConfig` | _[backupStorageConfig](backupStorageConfig/readme.md)_ object | `{object}` | | The storage configuration for the Azure Recovery Service Vault. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | `[AzureBackupReport, CoreAzureBackup, AddonAzureBackupJobs, AddonAzureBackupAlerts, AddonAzureBackupPolicy, AddonAzureBackupStorage, AddonAzureBackupProtectedInstance, AzureSiteRecoveryJobs, AzureSiteRecoveryEvents, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationStats, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryProtectedDiskDataChurn]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Health]` | `[Health]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `protectionContainers` | _[protectionContainers](protectionContainers/readme.md)_ array | `[]` | | List of all protection containers. | -| `replicationFabrics` | _[replicationFabrics](replicationFabrics/readme.md)_ array | `[]` | | List of all replication fabrics. | -| `replicationPolicies` | _[replicationPolicies](replicationPolicies/readme.md)_ array | `[]` | | List of all replication policies. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -### Parameter Usage: `backupStorageConfig` - -

- -Parameter JSON format - -```json -"backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } -} -``` - -
- -
- -Bicep format - -```bicep -backupStorageConfig: { - value: { - storageModelType: 'GeoRedundant' - crossRegionRestoreFlag: true - } -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `backupPolicies` - -Array of backup policies. They need to be properly formatted and can be VM backup policies, SQL on VM backup policies or fileshare policies. The following example shows all three types of backup policies. - -

- -Parameter JSON format - -```json -"backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - }, - { - "name": "sqlpolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 - } - }, - { - "name": "filesharepolicy", - "type": "Microsoft.RecoveryServices/vaults/backupPolicies", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -backupPolicies: [ - { - name: 'VMpolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureIaasVM' - instantRPDetails: {} - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T07:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 180 - durationType: 'Days' - } - } - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 12 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - instantRpRetentionRangeInDays: 2 - timeZone: 'UTC' - protectedItemsCount: 0 - } - } - { - name: 'sqlpolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureWorkload' - workLoadType: 'SQLDataBase' - settings: { - timeZone: 'UTC' - issqlcompression: true - isCompression: true - } - subProtectionPolicy: [ - { - policyType: 'Full' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Sunday' - ] - scheduleRunTimes: [ - '2019-11-07T22:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 104 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - } - { - policyType: 'Differential' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Monday' - ] - scheduleRunTimes: [ - '2017-03-07T02:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - { - policyType: 'Log' - schedulePolicy: { - schedulePolicyType: 'LogSchedulePolicy' - scheduleFrequencyInMins: 120 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 15 - durationType: 'Days' - } - } - } - ] - protectedItemsCount: 0 - } - } - { - name: 'filesharepolicy' - type: 'Microsoft.RecoveryServices/vaults/backupPolicies' - properties: { - backupManagementType: 'AzureStorage' - workloadType: 'AzureFileShare' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T04:30:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T04:30:00Z' - ] - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - timeZone: 'UTC' - protectedItemsCount: 0 - } - } -] -``` - -
-

- -### Parameter Usage: `replicationFabrics` - -

- -Parameter JSON format - -```json -"replicationFabrics": { - "value": [ - { - "location": "NorthEurope", - "replicationContainers": [ - { - "name": "ne-container1", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "WestEurope-Fabric", - "targetContainerName": "we-conainer2" - } - ] - } - ] - }, - { - "name": "WestEurope-Fabric", //Optional - "location": "WestEurope", - "replicationContainers": [ - { - "name": "we-conainer2" - } - ] - } - ] -}, -``` - -### Parameter Usage: `replicationPolicies` - -
- -Parameter JSON format - -```json -"replicationPolicies": { - "value": [ - { - "name": "Default_values" - }, - { - "name": "Custom_values", - "appConsistentFrequencyInMinutes": 240, - "crashConsistentFrequencyInMinutes": 7, - "multiVmSyncStatus": "Disable", - "recoveryPointHistory": 2880 - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationPolicies: [ - { - name: 'Default_values' - } - { - name: 'Custom_values' - appConsistentFrequencyInMinutes: 240 - crashConsistentFrequencyInMinutes: 7 - multiVmSyncStatus: 'Disable' - recoveryPointHistory: 2880 - } -] -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the recovery services vault. | -| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | -| `resourceId` | string | The resource ID of the recovery services vault. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-dr-001" - }, - "replicationFabrics": { - "value": [ - { - "location": "NorthEurope", - "replicationContainers": [ - { - "name": "ne-container1", - "replicationContainerMappings": [ - { - "targetProtectionContainerId": "/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-min-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container2", - "policyName": "Default_values", - "targetContainerName": "pluto" - } - ] - }, - { - "name": "ne-container2", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "WE-2", - "targetContainerName": "we-container1" - } - ] - } - ] - }, - { - "name": "WE-2", - "location": "WestEurope", - "replicationContainers": [ - { - "name": "we-container1", - "replicationContainerMappings": [ - { - "policyName": "Default_values", - "targetContainerFabricName": "NorthEurope", - "targetContainerName": "ne-container2" - } - ] - } - ] - } - ] - }, - "replicationPolicies": { - "value": [ - { - "name": "Default_values" - }, - { - "name": "Custom_values", - "appConsistentFrequencyInMinutes": 240, - "crashConsistentFrequencyInMinutes": 7, - "multiVmSyncStatus": "Disable", - "recoveryPointHistory": 2880 - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vaults' - params: { - name: '<>-az-rsv-dr-001' - replicationFabrics: [ - { - location: 'NorthEurope' - replicationContainers: [ - { - name: 'ne-container1' - replicationContainerMappings: [ - { - targetProtectionContainerId: '/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-min-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container2' - policyName: 'Default_values' - targetContainerName: 'pluto' - } - ] - } - { - name: 'ne-container2' - replicationContainerMappings: [ - { - policyName: 'Default_values' - targetContainerFabricName: 'WE-2' - targetContainerName: 'we-container1' - } - ] - } - ] - } - { - name: 'WE-2' - location: 'WestEurope' - replicationContainers: [ - { - name: 'we-container1' - replicationContainerMappings: [ - { - policyName: 'Default_values' - targetContainerFabricName: 'NorthEurope' - targetContainerName: 'ne-container2' - } - ] - } - ] - } - ] - replicationPolicies: [ - { - name: 'Default_values' - } - { - name: 'Custom_values' - appConsistentFrequencyInMinutes: 240 - crashConsistentFrequencyInMinutes: 7 - multiVmSyncStatus: 'Disable' - recoveryPointHistory: 2880 - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vaults' - params: { - name: '<>-az-rsv-min-001' - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rsv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backupConfig": { - "value": { - "enhancedSecurityState": "Disabled", - "softDeleteFeatureState": "Disabled" - } - }, - "backupPolicies": { - "value": [ - { - "name": "VMpolicy", - "properties": { - "backupManagementType": "AzureIaasVM", - "instantRPDetails": {}, - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T07:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 180, - "durationType": "Days" - } - }, - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 12, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T07:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - }, - "instantRpRetentionRangeInDays": 2, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - }, - { - "name": "sqlpolicy", - "properties": { - "backupManagementType": "AzureWorkload", - "workLoadType": "SQLDataBase", - "settings": { - "timeZone": "UTC", - "issqlcompression": true, - "isCompression": true - }, - "subProtectionPolicy": [ - { - "policyType": "Full", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Sunday" - ], - "scheduleRunTimes": [ - "2019-11-07T22:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "weeklySchedule": { - "daysOfTheWeek": [ - "Sunday" - ], - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 104, - "durationType": "Weeks" - } - }, - "monthlySchedule": { - "retentionScheduleFormatType": "Weekly", - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 60, - "durationType": "Months" - } - }, - "yearlySchedule": { - "retentionScheduleFormatType": "Weekly", - "monthsOfYear": [ - "January" - ], - "retentionScheduleWeekly": { - "daysOfTheWeek": [ - "Sunday" - ], - "weeksOfTheMonth": [ - "First" - ] - }, - "retentionTimes": [ - "2019-11-07T22:00:00Z" - ], - "retentionDuration": { - "count": 10, - "durationType": "Years" - } - } - } - }, - { - "policyType": "Differential", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Weekly", - "scheduleRunDays": [ - "Monday" - ], - "scheduleRunTimes": [ - "2017-03-07T02:00:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - { - "policyType": "Log", - "schedulePolicy": { - "schedulePolicyType": "LogSchedulePolicy", - "scheduleFrequencyInMins": 120 - }, - "retentionPolicy": { - "retentionPolicyType": "SimpleRetentionPolicy", - "retentionDuration": { - "count": 15, - "durationType": "Days" - } - } - } - ], - "protectedItemsCount": 0 - } - }, - { - "name": "filesharepolicy", - "properties": { - "backupManagementType": "AzureStorage", - "workloadType": "AzureFileShare", - "schedulePolicy": { - "schedulePolicyType": "SimpleSchedulePolicy", - "scheduleRunFrequency": "Daily", - "scheduleRunTimes": [ - "2019-11-07T04:30:00Z" - ], - "scheduleWeeklyFrequency": 0 - }, - "retentionPolicy": { - "retentionPolicyType": "LongTermRetentionPolicy", - "dailySchedule": { - "retentionTimes": [ - "2019-11-07T04:30:00Z" - ], - "retentionDuration": { - "count": 30, - "durationType": "Days" - } - } - }, - "timeZone": "UTC", - "protectedItemsCount": 0 - } - } - ] - }, - "backupStorageConfig": { - "value": { - "storageModelType": "GeoRedundant", - "crossRegionRestoreFlag": true - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module vaults './Microsoft.RecoveryServices/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-vaults' - params: { - name: '<>-az-rsv-x-001' - lock: 'CanNotDelete' - backupConfig: { - enhancedSecurityState: 'Disabled' - softDeleteFeatureState: 'Disabled' - } - backupPolicies: [ - { - name: 'VMpolicy' - properties: { - backupManagementType: 'AzureIaasVM' - instantRPDetails: {} - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T07:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 180 - durationType: 'Days' - } - } - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 12 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T07:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - instantRpRetentionRangeInDays: 2 - timeZone: 'UTC' - protectedItemsCount: 0 - } - } - { - name: 'sqlpolicy' - properties: { - backupManagementType: 'AzureWorkload' - workLoadType: 'SQLDataBase' - settings: { - timeZone: 'UTC' - issqlcompression: true - isCompression: true - } - subProtectionPolicy: [ - { - policyType: 'Full' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Sunday' - ] - scheduleRunTimes: [ - '2019-11-07T22:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - weeklySchedule: { - daysOfTheWeek: [ - 'Sunday' - ] - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 104 - durationType: 'Weeks' - } - } - monthlySchedule: { - retentionScheduleFormatType: 'Weekly' - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 60 - durationType: 'Months' - } - } - yearlySchedule: { - retentionScheduleFormatType: 'Weekly' - monthsOfYear: [ - 'January' - ] - retentionScheduleWeekly: { - daysOfTheWeek: [ - 'Sunday' - ] - weeksOfTheMonth: [ - 'First' - ] - } - retentionTimes: [ - '2019-11-07T22:00:00Z' - ] - retentionDuration: { - count: 10 - durationType: 'Years' - } - } - } - } - { - policyType: 'Differential' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Weekly' - scheduleRunDays: [ - 'Monday' - ] - scheduleRunTimes: [ - '2017-03-07T02:00:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - { - policyType: 'Log' - schedulePolicy: { - schedulePolicyType: 'LogSchedulePolicy' - scheduleFrequencyInMins: 120 - } - retentionPolicy: { - retentionPolicyType: 'SimpleRetentionPolicy' - retentionDuration: { - count: 15 - durationType: 'Days' - } - } - } - ] - protectedItemsCount: 0 - } - } - { - name: 'filesharepolicy' - properties: { - backupManagementType: 'AzureStorage' - workloadType: 'AzureFileShare' - schedulePolicy: { - schedulePolicyType: 'SimpleSchedulePolicy' - scheduleRunFrequency: 'Daily' - scheduleRunTimes: [ - '2019-11-07T04:30:00Z' - ] - scheduleWeeklyFrequency: 0 - } - retentionPolicy: { - retentionPolicyType: 'LongTermRetentionPolicy' - dailySchedule: { - retentionTimes: [ - '2019-11-07T04:30:00Z' - ] - retentionDuration: { - count: 30 - durationType: 'Days' - } - } - } - timeZone: 'UTC' - protectedItemsCount: 0 - } - } - ] - backupStorageConfig: { - storageModelType: 'GeoRedundant' - crossRegionRestoreFlag: true - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - } -} -``` - -
-

diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep deleted file mode 100644 index 554d390ddb..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/deploy.bicep +++ /dev/null @@ -1,61 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Required. The recovery location the fabric represents.') -param location string = resourceGroup().location - -@description('Optional. The name of the fabric.') -param name string = location - -@description('Optional. Replication containers to create.') -param replicationContainers array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}-rsvPolicy' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource replicationFabric 'Microsoft.RecoveryServices/vaults/replicationFabrics@2021-12-01' = { - name: '${recoveryVaultName}/${name}' - properties: { - customDetails: { - instanceType: 'Azure' - location: location - } - } -} - -module fabric_replicationContainers 'replicationProtectionContainers/deploy.bicep' = [for (container, index) in replicationContainers: { - name: '${deployment().name}-RCont-${index}' - params: { - name: container.name - recoveryVaultName: recoveryVaultName - replicationFabricName: name - replicationContainerMappings: contains(container, 'replicationContainerMappings') ? container.replicationContainerMappings : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - replicationFabric - ] -}] - -@description('The name of the replication fabric.') -output name string = replicationFabric.name - -@description('The resource ID of the replication fabric.') -output resourceId string = replicationFabric.id - -@description('The name of the resource group the replication fabric was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md deleted file mode 100644 index 1c2b29110f..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/readme.md +++ /dev/null @@ -1,98 +0,0 @@ -# RecoveryServices Vaults ReplicationFabrics `[Microsoft.RecoveryServices/vaults/replicationFabrics]` - -This module deploys a Replication Fabric for Azure to Azure disaster recovery scenario of Azure Site Recovery. - -> Note: this module currently support only the `instanceType: 'Azure'` scenario. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/replicationFabrics` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `location` | string | `[resourceGroup().location]` | The recovery location the fabric represents. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[parameters('location')]` | The name of the fabric. | -| `replicationContainers` | array | `[]` | Replication containers to create. | - - -### Parameter Usage: `replicationContainers` - -

- -Parameter JSON format - -```json -"replicationContainers": { - "value": [ - { - "name": "we-container1", - "replicationContainerMappings": [ //optional - { - "policyName": "Default_values", - "targetContainerName": "we-container2" - } - ] - }, - { - "name": "we-container2" - }, - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationContainers: [ - { - name: 'we-container1' - replicationContainerMappings: [ //optional - { - policyName: 'Default_values' - targetContainerName: 'we-container2' - } - ] - } - { - name: 'we-container2' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication fabric. | -| `resourceGroupName` | string | The name of the resource group the replication fabric was created in. | -| `resourceId` | string | The resource ID of the replication fabric. | diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep deleted file mode 100644 index 0a6422076a..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/deploy.bicep +++ /dev/null @@ -1,67 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Conditional. The name of the parent Replication Fabric. Required if the template is used in a standalone deployment.') -param replicationFabricName string - -@description('Required. The name of the replication container.') -param name string - -@description('Optional. Replication containers mappings to create.') -param replicationContainerMappings array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}-rsvPolicy' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource replicationContainer 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers@2021-12-01' = { - name: '${recoveryVaultName}/${replicationFabricName}/${name}' - properties: { - providerSpecificInput: [ - { - instanceType: 'A2A' - } - ] - } -} - -module fabric_container_containerMappings 'replicationProtectionContainerMappings/deploy.bicep' = [for (mapping, index) in replicationContainerMappings: { - name: '${deployment().name}-Map-${index}' - params: { - name: contains(mapping, 'name') ? mapping.name : '' - policyId: contains(mapping, 'policyId') ? mapping.policyId : '' - policyName: contains(mapping, 'policyName') ? mapping.policyName : '' - recoveryVaultName: recoveryVaultName - replicationFabricName: replicationFabricName - sourceProtectionContainerName: name - targetProtectionContainerId: contains(mapping, 'targetProtectionContainerId') ? mapping.targetProtectionContainerId : '' - targetContainerFabricName: contains(mapping, 'targetContainerFabricName') ? mapping.targetContainerFabricName : replicationFabricName - targetContainerName: contains(mapping, 'targetContainerName') ? mapping.targetContainerName : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - replicationContainer - ] -}] - -@description('The name of the replication container.') -output name string = replicationContainer.name - -@description('The resource ID of the replication container.') -output resourceId string = replicationContainer.id - -@description('The name of the resource group the replication container was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md deleted file mode 100644 index 5df2ee6958..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readme.md +++ /dev/null @@ -1,93 +0,0 @@ -# RecoveryServices Vaults ReplicationFabrics ReplicationProtectionContainers `[Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers]` - -This module deploys a Replication Protection Container. - -> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers) | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication container. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | -| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. | - - -### Parameter Usage: `replicationContainerMappings` - -

- -Parameter JSON format - -```json -"replicationContainerMappings": { - "value": [ - { - "targetProtectionContainerId": "/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1", - "policyId": "/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-dr-001/replicationPolicies/Default_values" - }, - { - "name": null, //Optional - "policyName": "Default_values", - "targetContainerFabricName": "WestEurope", - "targetContainerName": "we-container" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -replicationContainerMappings: [ - { - targetProtectionContainerId: '/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-dr-001/replicationFabrics/NorthEurope/replicationProtectionContainers/ne-container1' - policyId: '/Subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.RecoveryServices/vaults/<>-az-rsv-dr-001/replicationPolicies/Default_values' - } - { - name: null //Optional - policyName: 'Default_values' - targetContainerFabricName: 'WestEurope' - targetContainerName: 'we-container' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication container. | -| `resourceGroupName` | string | The name of the resource group the replication container was created in. | -| `resourceId` | string | The resource ID of the replication container. | diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep deleted file mode 100644 index 42cefe55b9..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/deploy.bicep +++ /dev/null @@ -1,65 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Conditional. The name of the parent Replication Fabric. Required if the template is used in a standalone deployment.') -param replicationFabricName string - -@description('Conditional. The name of the parent source Replication container. Required if the template is used in a standalone deployment.') -param sourceProtectionContainerName string - -@description('Optional. Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored.') -param targetProtectionContainerId string = '' - -@description('Optional. Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored.') -param targetContainerFabricName string = replicationFabricName - -@description('Optional. Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored.') -param targetContainerName string = '' - -@description('Optional. Resource ID of the replication policy. If defined, policyName will be ignored.') -param policyId string = '' - -@description('Optional. Name of the replication policy. Will be ignored if policyId is also specified.') -param policyName string = '' - -@description('Optional. The name of the replication container mapping. If not provided, it will be automatically generated as `-`.') -param name string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var policyResourceId = policyId != '' ? policyId : subscriptionResourceId('Microsoft.RecoveryServices/vaults/replicationPolicies', recoveryVaultName, policyName) -var targetProtectionContainerResourceId = targetProtectionContainerId != '' ? targetProtectionContainerId : subscriptionResourceId('Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers', recoveryVaultName, targetContainerFabricName, targetContainerName) -var mappingName = !empty(name) ? name : '${sourceProtectionContainerName}-${split(targetProtectionContainerResourceId, '/')[10]}' - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}-rsvPolicy' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource replicationContainer 'Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings@2021-12-01' = { - name: '${recoveryVaultName}/${replicationFabricName}/${sourceProtectionContainerName}/${mappingName}' - properties: { - targetProtectionContainerId: targetProtectionContainerResourceId - policyId: policyResourceId - providerSpecificInput: { - instanceType: 'A2A' - } - } -} - -@description('The name of the replication container.') -output name string = replicationContainer.name - -@description('The resource ID of the replication container.') -output resourceId string = replicationContainer.id - -@description('The name of the resource group the replication container was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md deleted file mode 100644 index d344cc56f0..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readme.md +++ /dev/null @@ -1,46 +0,0 @@ -# RecoveryServices Vaults ReplicationFabrics ReplicationProtectionContainers ReplicationProtectionContainerMappings `[Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings]` - -This module deploys a Replication Protection Container Mapping. - -> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | -| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. | -| `sourceProtectionContainerName` | string | The name of the parent source Replication container. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `''` | The name of the replication container mapping. If not provided, it will be automatically generated as `-`. | -| `policyId` | string | `''` | Resource ID of the replication policy. If defined, policyName will be ignored. | -| `policyName` | string | `''` | Name of the replication policy. Will be ignored if policyId is also specified. | -| `targetContainerFabricName` | string | `[parameters('replicationFabricName')]` | Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. | -| `targetContainerName` | string | `''` | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. | -| `targetProtectionContainerId` | string | `''` | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication container. | -| `resourceGroupName` | string | The name of the resource group the replication container was created in. | -| `resourceId` | string | The resource ID of the replication container. | diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationFabrics/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep deleted file mode 100644 index 123e2f07ca..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/deploy.bicep +++ /dev/null @@ -1,57 +0,0 @@ -@description('Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.') -param recoveryVaultName string - -@description('Required. The name of the replication policy.') -param name string - -@description('Optional. The app consistent snapshot frequency (in minutes).') -param appConsistentFrequencyInMinutes int = 60 - -@description('Optional. The crash consistent snapshot frequency (in minutes).') -param crashConsistentFrequencyInMinutes int = 5 - -@description('Optional. A value indicating whether multi-VM sync has to be enabled.') -@allowed([ - 'Enable' - 'Disable' -]) -param multiVmSyncStatus string = 'Enable' - -@description('Optional. The duration in minutes until which the recovery points need to be stored.') -param recoveryPointHistory int = 1440 - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}-rsvPolicy' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource replicationPolicy 'Microsoft.RecoveryServices/vaults/replicationPolicies@2021-12-01' = { - name: '${recoveryVaultName}/${name}' - properties: { - providerSpecificInput: { - instanceType: 'A2A' - appConsistentFrequencyInMinutes: appConsistentFrequencyInMinutes - crashConsistentFrequencyInMinutes: crashConsistentFrequencyInMinutes - multiVmSyncStatus: multiVmSyncStatus - recoveryPointHistory: recoveryPointHistory - } - } -} -@description('The name of the replication policy.') -output name string = replicationPolicy.name - -@description('The resource ID of the replication policy.') -output resourceId string = replicationPolicy.id - -@description('The name of the resource group the replication policy was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md deleted file mode 100644 index f5b3f0662e..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/readme.md +++ /dev/null @@ -1,47 +0,0 @@ -# RecoveryServices Vaults ReplicationPolicies `[Microsoft.RecoveryServices/vaults/replicationPolicies]` - -This module deploys a Replication Policy for Disaster Recovery scenario. - -> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.RecoveryServices/vaults/replicationPolicies` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-12-01/vaults/replicationPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication policy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appConsistentFrequencyInMinutes` | int | `60` | | The app consistent snapshot frequency (in minutes). | -| `crashConsistentFrequencyInMinutes` | int | `5` | | The crash consistent snapshot frequency (in minutes). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `multiVmSyncStatus` | string | `'Enable'` | `[Enable, Disable]` | A value indicating whether multi-VM sync has to be enabled. | -| `recoveryPointHistory` | int | `1440` | | The duration in minutes until which the recovery points need to be stored. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the replication policy. | -| `resourceGroupName` | string | The name of the resource group the replication policy was created in. | -| `resourceId` | string | The resource ID of the replication policy. | diff --git a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json b/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/replicationPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.RecoveryServices/vaults/version.json b/modules/Microsoft.RecoveryServices/vaults/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.RecoveryServices/vaults/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json deleted file mode 100644 index e3e775a93d..0000000000 --- a/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/cli.parameters.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ds-cli-001" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "kind": { - "value": "AzureCLI" - }, - "azCliVersion": { - "value": "2.15.0" - }, - "scriptContent": { - "value": "echo \"Hello from inside the script\"" - }, - "retentionInterval": { - "value": "P1D" - }, - "runOnce": { - "value": false - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT30M" - } - } -} diff --git a/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json b/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json deleted file mode 100644 index accc14b0b0..0000000000 --- a/modules/Microsoft.Resources/deploymentScripts/.deploymentTests/ps.parameters.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ds-ps-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "kind": { - "value": "AzurePowerShell" - }, - "azPowerShellVersion": { - "value": "3.0" - }, - "scriptContent": { - "value": "Write-Host 'Running PowerShell from template'" - }, - "retentionInterval": { - "value": "P1D" - }, - "runOnce": { - "value": false - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT30M" - } - } -} diff --git a/modules/Microsoft.Resources/deploymentScripts/deploy.bicep b/modules/Microsoft.Resources/deploymentScripts/deploy.bicep deleted file mode 100644 index 823f3a28f4..0000000000 --- a/modules/Microsoft.Resources/deploymentScripts/deploy.bicep +++ /dev/null @@ -1,139 +0,0 @@ -@description('Required. Display name of the script to be run.') -param name string - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Type of the script. AzurePowerShell, AzureCLI.') -@allowed([ - 'AzurePowerShell' - 'AzureCLI' -]) -param kind string = 'AzurePowerShell' - -@description('Optional. Azure PowerShell module version to be used.') -param azPowerShellVersion string = '3.0' - -@description('Optional. Azure CLI module version to be used.') -param azCliVersion string = '' - -@description('Optional. Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead.') -param scriptContent string = '' - -@description('Optional. Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead.') -param primaryScriptUri string = '' - -@description('Optional. The environment variables to pass over to the script. Must have a \'name\' and a \'value\' or a \'secretValue\' property.') -param environmentVariables array = [] - -@description('Optional. List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent).') -param supportingScriptUris array = [] - -@description('Optional. Command-line arguments to pass to the script. Arguments are separated by spaces.') -param arguments string = '' - -@description('Optional. Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week).') -param retentionInterval string = 'P1D' - -@description('Optional. When set to false, script will run every time the template is deployed. When set to true, the script will only run once.') -param runOnce bool = false - -@description('Optional. The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled).') -@allowed([ - 'Always' - 'OnSuccess' - 'OnExpiration' -]) -param cleanupPreference string = 'Always' - -@description('Optional. Container group name, if not specified then the name will get auto-generated. Not specifying a \'containerGroupName\' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use \'containerGroupName\' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. \'containerGroupName\' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed.') -param containerGroupName string = '' - -@description('Optional. Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; \'PT30M\' - 30 minutes; \'P5D\' - 5 days; \'P1Y\' 1 year.') -param timeout string = 'PT1H' - -@description('Generated. Do not provide a value! This date value is used to make sure the script run every time the template is deployed.') -param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss') - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var containerSettings = { - containerGroupName: containerGroupName -} - -var identityType = !empty(userAssignedIdentities) ? 'UserAssigned' : 'None' - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: name - location: location - tags: tags - identity: identity - kind: any(kind) - properties: { - azPowerShellVersion: kind == 'AzurePowerShell' ? azPowerShellVersion : null - azCliVersion: kind == 'AzureCLI' ? azCliVersion : null - containerSettings: empty(containerGroupName) ? null : containerSettings - arguments: arguments - environmentVariables: empty(environmentVariables) ? null : environmentVariables - scriptContent: empty(scriptContent) ? null : scriptContent - primaryScriptUri: empty(primaryScriptUri) ? null : primaryScriptUri - supportingScriptUris: empty(supportingScriptUris) ? null : supportingScriptUris - cleanupPreference: cleanupPreference - forceUpdateTag: runOnce ? resourceGroup().name : baseTime - retentionInterval: retentionInterval - timeout: timeout - } -} - -resource deploymentScript_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${deploymentScript.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: deploymentScript -} - -@description('The resource ID of the deployment script.') -output resourceId string = deploymentScript.id - -@description('The resource group the deployment script was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployment script.') -output name string = deploymentScript.name - -@description('The location the resource was deployed into.') -output location string = deploymentScript.location diff --git a/modules/Microsoft.Resources/deploymentScripts/readme.md b/modules/Microsoft.Resources/deploymentScripts/readme.md deleted file mode 100644 index 781e5dbb21..0000000000 --- a/modules/Microsoft.Resources/deploymentScripts/readme.md +++ /dev/null @@ -1,290 +0,0 @@ -# Deployment Scripts `[Microsoft.Resources/deploymentScripts]` - -This module deploys a deployment script. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Considerations](#Considerations) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Resources/deploymentScripts` | [2020-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Display name of the script to be run. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `arguments` | string | `''` | | Command-line arguments to pass to the script. Arguments are separated by spaces. | -| `azCliVersion` | string | `''` | | Azure CLI module version to be used. | -| `azPowerShellVersion` | string | `'3.0'` | | Azure PowerShell module version to be used. | -| `cleanupPreference` | string | `'Always'` | `[Always, OnSuccess, OnExpiration]` | The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). | -| `containerGroupName` | string | `''` | | Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `environmentVariables` | array | `[]` | | The environment variables to pass over to the script. Must have a 'name' and a 'value' or a 'secretValue' property. | -| `kind` | string | `'AzurePowerShell'` | `[AzurePowerShell, AzureCLI]` | Type of the script. AzurePowerShell, AzureCLI. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `primaryScriptUri` | string | `''` | | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. | -| `retentionInterval` | string | `'P1D'` | | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). | -| `runOnce` | bool | `False` | | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. | -| `scriptContent` | string | `''` | | Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. | -| `supportingScriptUris` | array | `[]` | | List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeout` | string | `'PT1H'` | | Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - -**Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployment script. | -| `resourceGroupName` | string | The resource group the deployment script was deployed into. | -| `resourceId` | string | The resource ID of the deployment script. | - -## Considerations - -This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance. - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ds-cli-001" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "kind": { - "value": "AzureCLI" - }, - "azCliVersion": { - "value": "2.15.0" - }, - "scriptContent": { - "value": "echo \"Hello from inside the script\"" - }, - "retentionInterval": { - "value": "P1D" - }, - "runOnce": { - "value": false - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT30M" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-deploymentScripts' - params: { - name: '<>-az-ds-cli-001' - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - kind: 'AzureCLI' - azCliVersion: '2.15.0' - scriptContent: 'echo \'Hello from inside the script\'' - retentionInterval: 'P1D' - runOnce: false - cleanupPreference: 'Always' - timeout: 'PT30M' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-ds-ps-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "kind": { - "value": "AzurePowerShell" - }, - "azPowerShellVersion": { - "value": "3.0" - }, - "scriptContent": { - "value": "Write-Host 'Running PowerShell from template'" - }, - "retentionInterval": { - "value": "P1D" - }, - "runOnce": { - "value": false - }, - "cleanupPreference": { - "value": "Always" - }, - "timeout": { - "value": "PT30M" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module deploymentScripts './Microsoft.Resources/deploymentScripts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-deploymentScripts' - params: { - name: '<>-az-ds-ps-001' - lock: 'CanNotDelete' - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - kind: 'AzurePowerShell' - azPowerShellVersion: '3.0' - scriptContent: 'Write-Host 'Running PowerShell from template'' - retentionInterval: 'P1D' - runOnce: false - cleanupPreference: 'Always' - timeout: 'PT30M' - } -} -``` - -
-

diff --git a/modules/Microsoft.Resources/deploymentScripts/version.json b/modules/Microsoft.Resources/deploymentScripts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Resources/deploymentScripts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index aec6bf8af7..0000000000 --- a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,208 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'AcrDelete': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c2f4ef07-c644-48eb-af81-4b1b4947fb11') - 'AcrImageSigner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6cef56e8-d556-48e5-a04f-b8e64114680f') - 'AcrPull': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f951dda-4ed3-4680-a7ca-43fe172d538d') - 'AcrPush': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8311e382-0749-4cb8-b61a-304f252e45ec') - 'AcrQuarantineReader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cdda3590-29a3-44f6-95f2-9f980659eb04') - 'AcrQuarantineWriter': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c8d4ff99-41c3-41a8-9f60-21dfdad59608') - 'API Management Service Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '312a565d-c81f-4fd8-895a-4e21e48d571c') - 'API Management Service Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e022efe7-f5ba-4159-bbe4-b44f577e9b61') - 'API Management Service Reader Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '71522526-b88f-4d52-b57f-d31fc3546d0d') - 'App Configuration Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b') - 'App Configuration Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '516239f1-63e1-4d78-a4de-a74fb236a071') - 'Application Insights Component Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ae349356-3a1b-4a5e-921d-050484c6347e') - 'Application Insights Snapshot Debugger': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '08954f03-6346-4c2e-81c0-ec3a5cfae23b') - 'Attestation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'bbf86eb8-f7b4-4cce-96e4-18cddf81d86e') - 'Attestation Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fd1bd22b-8476-40bc-a0bc-69b95687b9f3') - 'Automation Job Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4fe576fe-1146-4730-92eb-48519fa6bf9f') - 'Automation Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd3881f73-407a-4167-8283-e981cbba0404') - 'Automation Runbook Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5fb5aef8-1081-4b8e-bb16-9d5d0385bab5') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Azure Connected Machine Onboarding': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b64e21ea-ac4e-4cdf-9dc9-5b892992bee7') - 'Azure Connected Machine Resource Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cd570a14-e51a-42ad-bac8-bafd67325302') - 'Azure Digital Twins Owner (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'bcd981a7-7f74-457b-83e1-cceb9e632ffe') - 'Azure Digital Twins Reader (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd57506d4-4c8d-48b1-8587-93c323f6a5a3') - 'Azure Event Hubs Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f526a384-b230-433a-b45c-95f59c4a2dec') - 'Azure Event Hubs Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a638d3c7-ab3a-418d-83e6-5f17a39d4fde') - 'Azure Event Hubs Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2b629674-e913-4c01-ae53-ef4638d8f975') - 'Azure Kubernetes Service Cluster Admin Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8') - 'Azure Kubernetes Service Cluster User Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4abbcc35-e782-43d8-92c5-2d3f1bd2253f') - 'Azure Kubernetes Service Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8') - 'Azure Maps Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204') - 'Azure Maps Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '423170ca-a8f6-4b0f-8487-9e4eb8f49bfa') - 'Azure Sentinel Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ab8e14d6-4a74-4a29-9ba8-549422addade') - 'Azure Sentinel Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8d289c81-5878-46d4-8554-54e1e3d8b5cb') - 'Azure Sentinel Responder': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e150937-b8fe-4cfb-8069-0eaf05ecd056') - 'Azure Service Bus Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419') - 'Azure Service Bus Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0') - 'Azure Service Bus Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39') - 'Azure Stack Registration Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6f12a6df-dd06-4f3e-bcb1-ce8be600526a') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Backup Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a795c7a0-d4a2-40c1-ae25-d81f01202912') - 'Billing Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64') - 'BizTalk Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e3c6656-6cfa-4708-81fe-0de47ac73342') - 'Blockchain Member Node Access (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '31a002a1-acaf-453e-8a5b-297c9ca1ea24') - 'Blueprint Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '41077137-e803-4205-871c-5a86e6a753b4') - 'Blueprint Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '437d2ced-4a38-4302-8479-ed2bcb43d090') - 'CDN Endpoint Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '426e0c7f-0c7e-4658-b36f-ff54d6c29b45') - 'CDN Endpoint Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '871e35f6-b5c1-49cc-a043-bde969a0f2cd') - 'CDN Profile Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ec156ff8-a8d1-4d15-830c-5b80698ca432') - 'CDN Profile Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8f96442b-4075-438f-813d-ad51ab4019af') - 'Classic Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b34d265f-36f7-4a0d-a4d4-e158ca92e90f') - 'Classic Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '86e8f5dc-a6e9-4c67-9d15-de283e8eac25') - 'Classic Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '985d6b00-f706-48f5-a6fe-d0ca12fb668d') - 'Classic Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd73bb868-a0df-4d4d-bd69-98a00b01fccb') - 'ClearDB MySQL DB Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9106cda0-8a86-4e81-b686-29a22c54effe') - 'Cognitive Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68') - 'Cognitive Services Custom Vision Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c1ff6cc2-c111-46fe-8896-e0ef812ad9f3') - 'Cognitive Services Custom Vision Deployment': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5c4089e1-6d96-4d2f-b296-c1bc7137275f') - 'Cognitive Services Custom Vision Labeler': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '88424f51-ebe7-446f-bc41-7fa16989e96c') - 'Cognitive Services Custom Vision Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '93586559-c37d-4a6b-ba08-b9f0940c2d73') - 'Cognitive Services Custom Vision Trainer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a5ae4ab-0d65-4eeb-be61-29fc9b54394b') - 'Cognitive Services Data Reader (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b59867f0-fa02-499b-be73-45a86b5b3e1c') - 'Cognitive Services QnA Maker Editor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f4cc2bf9-21be-47a1-bdf1-5c5804381025') - 'Cognitive Services QnA Maker Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '466ccd10-b268-4a11-b098-b4849f024126') - 'Cognitive Services User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Cosmos DB Account Reader Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'CosmosBackupOperator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db7b14f2-5adf-42da-9f96-f2ee17bab5cb') - 'Cost Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '434105ed-43f6-45c7-a02f-909b2ba83430') - 'Cost Management Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '72fafb9e-0641-4937-9268-a91bfd8191a3') - 'Data Box Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'add466c9-e687-43fc-8d98-dfcf8d720be5') - 'Data Box Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027') - 'Data Factory Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '673868aa-7521-48a0-acc6-0f60742d39f5') - 'Data Lake Analytics Developer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '47b7735b-770e-4598-a7da-8b91488b4c88') - 'Data Purger': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '150f5e0c-0603-4f03-8c7f-cf70034c4e90') - 'Desktop Virtualization User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'EventGrid EventSubscription Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '428e0ff0-5e57-4d9c-a221-2c70d0e0a443') - 'EventGrid EventSubscription Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2414bbcf-6497-4faf-8c65-045460748405') - 'Experimentation Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f646f1b-fa08-80eb-a33b-edd6ce5c915c') - 'Experimentation Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7f646f1b-fa08-80eb-a22b-edd6ce5c915c') - 'Experimentation Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '49632ef5-d9ac-41f4-b8e7-bbe587fa74a1') - 'FHIR Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5a1fc7df-4bf1-4951-a576-89034ee01acd') - 'FHIR Data Exporter': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3db33094-8700-4567-8da5-1501d4e7e843') - 'FHIR Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4c8d0bbc-75d3-4935-991f-5f3c56d81508') - 'FHIR Data Writer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3f88fce4-5892-4214-ae73-ba5294559913') - 'Graph Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b60367af-1334-4454-b71e-769d9a4f83d9') - 'HDInsight Cluster Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '61ed4efc-fab3-44fd-b111-e24485cc132a') - 'HDInsight Domain Services Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8d8d5a11-05d3-4bda-a417-a08778121c7c') - 'Hierarchy Settings Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '350f8d15-c687-4448-8ae1-157740a3936d') - 'Hybrid Server Onboarding': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb') - 'Hybrid Server Resource Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '48b40c6e-82e0-4eb3-90d5-19e40f49b624') - 'Integration Service Environment Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a41e2c5b-bd99-4a07-88f4-9bf657a760b8') - 'Integration Service Environment Developer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7aa55d3-1abb-444a-a5ca-5e51e485d6ec') - 'Intelligent Systems Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '03a6d094-3444-4b3d-88af-7477090a9e5e') - 'Key Vault Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f25e0fa2-a7c8-4377-a976-54943a77a395') - 'Knowledge Consumer': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ee361c5d-f7b5-4119-b4b6-892157c8f64c') - 'Kubernetes Cluster - Azure Arc Onboarding': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '34e09817-6cbe-4d01-b1a2-e0eac5743d41') - 'Lab Creator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b97fb8bc-a8b2-4522-a38b-dd33c7e65ead') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Logic App Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Managed Identity Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e40ec5ca-96e0-45a2-b4ff-59039f2c2b59') - 'Managed Identity Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f1a07417-d97a-45cb-824c-7a7467783830') - 'Managed Services Registration assignment Delete ': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '91c1777a-f3dc-4fae-b103-61d183457e46') - 'Management Group Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c') - 'Management Group Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ac63b705-f282-497d-ac71-919bf39d939d') - 'Marketplace Admin': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'dd920d6d-f481-47f1-b461-f338c46b2d9f') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'New Relic APM Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d28c62d-5b37-4476-8438-e587778df237') - 'Object Understanding Account Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4dd61c23-6743-42fe-a388-d8bdd41cb745') - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Policy Insights Data Writer (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '66bb4e9e-b016-4a94-8249-4c0511c2be84') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Reader and Data Access': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349') - 'Redis Cache Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e0f68234-74aa-48ed-b826-c38b57376e17') - 'Remote Rendering Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3df8b902-2a6f-47c7-8cc5-360e9b272a7e') - 'Remote Rendering Client': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd39065c4-c120-43c9-ab0a-63eed9795f0a') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Scheduler Job Collections Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '188a0f2f-5c9e-469b-ae67-2aa5ce574b94') - 'Search Service Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7ca78c08-252a-4471-8644-bb5ff32d4ba0') - 'Security Admin': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb1c8493-542b-48eb-b624-b4c8fea62acd') - 'Security Assessment Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '612c2aa1-cb24-443b-ac28-3ab7272de6f5') - 'Security Manager (Legacy)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e3d13bf0-dd5a-482e-ba6b-9b8433878d10') - 'Security Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '39bc4728-0917-49c7-9d2c-d95423bc2eb4') - 'SignalR AccessKey Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '04165923-9d83-45d5-8227-78b77b0a687e') - 'SignalR Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Site Recovery Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'dbaa88c4-0c30-4179-9fb3-46319faa6149') - 'Spatial Anchors Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827') - 'Spatial Anchors Account Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '70bbe301-9835-447d-afdd-19eb3167307c') - 'Spatial Anchors Account Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5d51204f-eb77-4b1c-b86a-2ec626c49413') - 'SQL DB Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9b7fa17d-e63e-47b0-bb0a-15c516ac86ec') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'SQL Server Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12') - 'Storage Blob Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') - 'Storage Blob Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b') - 'Storage Blob Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1') - 'Storage Blob Delegator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a') - 'Storage File Data SMB Share Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb') - 'Storage File Data SMB Share Elevated Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7264617-510b-434b-a828-9731dc254ea7') - 'Storage File Data SMB Share Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aba4ae5f-2193-4029-9191-0cb91df5e314') - 'Storage Queue Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88') - 'Storage Queue Data Message Processor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8a0f0c08-91a1-4084-bc3d-661d67233fed') - 'Storage Queue Data Message Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a') - 'Storage Queue Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '19e7f393-937e-4f77-808e-94535e297925') - 'Support Request Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e') - 'Tag Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4a9ae827-6dc8-4573-8ac7-8239d42aa03f') - 'Traffic Manager Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') - 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') - 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') - 'Workbook Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e8ddcd69-c73f-4f9f-9844-4100522f16ad') - 'Workbook Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d') -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(last(split(resourceId, '/')), principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } -}] diff --git a/modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json b/modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json deleted file mode 100644 index a132c26376..0000000000 --- a/modules/Microsoft.Resources/resourceGroups/.deploymentTests/parameters.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "Test": "Yes" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Resources/resourceGroups/deploy.bicep b/modules/Microsoft.Resources/resourceGroups/deploy.bicep deleted file mode 100644 index 503d2fc765..0000000000 --- a/modules/Microsoft.Resources/resourceGroups/deploy.bicep +++ /dev/null @@ -1,74 +0,0 @@ -targetScope = 'subscription' - -@description('Required. The name of the Resource Group.') -param name string - -@description('Optional. Location of the Resource Group. It uses the deployment\'s location when not provided.') -param location string = deployment().location - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the storage account resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource resourceGroup 'Microsoft.Resources/resourceGroups@2019-05-01' = { - location: location - name: name - tags: tags - properties: {} -} - -module resourceGroup_lock '../../Microsoft.Authorization/locks/resourceGroup/deploy.bicep' = if (!empty(lock)) { - name: '${uniqueString(deployment().name, location)}-${lock}-Lock' - params: { - level: any(lock) - name: '${resourceGroup.name}-${lock}-lock' - } - scope: resourceGroup -} - -module resourceGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-RG-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: resourceGroup.id - } - scope: resourceGroup -}] - -@description('The name of the resource group.') -output name string = resourceGroup.name - -@description('The resource ID of the resource group.') -output resourceId string = resourceGroup.id - -@description('The location the resource was deployed into.') -output location string = resourceGroup.location diff --git a/modules/Microsoft.Resources/resourceGroups/readme.md b/modules/Microsoft.Resources/resourceGroups/readme.md deleted file mode 100644 index 730f5ce040..0000000000 --- a/modules/Microsoft.Resources/resourceGroups/readme.md +++ /dev/null @@ -1,216 +0,0 @@ -# Resource Groups `[Microsoft.Resources/resourceGroups]` - -This module deploys a resource group. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Considerations](#Considerations) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Resources/resourceGroups` | [2019-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-05-01/resourceGroups) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Resource Group. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | | Location of the Resource Group. It uses the deployment's location when not provided. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the storage account resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Considerations - -This module requires a User Assigned Identity (MSI, managed service identity) to exist, and this MSI has to have contributor rights on the subscription - that allows the Deployment Script to create the required Storage Account and the Azure Container Instance. - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the resource group. | -| `resourceId` | string | The resource ID of the resource group. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-rg-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "Test": "Yes" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module resourceGroups './Microsoft.Resources/resourceGroups/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-resourceGroups' - params: { - name: '<>-az-rg-x-001' - lock: 'CanNotDelete' - tags: { - Test: 'Yes' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Resources/resourceGroups/version.json b/modules/Microsoft.Resources/resourceGroups/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Resources/resourceGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json deleted file mode 100644 index d90c44f3fb..0000000000 --- a/modules/Microsoft.Resources/tags/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} diff --git a/modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json deleted file mode 100644 index a90e2e5b2c..0000000000 --- a/modules/Microsoft.Resources/tags/.deploymentTests/rg.parameters.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "onlyUpdate": { - "value": false - }, - "tags": { - "value": { - "Test": "Yes", - "TestToo": "No" - } - }, - "resourceGroupName": { - "value": "validation-rg" - } - } -} diff --git a/modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json b/modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json deleted file mode 100644 index 840b23ba68..0000000000 --- a/modules/Microsoft.Resources/tags/.deploymentTests/sub.parameters.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "onlyUpdate": { - "value": true - }, - "tags": { - "value": { - "Test": "Yes", - "TestToo": "No" - } - } - } -} diff --git a/modules/Microsoft.Resources/tags/deploy.bicep b/modules/Microsoft.Resources/tags/deploy.bicep deleted file mode 100644 index 146c2c57c1..0000000000 --- a/modules/Microsoft.Resources/tags/deploy.bicep +++ /dev/null @@ -1,63 +0,0 @@ -targetScope = 'subscription' - -@description('Optional. Tags for the resource group. If not provided, removes existing tags.') -param tags object = {} - -@description('Optional. Instead of overwriting the existing tags, combine them with the new tags.') -param onlyUpdate bool = false - -@description('Optional. Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.') -param resourceGroupName string = '' - -@description('Optional. Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.') -param subscriptionId string = subscription().id - -@sys.description('Optional. Location deployment metadata.') -param location string = deployment().location - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -module tags_sub 'subscriptions/deploy.bicep' = if (!empty(subscriptionId) && empty(resourceGroupName)) { - name: '${deployment().name}-Tags-Sub' - params: { - onlyUpdate: onlyUpdate - tags: tags - location: location - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module tags_rg 'resourceGroups/deploy.bicep' = if (!empty(resourceGroupName) && !empty(subscriptionId)) { - name: '${deployment().name}-Tags-RG' - scope: resourceGroup(resourceGroupName) - params: { - onlyUpdate: onlyUpdate - tags: tags - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -@description('The name of the tags resource.') -output name string = (!empty(resourceGroupName) && !empty(subscriptionId)) ? tags_rg.outputs.name : tags_sub.outputs.name - -@description('The applied tags.') -output tags object = (!empty(resourceGroupName) && !empty(subscriptionId)) ? tags_rg.outputs.tags : tags_sub.outputs.tags - -@description('The resource ID of the applied tags.') -output resourceId string = (!empty(resourceGroupName) && !empty(subscriptionId)) ? tags_rg.outputs.resourceId : tags_sub.outputs.resourceId diff --git a/modules/Microsoft.Resources/tags/readme.md b/modules/Microsoft.Resources/tags/readme.md deleted file mode 100644 index 92510e3730..0000000000 --- a/modules/Microsoft.Resources/tags/readme.md +++ /dev/null @@ -1,208 +0,0 @@ -# Resources Tags `[Microsoft.Resources/tags]` - -This module deploys Resources Tags on a subscription or resource group scope. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Resources/tags` | [2019-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/tags) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | -| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the tags resource. | -| `resourceId` | string | The resource ID of the applied tags. | -| `tags` | object | The applied tags. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} -``` - -
- -
- -via Bicep module - -```bicep -module tags './Microsoft.Resources/tags/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-tags' - params: { - - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "onlyUpdate": { - "value": false - }, - "tags": { - "value": { - "Test": "Yes", - "TestToo": "No" - } - }, - "resourceGroupName": { - "value": "validation-rg" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module tags './Microsoft.Resources/tags/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-tags' - params: { - onlyUpdate: false - tags: { - Test: 'Yes' - TestToo: 'No' - } - resourceGroupName: 'validation-rg' - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "onlyUpdate": { - "value": true - }, - "tags": { - "value": { - "Test": "Yes", - "TestToo": "No" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module tags './Microsoft.Resources/tags/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-tags' - params: { - onlyUpdate: true - tags: { - Test: 'Yes' - TestToo: 'No' - } - } -} -``` - -
-

diff --git a/modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep b/modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep deleted file mode 100644 index 0f3301f974..0000000000 --- a/modules/Microsoft.Resources/tags/resourceGroups/.bicep/readTags.bicep +++ /dev/null @@ -1,9 +0,0 @@ -@description('Optional. The name of the tags resource.') -param name string = 'default' - -resource tags 'Microsoft.Resources/tags@2019-10-01' existing = { - name: name -} - -@description('Tags currently applied to the subscription level') -output existingTags object = contains(tags.properties, 'tags') ? tags.properties.tags : {} diff --git a/modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep b/modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep deleted file mode 100644 index d402bcfc15..0000000000 --- a/modules/Microsoft.Resources/tags/resourceGroups/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@description('Optional. Tags for the resource group. If not provided, removes existing tags.') -param tags object = {} - -@description('Optional. The name of the tags resource.') -param name string = 'default' - -@description('Optional. Instead of overwriting the existing tags, combine them with the new tags.') -param onlyUpdate bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -module readTags '.bicep/readTags.bicep' = if (onlyUpdate) { - name: '${deployment().name}-ReadTags' -} - -var newTags = (onlyUpdate) ? union(readTags.outputs.existingTags, tags) : tags - -resource tag 'Microsoft.Resources/tags@2019-10-01' = { - name: name - properties: { - tags: newTags - } -} - -@description('The name of the tags resource.') -output name string = tag.name - -@description('The resource ID of the applied tags.') -output resourceId string = tag.id - -@description('The name of the resource group the tags were applied to.') -output resourceGroupName string = resourceGroup().name - -@description('The applied tags.') -output tags object = newTags diff --git a/modules/Microsoft.Resources/tags/resourceGroups/readme.md b/modules/Microsoft.Resources/tags/resourceGroups/readme.md deleted file mode 100644 index 5060c21a17..0000000000 --- a/modules/Microsoft.Resources/tags/resourceGroups/readme.md +++ /dev/null @@ -1,76 +0,0 @@ -# Resources Tags ResourceGroups `[Microsoft.Resources/tags/resourceGroups]` - -This module deploys Resources Tags on a resource group scope. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Resources/tags` | [2019-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/tags) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | The name of the tags resource. | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the tags resource. | -| `resourceGroupName` | string | The name of the resource group the tags were applied to. | -| `resourceId` | string | The resource ID of the applied tags. | -| `tags` | object | The applied tags. | diff --git a/modules/Microsoft.Resources/tags/resourceGroups/version.json b/modules/Microsoft.Resources/tags/resourceGroups/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Resources/tags/resourceGroups/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep b/modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep deleted file mode 100644 index 65b2457259..0000000000 --- a/modules/Microsoft.Resources/tags/subscriptions/.bicep/readTags.bicep +++ /dev/null @@ -1,11 +0,0 @@ -targetScope = 'subscription' - -@description('Optional. The name of the tags resource.') -param name string = 'default' - -resource tags 'Microsoft.Resources/tags@2019-10-01' existing = { - name: name -} - -@description('Tags currently applied to the subscription level') -output existingTags object = contains(tags.properties, 'tags') ? tags.properties.tags : {} diff --git a/modules/Microsoft.Resources/tags/subscriptions/deploy.bicep b/modules/Microsoft.Resources/tags/subscriptions/deploy.bicep deleted file mode 100644 index d72b0fbdf7..0000000000 --- a/modules/Microsoft.Resources/tags/subscriptions/deploy.bicep +++ /dev/null @@ -1,51 +0,0 @@ -targetScope = 'subscription' - -@description('Optional. Tags for the resource group. If not provided, removes existing tags.') -param tags object = {} - -@description('Optional. The name of the tags resource.') -param name string = 'default' - -@description('Optional. Instead of overwriting the existing tags, combine them with the new tags.') -param onlyUpdate bool = false - -@sys.description('Optional. Location deployment metadata.') -param location string = deployment().location - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -module readTags '.bicep/readTags.bicep' = if (onlyUpdate) { - name: '${deployment().name}-ReadTags' -} - -var newTags = (onlyUpdate) ? union(readTags.outputs.existingTags, tags) : tags - -resource tag 'Microsoft.Resources/tags@2019-10-01' = { - name: name - properties: { - tags: newTags - } -} - -@description('The name of the tags resource.') -output name string = tag.name - -@description('The applied tags.') -output tags object = newTags - -@description('The resource ID of the applied tags.') -output resourceId string = tag.id diff --git a/modules/Microsoft.Resources/tags/subscriptions/readme.md b/modules/Microsoft.Resources/tags/subscriptions/readme.md deleted file mode 100644 index ee1351115c..0000000000 --- a/modules/Microsoft.Resources/tags/subscriptions/readme.md +++ /dev/null @@ -1,76 +0,0 @@ -# Resources Tags Subscriptions `[Microsoft.Resources/tags/subscriptions]` - -This module deploys Resources Tags on a subscription scope. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Resources/tags` | [2019-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-10-01/tags) | - -## Parameters - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `name` | string | `'default'` | The name of the tags resource. | -| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. | -| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the tags resource. | -| `resourceId` | string | The resource ID of the applied tags. | -| `tags` | object | The applied tags. | diff --git a/modules/Microsoft.Resources/tags/subscriptions/version.json b/modules/Microsoft.Resources/tags/subscriptions/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Resources/tags/subscriptions/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Resources/tags/version.json b/modules/Microsoft.Resources/tags/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Resources/tags/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep b/modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep deleted file mode 100644 index 5f37462ee7..0000000000 --- a/modules/Microsoft.Security/azureSecurityCenter/.bicep/nested_iotSecuritySolutions.bicep +++ /dev/null @@ -1,16 +0,0 @@ -@description('Optional. Security Solution data') -param ioTSecuritySolutionProperties object = {} - -resource iotSecuritySolutions 'Microsoft.Security/iotSecuritySolutions@2019-08-01' = if (!empty(ioTSecuritySolutionProperties)) { - name: 'iotSecuritySolutions' - properties: { - workspace: ioTSecuritySolutionProperties.workspace - displayName: ioTSecuritySolutionProperties.displayName - status: ioTSecuritySolutionProperties.status - export: ioTSecuritySolutionProperties.export - disabledDataSources: ioTSecuritySolutionProperties.disabledDataSources - iotHubs: ioTSecuritySolutionProperties.iotHubs - userDefinedResources: ioTSecuritySolutionProperties.userDefinedResources - recommendationsConfiguration: ioTSecuritySolutionProperties.recommendationsConfiguration - } -} diff --git a/modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json b/modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json deleted file mode 100644 index cfa02a1ddc..0000000000 --- a/modules/Microsoft.Security/azureSecurityCenter/.deploymentTests/parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "scope": { - "value": "/subscriptions/<>" - }, - "securityContactProperties": { - "value": { - "email": "foo@contoso.com", - "phone": "+12345678", - "alertNotifications": "Off", - "alertsToAdmins": "Off" - } - }, - "workspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - } -} diff --git a/modules/Microsoft.Security/azureSecurityCenter/deploy.bicep b/modules/Microsoft.Security/azureSecurityCenter/deploy.bicep deleted file mode 100644 index 5987272f88..0000000000 --- a/modules/Microsoft.Security/azureSecurityCenter/deploy.bicep +++ /dev/null @@ -1,247 +0,0 @@ -targetScope = 'subscription' - -@description('Required. The full Azure ID of the workspace to save the data in.') -param workspaceId string - -@description('Required. All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope.') -param scope string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Describes what kind of security agent provisioning action to take. - On or Off.') -@allowed([ - 'On' - 'Off' -]) -param autoProvision string = 'On' - -@description('Optional. Device Security group data.') -param deviceSecurityGroupProperties object = {} - -@description('Optional. Security Solution data.') -param ioTSecuritySolutionProperties object = {} - -@description('Optional. The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param virtualMachinesPricingTier string = 'Free' - -@description('Optional. The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param sqlServersPricingTier string = 'Free' - -@description('Optional. The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param appServicesPricingTier string = 'Free' - -@description('Optional. The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param storageAccountsPricingTier string = 'Free' - -@description('Optional. The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param sqlServerVirtualMachinesPricingTier string = 'Free' - -@description('Optional. The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param kubernetesServicePricingTier string = 'Free' - -@description('Optional. The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param containerRegistryPricingTier string = 'Free' - -@description('Optional. The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param keyVaultsPricingTier string = 'Free' - -@description('Optional. The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param dnsPricingTier string = 'Free' - -@description('Optional. The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param armPricingTier string = 'Free' - -@description('Optional. The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param openSourceRelationalDatabasesTier string = 'Free' - -@description('Optional. The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param containersTier string = 'Free' - -@description('Optional. The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.') -@allowed([ - 'Free' - 'Standard' -]) -param cosmosDbsTier string = 'Free' - -@description('Optional. Security contact data.') -param securityContactProperties object = {} - -@description('Optional. Location deployment metadata.') -param location string = deployment().location - -var pricings = [ - { - name: 'VirtualMachines' - pricingTier: virtualMachinesPricingTier - } - { - name: 'SqlServers' - pricingTier: sqlServersPricingTier - } - { - name: 'AppServices' - pricingTier: appServicesPricingTier - } - { - name: 'StorageAccounts' - pricingTier: storageAccountsPricingTier - } - { - name: 'SqlServerVirtualMachines' - pricingTier: sqlServerVirtualMachinesPricingTier - } - { - name: 'KubernetesService' - pricingTier: kubernetesServicePricingTier - } - { - name: 'ContainerRegistry' - pricingTier: containerRegistryPricingTier - } - { - name: 'KeyVaults' - pricingTier: keyVaultsPricingTier - } - { - name: 'Dns' - pricingTier: dnsPricingTier - } - { - name: 'Arm' - pricingTier: armPricingTier - } - { - name: 'OpenSourceRelationalDatabases' - pricingTier: openSourceRelationalDatabasesTier - } - { - name: 'Containers' - pricingTier: containersTier - } - { - name: 'CosmosDbs' - pricingTier: cosmosDbsTier - } -] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - location: location - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource pricingTiers 'Microsoft.Security/pricings@2018-06-01' = [for (pricing, index) in pricings: { - name: pricing.name - properties: { - pricingTier: pricing.pricingTier - } -}] - -resource autoProvisioningSettings 'Microsoft.Security/autoProvisioningSettings@2017-08-01-preview' = { - name: 'default' - properties: { - autoProvision: autoProvision - } -} - -resource deviceSecurityGroups 'Microsoft.Security/deviceSecurityGroups@2019-08-01' = if (!empty(deviceSecurityGroupProperties)) { - name: 'deviceSecurityGroups' - properties: { - thresholdRules: deviceSecurityGroupProperties.thresholdRules - timeWindowRules: deviceSecurityGroupProperties.timeWindowRules - allowlistRules: deviceSecurityGroupProperties.allowlistRules - denylistRules: deviceSecurityGroupProperties.denylistRules - } -} - -module iotSecuritySolutions '.bicep/nested_iotSecuritySolutions.bicep' = if (!empty(ioTSecuritySolutionProperties)) { - name: '${uniqueString(deployment().name)}-ASC-IotSecuritySolutions' - scope: resourceGroup(empty(ioTSecuritySolutionProperties) ? 'dummy' : ioTSecuritySolutionProperties.resourceGroup) - params: { - ioTSecuritySolutionProperties: ioTSecuritySolutionProperties - } -} - -resource securityContacts 'Microsoft.Security/securityContacts@2017-08-01-preview' = if (!empty(securityContactProperties)) { - name: 'securityContacts' - properties: { - email: securityContactProperties.email - phone: securityContactProperties.phone - alertNotifications: securityContactProperties.alertNotifications - alertsToAdmins: securityContactProperties.alertsToAdmins - } -} - -resource workspaceSettings 'Microsoft.Security/workspaceSettings@2017-08-01-preview' = { - name: 'default' - properties: { - workspaceId: workspaceId - scope: scope - } - dependsOn: [ - autoProvisioningSettings - ] -} - -@description('The resource ID of the used log analytics workspace.') -output workspaceId string = workspaceId - -@description('The name of the security center.') -output name string = 'Security' diff --git a/modules/Microsoft.Security/azureSecurityCenter/readme.md b/modules/Microsoft.Security/azureSecurityCenter/readme.md deleted file mode 100644 index 6696f1c3a3..0000000000 --- a/modules/Microsoft.Security/azureSecurityCenter/readme.md +++ /dev/null @@ -1,151 +0,0 @@ -# Azure Security Center `[Microsoft.Security/azureSecurityCenter]` - -This template enables Azure security center - Standard tier by default, could be overridden. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Security/autoProvisioningSettings` | [2017-08-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/autoProvisioningSettings) | -| `Microsoft.Security/deviceSecurityGroups` | [2019-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2019-08-01/deviceSecurityGroups) | -| `Microsoft.Security/iotSecuritySolutions` | [2019-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2019-08-01/iotSecuritySolutions) | -| `Microsoft.Security/pricings` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2018-06-01/pricings) | -| `Microsoft.Security/securityContacts` | [2017-08-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/securityContacts) | -| `Microsoft.Security/workspaceSettings` | [2017-08-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/workspaceSettings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `scope` | string | All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. | -| `workspaceId` | string | The full Azure ID of the workspace to save the data in. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appServicesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `armPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `autoProvision` | string | `'On'` | `[On, Off]` | Describes what kind of security agent provisioning action to take. - On or Off. | -| `containerRegistryPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `containersTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `cosmosDbsTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `deviceSecurityGroupProperties` | object | `{object}` | | Device Security group data. | -| `dnsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ioTSecuritySolutionProperties` | object | `{object}` | | Security Solution data. | -| `keyVaultsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `kubernetesServicePricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `openSourceRelationalDatabasesTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `securityContactProperties` | object | `{object}` | | Security contact data. | -| `sqlServersPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `sqlServerVirtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `storageAccountsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | -| `virtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | - - -### Parameter Usage: `securityContactProperties` - -

- -Parameter JSON format - -```json -"securityContactProperties": { - "value": { - "email": "test@contoso.com", - "phone": "+12345678", - "alertNotifications": "On", - "alertsToAdmins": "Off" - } -} -``` - -
- -
- -Bicep format - -```bicep -securityContactProperties: { - email: 'test@contoso.com' - phone: '+12345678' - alertNotifications: 'On' - alertsToAdmins: 'Off' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the security center. | -| `workspaceId` | string | The resource ID of the used log analytics workspace. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "scope": { - "value": "/subscriptions/<>" - }, - "securityContactProperties": { - "value": { - "email": "foo@contoso.com", - "phone": "+12345678", - "alertNotifications": "Off", - "alertsToAdmins": "Off" - } - }, - "workspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module azureSecurityCenter './Microsoft.Security/azureSecurityCenter/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-azureSecurityCenter' - params: { - scope: '/subscriptions/<>' - securityContactProperties: { - email: 'foo@contoso.com' - phone: '+12345678' - alertNotifications: 'Off' - alertsToAdmins: 'Off' - } - workspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Security/azureSecurityCenter/version.json b/modules/Microsoft.Security/azureSecurityCenter/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Security/azureSecurityCenter/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 24ee49e11f..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Azure Service Bus Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419') - 'Azure Service Bus Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0') - 'Azure Service Bus Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(namespace.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: namespace -}] diff --git a/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json b/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json deleted file mode 100644 index d90c44f3fb..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} diff --git a/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json b/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json deleted file mode 100644 index 33c0288e8c..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/.deploymentTests/parameters.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sbn-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "skuName": { - "value": "Premium" - }, - "tags": { - "value": {} - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "disasterRecoveryConfigs": { - "value": {} - }, - "migrationConfigurations": { - "value": {} - }, - "virtualNetworkRules": { - "value": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-003" - ] - }, - "ipFilterRules": { - "value": [ - { - "filterName": "ipFilter1", - "ipMask": "10.0.1.0/32", - "action": "Accept" - }, - { - "filterName": "ipFilter2", - "ipMask": "10.0.2.0/32", - "action": "Accept" - } - ] - }, - "authorizationRules": { - "value": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - }, - "queues": { - "value": [ - { - "name": "<>-az-sbq-x-002", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "authorizationRules": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - } - ] - }, - "topics": { - "value": [ - { - "name": "<>-az-sbt-x-001", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "authorizationRules": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "namespace" - } - ] - } - } -} diff --git a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep deleted file mode 100644 index 53252fde07..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/deploy.bicep +++ /dev/null @@ -1,51 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Required. The name of the authorization rule.') -param name string - -@description('Optional. The rights associated with the rule.') -@allowed([ - 'Listen' - 'Manage' - 'Send' -]) -param rights array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource authorizationRule 'Microsoft.ServiceBus/namespaces/AuthorizationRules@2017-04-01' = { - name: name - parent: namespace - properties: { - rights: rights - } -} - -@description('The name of the authorization rule.') -output name string = authorizationRule.name - -@description('The resource ID of the authorization rule.') -output resourceId string = authorizationRule.id - -@description('The name of the Resource Group the authorization rule was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md deleted file mode 100644 index adb841bbe2..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# ServiceBus Namespace Authorization Rules `[Microsoft.ServiceBus/namespaces/authorizationRules]` - -This module deploys authorization rules for a service bus namespace - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/AuthorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/AuthorizationRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | -| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | -| `resourceId` | string | The resource ID of the authorization rule. | diff --git a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/authorizationRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep deleted file mode 100644 index 0344fb6c91..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep +++ /dev/null @@ -1,356 +0,0 @@ -@description('Optional. Name of the Service Bus Namespace. If no name is provided, then unique name will be created.') -@maxLength(50) -param name string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. Name of this SKU. - Basic, Standard, Premium.') -@allowed([ - 'Basic' - 'Standard' - 'Premium' -]) -param skuName string = 'Basic' - -@description('Optional. Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones.') -param zoneRedundant bool = false - -@description('Optional. Authorization Rules for the Service Bus namespace.') -param authorizationRules array = [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } -] - -@description('Optional. IP Filter Rules for the Service Bus namespace.') -param ipFilterRules array = [] - -@description('Optional. The migration configuration.') -param migrationConfigurations object = {} - -@description('Optional. The disaster recovery configuration.') -param disasterRecoveryConfigs object = {} - -@description('Optional. vNet Rules SubnetIds for the Service Bus namespace.') -param virtualNetworkRules array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Configuration Details for private endpoints.') -param privateEndpoints array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules.') -param baseTime string = utcNow('u') - -@description('Optional. The queues to create in the service bus namespace.') -param queues array = [] - -@description('Optional. The topics to create in the service bus namespace.') -param topics array = [] - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'OperationalLogs' -]) -param diagnosticLogCategoriesToEnable array = [ - 'OperationalLogs' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var maxNameLength = 50 -var uniqueServiceBusNamespaceNameUntrim = uniqueString('Service Bus Namespace${baseTime}') -var uniqueServiceBusNamespaceName = ((length(uniqueServiceBusNamespaceNameUntrim) > maxNameLength) ? substring(uniqueServiceBusNamespaceNameUntrim, 0, maxNameLength) : uniqueServiceBusNamespaceNameUntrim) - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' = { - name: !empty(name) ? name : uniqueServiceBusNamespaceName - location: location - tags: empty(tags) ? null : tags - sku: { - name: skuName - } - identity: identity - properties: { - zoneRedundant: zoneRedundant - } -} - -module serviceBusNamespace_disasterRecoveryConfig 'disasterRecoveryConfigs/deploy.bicep' = if (!empty(disasterRecoveryConfigs)) { - name: '${uniqueString(deployment().name, location)}-DisasterRecoveryConfig' - params: { - namespaceName: serviceBusNamespace.name - name: contains(disasterRecoveryConfigs, 'name') ? disasterRecoveryConfigs.name : 'default' - alternateName: contains(disasterRecoveryConfigs, 'alternateName') ? disasterRecoveryConfigs.alternateName : '' - partnerNamespaceResourceID: contains(disasterRecoveryConfigs, 'partnerNamespace') ? disasterRecoveryConfigs.partnerNamespace : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module serviceBusNamespace_migrationConfigurations 'migrationConfigurations/deploy.bicep' = if (!empty(migrationConfigurations)) { - name: '${uniqueString(deployment().name, location)}-MigrationConfigurations' - params: { - namespaceName: serviceBusNamespace.name - name: contains(migrationConfigurations, 'name') ? migrationConfigurations.name : '$default' - postMigrationName: migrationConfigurations.postMigrationName - targetNamespaceResourceId: migrationConfigurations.targetNamespace - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module serviceBusNamespace_virtualNetworkRules 'virtualNetworkRules/deploy.bicep' = [for (virtualNetworkRule, index) in virtualNetworkRules: { - name: '${uniqueString(deployment().name, location)}-VirtualNetworkRules-${index}' - params: { - namespaceName: serviceBusNamespace.name - name: last(split(virtualNetworkRule, '/')) - virtualNetworkSubnetId: virtualNetworkRule - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module serviceBusNamespace_authorizationRules 'authorizationRules/deploy.bicep' = [for (authorizationRule, index) in authorizationRules: { - name: '${uniqueString(deployment().name, location)}-AuthorizationRules-${index}' - params: { - namespaceName: serviceBusNamespace.name - name: authorizationRule.name - rights: contains(authorizationRule, 'rights') ? authorizationRule.rights : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module serviceBusNamespace_ipFilterRules 'ipFilterRules/deploy.bicep' = [for (ipFilterRule, index) in ipFilterRules: { - name: '${uniqueString(deployment().name, location)}-IpFilterRules-${index}' - params: { - namespaceName: serviceBusNamespace.name - name: contains(ipFilterRule, 'name') ? ipFilterRule.name : ipFilterRule.filterName - action: ipFilterRule.action - filterName: ipFilterRule.filterName - ipMask: ipFilterRule.ipMask - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module serviceBusNamespace_queues 'queues/deploy.bicep' = [for (queue, index) in queues: { - name: '${uniqueString(deployment().name, location)}-Queue-${index}' - params: { - namespaceName: serviceBusNamespace.name - name: queue.name - authorizationRules: contains(queue, 'authorizationRules') ? queue.authorizationRules : [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - ] - deadLetteringOnMessageExpiration: contains(queue, 'deadLetteringOnMessageExpiration') ? queue.deadLetteringOnMessageExpiration : true - defaultMessageTimeToLive: contains(queue, 'defaultMessageTimeToLive') ? queue.defaultMessageTimeToLive : 'P14D' - duplicateDetectionHistoryTimeWindow: contains(queue, 'duplicateDetectionHistoryTimeWindow') ? queue.duplicateDetectionHistoryTimeWindow : 'PT10M' - enableBatchedOperations: contains(queue, 'enableBatchedOperations') ? queue.enableBatchedOperations : true - enableExpress: contains(queue, 'enableExpress') ? queue.enableExpress : false - enablePartitioning: contains(queue, 'enablePartitioning') ? queue.enablePartitioning : false - lock: contains(queue, 'lock') ? queue.lock : '' - lockDuration: contains(queue, 'lockDuration') ? queue.lockDuration : 'PT1M' - maxDeliveryCount: contains(queue, 'maxDeliveryCount') ? queue.maxDeliveryCount : 10 - maxSizeInMegabytes: contains(queue, 'maxSizeInMegabytes') ? queue.maxSizeInMegabytes : 1024 - requiresDuplicateDetection: contains(queue, 'requiresDuplicateDetection') ? queue.requiresDuplicateDetection : false - requiresSession: contains(queue, 'requiresSession') ? queue.requiresSession : false - roleAssignments: contains(queue, 'roleAssignments') ? queue.roleAssignments : [] - status: contains(queue, 'status') ? queue.status : 'Active' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module serviceBusNamespace_topics 'topics/deploy.bicep' = [for (topic, index) in topics: { - name: '${uniqueString(deployment().name, location)}-Topic-${index}' - params: { - namespaceName: serviceBusNamespace.name - name: topic.name - authorizationRules: contains(topic, 'authorizationRules') ? topic.authorizationRules : [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - ] - autoDeleteOnIdle: contains(topic, 'autoDeleteOnIdle') ? topic.autoDeleteOnIdle : 'PT5M' - defaultMessageTimeToLive: contains(topic, 'defaultMessageTimeToLive') ? topic.defaultMessageTimeToLive : 'P14D' - duplicateDetectionHistoryTimeWindow: contains(topic, 'duplicateDetectionHistoryTimeWindow') ? topic.duplicateDetectionHistoryTimeWindow : 'PT10M' - enableBatchedOperations: contains(topic, 'enableBatchedOperations') ? topic.enableBatchedOperations : true - enableExpress: contains(topic, 'enableExpress') ? topic.enableExpress : false - enablePartitioning: contains(topic, 'enablePartitioning') ? topic.enablePartitioning : false - lock: contains(topic, 'lock') ? topic.lock : '' - maxMessageSizeInKilobytes: contains(topic, 'maxMessageSizeInKilobytes') ? topic.maxMessageSizeInKilobytes : 1024 - maxSizeInMegabytes: contains(topic, 'maxSizeInMegabytes') ? topic.maxSizeInMegabytes : 1024 - requiresDuplicateDetection: contains(topic, 'requiresDuplicateDetection') ? topic.requiresDuplicateDetection : false - roleAssignments: contains(topic, 'roleAssignments') ? topic.roleAssignments : [] - status: contains(topic, 'status') ? topic.status : 'Active' - supportOrdering: contains(topic, 'supportOrdering') ? topic.supportOrdering : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource serviceBusNamespace_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${serviceBusNamespace.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: serviceBusNamespace -} - -resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: serviceBusNamespace -} - -module serviceBusNamespace_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-Namespace-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: serviceBusNamespace.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -module serviceBusNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: serviceBusNamespace.id - } -}] - -@description('The resource ID of the deployed service bus namespace.') -output resourceId string = serviceBusNamespace.id - -@description('The resource group of the deployed service bus namespace.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the deployed service bus namespace.') -output name string = serviceBusNamespace.name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(serviceBusNamespace.identity, 'principalId') ? serviceBusNamespace.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = serviceBusNamespace.location diff --git a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep deleted file mode 100644 index 790de0620b..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/deploy.bicep +++ /dev/null @@ -1,50 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Optional. The name of the disaster recovery config.') -param name string = 'default' - -@description('Optional. Primary/Secondary eventhub namespace name, which is part of GEO DR pairing.') -param alternateName string = '' - -@description('Optional. Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing.') -param partnerNamespaceResourceID string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource disasterRecoveryConfig 'Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs@2017-04-01' = { - name: name - parent: namespace - properties: { - alternateName: alternateName - partnerNamespace: partnerNamespaceResourceID - } -} - -@description('The name of the disaster recovery config.') -output name string = disasterRecoveryConfig.name - -@description('The Resource ID of the disaster recovery config.') -output resourceId string = disasterRecoveryConfig.id - -@description('The name of the Resource Group the disaster recovery config was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md deleted file mode 100644 index 750a046877..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/readme.md +++ /dev/null @@ -1,39 +0,0 @@ -# Service Bus Namespace Disaster Recovery Config `[Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs]` - -This module deploys a disaster recovery config for a service bus Namespace - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/disasterRecoveryConfigs) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `alternateName` | string | `''` | Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | The name of the disaster recovery config. | -| `partnerNamespaceResourceID` | string | `''` | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the disaster recovery config. | -| `resourceGroupName` | string | The name of the Resource Group the disaster recovery config was created in. | -| `resourceId` | string | The Resource ID of the disaster recovery config. | diff --git a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json b/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep deleted file mode 100644 index bdaf2720b4..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/deploy.bicep +++ /dev/null @@ -1,58 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Optional. The name of the ip filter rule.') -param name string = filterName - -@description('Required. The IP Filter Action.') -@allowed([ - 'Accept' - // 'Reject' # Reason: Only Accept IpFilterRules are accepted by API -]) -param action string - -@description('Required. IP Filter name.') -param filterName string - -@description('Required. IP Mask.') -param ipMask string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource ipFilterRule 'Microsoft.ServiceBus/namespaces/ipFilterRules@2018-01-01-preview' = { - name: name - parent: namespace - properties: { - action: action - filterName: filterName - ipMask: ipMask - } -} - -@description('The name of the IP filter rule.') -output name string = ipFilterRule.name - -@description('The Resource ID of the IP filter rule.') -output resourceId string = ipFilterRule.id - -@description('The name of the Resource Group the IP filter rule was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md deleted file mode 100644 index ce1e092e55..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/readme.md +++ /dev/null @@ -1,44 +0,0 @@ -# ServiceBus Namespace Ip-Filter Rules `[Microsoft.ServiceBus/namespaces/ipFilterRules]` - -This module deploys IP filter rules for a service bus namespace - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/ipfilterrules` | [2018-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/ipfilterrules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `action` | string | `[Accept]` | The IP Filter Action. | -| `filterName` | string | | IP Filter name. | -| `ipMask` | string | | IP Mask. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[parameters('filterName')]` | The name of the ip filter rule. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the IP filter rule. | -| `resourceGroupName` | string | The name of the Resource Group the IP filter rule was created in. | -| `resourceId` | string | The Resource ID of the IP filter rule. | diff --git a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json b/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/ipFilterRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep deleted file mode 100644 index 9bbb7f11f9..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/deploy.bicep +++ /dev/null @@ -1,50 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Optional. The name of the migration configuration.') -param name string = '$default' - -@description('Required. Name to access Standard Namespace after migration.') -param postMigrationName string - -@description('Required. Existing premium Namespace resource ID which has no entities, will be used for migration.') -param targetNamespaceResourceId string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource migrationConfiguration 'Microsoft.ServiceBus/namespaces/migrationConfigurations@2017-04-01' = { - name: name - parent: namespace - properties: { - targetNamespace: targetNamespaceResourceId - postMigrationName: postMigrationName - } -} - -@description('The name of the migration configuration.') -output name string = migrationConfiguration.name - -@description('The Resource ID of the migration configuration.') -output resourceId string = migrationConfiguration.id - -@description('The name of the Resource Group the migration configuration was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md deleted file mode 100644 index 802e86bd21..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# ServiceBus Namespace Migration Configuration `[Microsoft.ServiceBus/namespaces/migrationConfigurations]` - -This module deploys a migration configuration for a service bus namespace - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/migrationConfigurations` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/migrationConfigurations) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `postMigrationName` | string | Name to access Standard Namespace after migration. | -| `targetNamespaceResourceId` | string | Existing premium Namespace resource ID which has no entities, will be used for migration. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'$default'` | The name of the migration configuration. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the migration configuration. | -| `resourceGroupName` | string | The name of the Resource Group the migration configuration was created in. | -| `resourceId` | string | The Resource ID of the migration configuration. | diff --git a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json b/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/migrationConfigurations/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 573648e0a5..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Azure Service Bus Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419') - 'Azure Service Bus Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0') - 'Azure Service Bus Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(queue.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: queue -}] diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep deleted file mode 100644 index 7a44bdf463..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/deploy.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@description('Required. The name of the service bus namepace queue.') -param name string - -@description('Conditional. The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment.') -param namespaceName string - -@description('Conditional. The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment.') -param queueName string - -@description('Optional. The rights associated with the rule.') -@allowed([ - 'Listen' - 'Manage' - 'Send' -]) -param rights array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName - - resource queue 'queues@2021-06-01-preview' existing = { - name: queueName - } -} - -resource authorizationRule 'Microsoft.ServiceBus/namespaces/queues/authorizationRules@2017-04-01' = { - name: name - parent: namespace::queue - properties: { - rights: rights - } -} - -@description('The name of the authorization rule.') -output name string = authorizationRule.name - -@description('The Resource ID of the authorization rule.') -output resourceId string = authorizationRule.id - -@description('The name of the Resource Group the authorization rule was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md deleted file mode 100644 index 29d6b9ecb3..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# ServiceBus Namespace Queue Authorization Rules `[Microsoft.ServiceBus/namespaces/queues/authorizationRules]` - -This module deploys an authorization rule for a service bus namespace queue. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the service bus namepace queue. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | -| `queueName` | string | The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | -| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | -| `resourceId` | string | The Resource ID of the authorization rule. | diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/authorizationRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep deleted file mode 100644 index 3a8e541cc4..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ /dev/null @@ -1,161 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Required. Name of the Service Bus Queue.') -@minLength(6) -@maxLength(50) -param name string - -@description('Optional. ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute.') -param lockDuration string = 'PT1M' - -@description('Optional. The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024.') -param maxSizeInMegabytes int = 1024 - -@description('Optional. A value indicating if this queue requires duplicate detection.') -param requiresDuplicateDetection bool = false - -@description('Optional. A value that indicates whether the queue supports the concept of sessions.') -param requiresSession bool = false - -@description('Optional. ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself.') -param defaultMessageTimeToLive string = 'P14D' - -@description('Optional. A value that indicates whether this queue has dead letter support when a message expires.') -param deadLetteringOnMessageExpiration bool = true - -@description('Optional. Value that indicates whether server-side batched operations are enabled.') -param enableBatchedOperations bool = true - -@description('Optional. ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes.') -param duplicateDetectionHistoryTimeWindow string = 'PT10M' - -@description('Optional. The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10.') -param maxDeliveryCount int = 10 - -@description('Optional. Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown.') -@allowed([ - 'Active' - 'Disabled' - 'Restoring' - 'SendDisabled' - 'ReceiveDisabled' - 'Creating' - 'Deleting' - 'Renaming' - 'Unknown' -]) -param status string = 'Active' - -@description('Optional. A value that indicates whether the queue is to be partitioned across multiple message brokers.') -param enablePartitioning bool = false - -@description('Optional. A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage.') -param enableExpress bool = false - -@description('Optional. Authorization Rules for the Service Bus Queue.') -param authorizationRules array = [ - { - name: 'RootManageSharedAccessKey' - properties: { - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - } -] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' = { - name: name - parent: namespace - properties: { - lockDuration: lockDuration - maxSizeInMegabytes: maxSizeInMegabytes - requiresDuplicateDetection: requiresDuplicateDetection - requiresSession: requiresSession - defaultMessageTimeToLive: defaultMessageTimeToLive - deadLetteringOnMessageExpiration: deadLetteringOnMessageExpiration - enableBatchedOperations: enableBatchedOperations - duplicateDetectionHistoryTimeWindow: duplicateDetectionHistoryTimeWindow - maxDeliveryCount: maxDeliveryCount - status: status - enablePartitioning: enablePartitioning - enableExpress: enableExpress - } -} - -module queue_authorizationRules 'authorizationRules/deploy.bicep' = [for (authorizationRule, index) in authorizationRules: { - name: '${deployment().name}-AuthRule-${index}' - params: { - namespaceName: namespaceName - queueName: queue.name - name: authorizationRule.name - rights: contains(authorizationRule, 'rights') ? authorizationRule.rights : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource queue_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${queue.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: queue -} - -module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: queue.id - } -}] - -@description('The name of the deployed queue.') -output name string = queue.name - -@description('The resource ID of the deployed queue.') -output resourceId string = queue.id - -@description('The resource group of the deployed queue.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/readme.md b/modules/Microsoft.ServiceBus/namespaces/queues/readme.md deleted file mode 100644 index cc99507252..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/readme.md +++ /dev/null @@ -1,118 +0,0 @@ -# ServiceBus Namespace Queue `[Microsoft.ServiceBus/namespaces/queues]` - -This module deploys a queue for a service bus namespace. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.ServiceBus/namespaces/queues` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) | -| `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Service Bus Queue. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Authorization Rules for the Service Bus Queue. | -| `deadLetteringOnMessageExpiration` | bool | `True` | | A value that indicates whether this queue has dead letter support when a message expires. | -| `defaultMessageTimeToLive` | string | `'P14D'` | | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | -| `duplicateDetectionHistoryTimeWindow` | string | `'PT10M'` | | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | -| `enableBatchedOperations` | bool | `True` | | Value that indicates whether server-side batched operations are enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableExpress` | bool | `False` | | A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. | -| `enablePartitioning` | bool | `False` | | A value that indicates whether the queue is to be partitioned across multiple message brokers. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `lockDuration` | string | `'PT1M'` | | ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. | -| `maxDeliveryCount` | int | `10` | | The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. | -| `maxSizeInMegabytes` | int | `1024` | | The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. | -| `requiresDuplicateDetection` | bool | `False` | | A value indicating if this queue requires duplicate detection. | -| `requiresSession` | bool | `False` | | A value that indicates whether the queue supports the concept of sessions. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown]` | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed queue. | -| `resourceGroupName` | string | The resource group of the deployed queue. | -| `resourceId` | string | The resource ID of the deployed queue. | diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/version.json b/modules/Microsoft.ServiceBus/namespaces/queues/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/queues/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/readme.md b/modules/Microsoft.ServiceBus/namespaces/readme.md deleted file mode 100644 index 7bab9cd9a6..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/readme.md +++ /dev/null @@ -1,640 +0,0 @@ -# Service Bus Namespaces `[Microsoft.ServiceBus/namespaces]` - -This module deploys a service bus namespace resource. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.ServiceBus/namespaces` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces) | -| `Microsoft.ServiceBus/namespaces/AuthorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/AuthorizationRules) | -| `Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/disasterRecoveryConfigs) | -| `Microsoft.ServiceBus/namespaces/ipfilterrules` | [2018-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/ipfilterrules) | -| `Microsoft.ServiceBus/namespaces/migrationConfigurations` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/migrationConfigurations) | -| `Microsoft.ServiceBus/namespaces/queues` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) | -| `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) | -| `Microsoft.ServiceBus/namespaces/topics` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics) | -| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules) | -| `Microsoft.ServiceBus/namespaces/virtualnetworkrules` | [2018-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `skuName` | string | `'Basic'` | `[Basic, Standard, Premium]` | Name of this SKU. - Basic, Standard, Premium. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Authorization Rules for the Service Bus namespace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[OperationalLogs]` | `[OperationalLogs]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disasterRecoveryConfigs` | _[disasterRecoveryConfigs](disasterRecoveryConfigs/readme.md)_ object | `{object}` | | The disaster recovery configuration. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipFilterRules` | _[ipFilterRules](ipFilterRules/readme.md)_ array | `[]` | | IP Filter Rules for the Service Bus namespace. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `migrationConfigurations` | _[migrationConfigurations](migrationConfigurations/readme.md)_ object | `{object}` | | The migration configuration. | -| `name` | string | `''` | | Name of the Service Bus Namespace. If no name is provided, then unique name will be created. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | -| `queues` | _[queues](queues/readme.md)_ array | `[]` | | The queues to create in the service bus namespace. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `topics` | _[topics](topics/readme.md)_ array | `[]` | | The topics to create in the service bus namespace. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkRules` | _[virtualNetworkRules](virtualNetworkRules/readme.md)_ array | `[]` | | vNet Rules SubnetIds for the Service Bus namespace. | -| `zoneRedundant` | bool | `False` | | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | - -**Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a SAS token to access the modules. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed service bus namespace. | -| `resourceGroupName` | string | The resource group of the deployed service bus namespace. | -| `resourceId` | string | The resource ID of the deployed service bus namespace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": {} -} -``` - -
- -
- -via Bicep module - -```bicep -module namespaces './Microsoft.ServiceBus/namespaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-namespaces' - params: { - - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sbn-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "skuName": { - "value": "Premium" - }, - "tags": { - "value": {} - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "disasterRecoveryConfigs": { - "value": {} - }, - "migrationConfigurations": { - "value": {} - }, - "virtualNetworkRules": { - "value": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-003" - ] - }, - "ipFilterRules": { - "value": [ - { - "filterName": "ipFilter1", - "ipMask": "10.0.1.0/32", - "action": "Accept" - }, - { - "filterName": "ipFilter2", - "ipMask": "10.0.2.0/32", - "action": "Accept" - } - ] - }, - "authorizationRules": { - "value": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - }, - "queues": { - "value": [ - { - "name": "<>-az-sbq-x-002", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "authorizationRules": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - } - ] - }, - "topics": { - "value": [ - { - "name": "<>-az-sbt-x-001", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "authorizationRules": [ - { - "name": "RootManageSharedAccessKey", - "rights": [ - "Listen", - "Manage", - "Send" - ] - }, - { - "name": "AnotherKey", - "rights": [ - "Listen", - "Send" - ] - } - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "namespace" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module namespaces './Microsoft.ServiceBus/namespaces/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-namespaces' - params: { - name: '<>-az-sbn-x-002' - lock: 'CanNotDelete' - skuName: 'Premium' - tags: {} - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - disasterRecoveryConfigs: {} - migrationConfigurations: {} - virtualNetworkRules: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-003' - ] - ipFilterRules: [ - { - filterName: 'ipFilter1' - ipMask: '10.0.1.0/32' - action: 'Accept' - } - { - filterName: 'ipFilter2' - ipMask: '10.0.2.0/32' - action: 'Accept' - } - ] - authorizationRules: [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - { - name: 'AnotherKey' - rights: [ - 'Listen' - 'Send' - ] - } - ] - queues: [ - { - name: '<>-az-sbq-x-002' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - authorizationRules: [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - { - name: 'AnotherKey' - rights: [ - 'Listen' - 'Send' - ] - } - ] - } - ] - topics: [ - { - name: '<>-az-sbt-x-001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - authorizationRules: [ - { - name: 'RootManageSharedAccessKey' - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - { - name: 'AnotherKey' - rights: [ - 'Listen' - 'Send' - ] - } - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'namespace' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b67f08e3e0..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Azure Service Bus Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '090c5cfd-751d-490a-894a-3ce6f1109419') - 'Azure Service Bus Data Receiver': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0') - 'Azure Service Bus Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(topic.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: topic -}] diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep deleted file mode 100644 index 80d19564ed..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/deploy.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@description('Required. The name of the service bus namespace topic.') -param name string - -@description('Conditional. The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment.') -param namespaceName string - -@description('Conditional. The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment.') -param topicName string - -@description('Optional. The rights associated with the rule.') -@allowed([ - 'Listen' - 'Manage' - 'Send' -]) -param rights array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName - - resource topic 'topics@2021-06-01-preview' existing = { - name: topicName - } -} - -resource authorizationRule 'Microsoft.ServiceBus/namespaces/topics/authorizationRules@2021-06-01-preview' = { - name: name - parent: namespace::topic - properties: { - rights: rights - } -} - -@description('The name of the authorization rule.') -output name string = authorizationRule.name - -@description('The Resource ID of the authorization rule.') -output resourceId string = authorizationRule.id - -@description('The name of the Resource Group the authorization rule was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md deleted file mode 100644 index 6c478d4f96..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# ServiceBus Namespace Topic Authorization Rules `[Microsoft.ServiceBus/namespaces/topics/authorizationRules]` - -This module deploys an authorization rule for a service bus namespace topic. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the service bus namespace topic. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. | -| `topicName` | string | The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | -| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. | -| `resourceId` | string | The Resource ID of the authorization rule. | diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json b/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/authorizationRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep deleted file mode 100644 index 273d7e8b57..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep +++ /dev/null @@ -1,157 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Required. Name of the Service Bus Topic.') -@minLength(6) -@maxLength(50) -param name string - -@description('Optional. The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024.') -param maxSizeInMegabytes int = 1024 - -@description('Optional. A value indicating if this topic requires duplicate detection.') -param requiresDuplicateDetection bool = false - -@description('Optional. ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself.') -param defaultMessageTimeToLive string = 'P14D' - -@description('Optional. Value that indicates whether server-side batched operations are enabled.') -param enableBatchedOperations bool = true - -@description('Optional. ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes.') -param duplicateDetectionHistoryTimeWindow string = 'PT10M' - -@description('Optional. Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024.') -param maxMessageSizeInKilobytes int = 1024 - -@description('Optional. Value that indicates whether the topic supports ordering.') -param supportOrdering bool = false - -@description('Optional. ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes.') -param autoDeleteOnIdle string = 'PT5M' - -@description('Optional. Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown.') -@allowed([ - 'Active' - 'Disabled' - 'Restoring' - 'SendDisabled' - 'ReceiveDisabled' - 'Creating' - 'Deleting' - 'Renaming' - 'Unknown' -]) -param status string = 'Active' - -@description('Optional. A value that indicates whether the topic is to be partitioned across multiple message brokers.') -param enablePartitioning bool = false - -@description('Optional. A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage.') -param enableExpress bool = false - -@description('Optional. Authorization Rules for the Service Bus Topic.') -param authorizationRules array = [ - { - name: 'RootManageSharedAccessKey' - properties: { - rights: [ - 'Listen' - 'Manage' - 'Send' - ] - } - } -] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' = { - name: name - parent: namespace - properties: { - autoDeleteOnIdle: autoDeleteOnIdle - defaultMessageTimeToLive: defaultMessageTimeToLive - duplicateDetectionHistoryTimeWindow: duplicateDetectionHistoryTimeWindow - enableBatchedOperations: enableBatchedOperations - enableExpress: enableExpress - enablePartitioning: enablePartitioning - maxMessageSizeInKilobytes: maxMessageSizeInKilobytes - maxSizeInMegabytes: maxSizeInMegabytes - requiresDuplicateDetection: requiresDuplicateDetection - status: status - supportOrdering: supportOrdering - } -} - -module topic_authorizationRules 'authorizationRules/deploy.bicep' = [for (authorizationRule, index) in authorizationRules: { - name: '${deployment().name}-AuthRule-${index}' - params: { - namespaceName: namespaceName - topicName: topic.name - name: authorizationRule.name - rights: contains(authorizationRule, 'rights') ? authorizationRule.rights : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource topic_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${topic.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: topic -} - -module topic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: topic.id - } -}] - -@description('The name of the deployed topic.') -output name string = topic.name - -@description('The resource ID of the deployed topic.') -output resourceId string = topic.id - -@description('The resource group of the deployed topic.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/readme.md b/modules/Microsoft.ServiceBus/namespaces/topics/readme.md deleted file mode 100644 index f0d768ddde..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/readme.md +++ /dev/null @@ -1,117 +0,0 @@ -# ServiceBus Namespace Topic `[Microsoft.ServiceBus/namespaces/topics]` - -This module deploys a topic for a service bus namespace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.ServiceBus/namespaces/topics` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics) | -| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Service Bus Topic. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | _[authorizationRules](authorizationRules/readme.md)_ array | `[System.Collections.Hashtable]` | | Authorization Rules for the Service Bus Topic. | -| `autoDeleteOnIdle` | string | `'PT5M'` | | ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. | -| `defaultMessageTimeToLive` | string | `'P14D'` | | ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. | -| `duplicateDetectionHistoryTimeWindow` | string | `'PT10M'` | | ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. | -| `enableBatchedOperations` | bool | `True` | | Value that indicates whether server-side batched operations are enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableExpress` | bool | `False` | | A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. | -| `enablePartitioning` | bool | `False` | | A value that indicates whether the topic is to be partitioned across multiple message brokers. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxMessageSizeInKilobytes` | int | `1024` | | Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. | -| `maxSizeInMegabytes` | int | `1024` | | The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. | -| `requiresDuplicateDetection` | bool | `False` | | A value indicating if this topic requires duplicate detection. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown]` | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | -| `supportOrdering` | bool | `False` | | Value that indicates whether the topic supports ordering. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed topic. | -| `resourceGroupName` | string | The resource group of the deployed topic. | -| `resourceId` | string | The resource ID of the deployed topic. | diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/version.json b/modules/Microsoft.ServiceBus/namespaces/topics/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/topics/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/version.json b/modules/Microsoft.ServiceBus/namespaces/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep deleted file mode 100644 index dc289e3f0d..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/deploy.bicep +++ /dev/null @@ -1,46 +0,0 @@ -@description('Conditional. The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.') -@minLength(6) -@maxLength(50) -param namespaceName string - -@description('Optional. The name of the virtual network rule.') -param name string = '${namespaceName}-vnr' - -@description('Required. Resource ID of Virtual Network Subnet.') -param virtualNetworkSubnetId string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.ServiceBus/namespaces@2021-06-01-preview' existing = { - name: namespaceName -} - -resource virtualNetworkRule 'Microsoft.ServiceBus/namespaces/virtualNetworkRules@2018-01-01-preview' = { - name: name - parent: namespace - properties: { - virtualNetworkSubnetId: virtualNetworkSubnetId - } -} - -@description('The name of the virtual network rule.') -output name string = virtualNetworkRule.name - -@description('The Resource ID of the virtual network rule.') -output resourceId string = virtualNetworkRule.id - -@description('The name of the Resource Group the virtual network rule was created in.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md deleted file mode 100644 index 1f7d8fb0ef..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# ServiceBus Namespace Virtual Network Rules `[Microsoft.ServiceBus/namespaces/virtualNetworkRules]` - -This module deploys a virtual network rule for a service bus namespace. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceBus/namespaces/virtualnetworkrules` | [2018-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2018-01-01-preview/namespaces/virtualnetworkrules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualNetworkSubnetId` | string | Resource ID of Virtual Network Subnet. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[format('{0}-vnr', parameters('namespaceName'))]` | The name of the virtual network rule. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network rule. | -| `resourceGroupName` | string | The name of the Resource Group the virtual network rule was created in. | -| `resourceId` | string | The Resource ID of the virtual network rule. | diff --git a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json b/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceBus/namespaces/virtualNetworkRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b7325ee782..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource serviceFabricCluster 'Microsoft.ServiceFabric/clusters@2021-06-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { - name: guid(serviceFabricCluster.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: serviceFabricCluster -}] diff --git a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json deleted file mode 100644 index 668b6d8d12..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/cert.parameters.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-cert-001" - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-cert-001.westeurope.cloudapp.azure.com:19080" - }, - "reliabilityLevel": { - "value": "None" - }, - "certificate": { - "value": { - "thumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", // Mutual exclusive with the other cert specs - "x509StoreName": "My" - } - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "name": "Node01" - } - ] - } - } -} diff --git a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json deleted file mode 100644 index 46c19ee885..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/full.parameters.json +++ /dev/null @@ -1,208 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-full-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "resourceType": "Service Fabric", - "clusterName": "<>-az-sfc-full-001" - } - }, - "addOnFeatures": { - "value": [ - "RepairManager", - "DnsService", - "BackupRestoreService", - "ResourceMonitorService" - ] - }, - "maxUnusedVersionsToKeep": { - "value": 2 - }, - "azureActiveDirectory": { - "value": { - "clientApplication": "<>", - "clusterApplication": "cf33fea8-b30f-424f-ab73-c48d99e0b222", - "tenantId": "<>" - } - }, - "certificateCommonNames": { - "value": { - "commonNames": [ - { - "certificateCommonName": "certcommon", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130" - } - ], - "x509StoreName": "" - } - }, - "clientCertificateCommonNames": { - "value": [ - { - "certificateCommonName": "clientcommoncert1", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", - "isAdmin": false - }, - { - "certificateCommonName": "clientcommoncert2", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC131", - "isAdmin": false - } - ] - }, - "clientCertificateThumbprints": { - "value": [ - { - "certificateThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", - "isAdmin": false - }, - { - "certificateThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC131", - "isAdmin": false - } - ] - }, - "diagnosticsStorageAccountConfig": { - "value": { - "blobEndpoint": "https://adp<>azsaweux001.blob.core.windows.net/", - "protectedAccountKeyName": "StorageAccountKey1", - "queueEndpoint": "https://adp<>azsaweux001.queue.core.windows.net/", - "storageAccountName": "adp<>azsaweux001", - "tableEndpoint": "https://adp<>azsaweux001.table.core.windows.net/" - } - }, - "fabricSettings": { - "value": [ - { - "name": "Security", - "parameters": [ - { - "name": "ClusterProtectionLevel", - "value": "EncryptAndSign" - } - ] - }, - { - "name": "UpgradeService", - "parameters": [ - { - "name": "AppPollIntervalInSeconds", - "value": "60" - } - ] - } - ] - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-full-001.westeurope.cloudapp.azure.com:19080" - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "capacities": {}, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Silver", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "isStateless": false, - "multipleAvailabilityZones": false, - "name": "Node01", - "placementProperties": {}, - "reverseProxyEndpointPort": "", - "vmInstanceCount": 5 - }, - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 64000, - "startPort": 49000 - }, - "httpGatewayEndpointPort": 19007, - "isPrimary": true, - "name": "Node02", - "vmInstanceCount": 5 - } - ] - }, - "notifications": { - "value": [ - { - "isEnabled": true, - "notificationCategory": "WaveProgress", - "notificationLevel": "Critical", - "notificationTargets": [ - { - "notificationChannel": "EmailUser", - "receivers": [ - "SomeReceiver" - ] - } - ] - } - ] - }, - "upgradeDescription": { - "value": { - "forceRestart": false, - "upgradeReplicaSetCheckTimeout": "1.00:00:00", - "healthCheckWaitDuration": "00:00:30", - "healthCheckStableDuration": "00:01:00", - "healthCheckRetryTimeout": "00:45:00", - "upgradeTimeout": "02:00:00", - "upgradeDomainTimeout": "02:00:00", - "healthPolicy": { - "maxPercentUnhealthyNodes": 0, - "maxPercentUnhealthyApplications": 0 - }, - "deltaHealthPolicy": { - "maxPercentDeltaUnhealthyNodes": 0, - "maxPercentUpgradeDomainDeltaUnhealthyNodes": 0, - "maxPercentDeltaUnhealthyApplications": 0 - } - } - }, - "reliabilityLevel": { - "value": "Silver" - }, - "vmImage": { - "value": "Linux" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "applicationTypes": { - "value": [ - { - "name": "WordCount" // not idempotent - } - ] - } - } -} diff --git a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json b/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json deleted file mode 100644 index b7673a725b..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-min-001" - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-min-001.westeurope.cloudapp.azure.com:19080" - }, - "reliabilityLevel": { - "value": "None" - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "name": "Node01" - } - ] - } - } -} diff --git a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep deleted file mode 100644 index f74dc4b2ff..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/deploy.bicep +++ /dev/null @@ -1,42 +0,0 @@ -@description('Conditional. The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment.') -param serviceFabricClusterName string = '' - -@description('Optional. Application type name.') -param name string = 'defaultApplicationType' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource serviceFabricCluster 'Microsoft.ServiceFabric/clusters@2021-06-01' existing = { - name: serviceFabricClusterName -} - -resource applicationTypes 'Microsoft.ServiceFabric/clusters/applicationTypes@2021-06-01' = { - name: name - parent: serviceFabricCluster - tags: tags -} - -@description('The resource name of the Application type.') -output name string = applicationTypes.name - -@description('The resource group of the Application type.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the Application type.') -output resourceID string = applicationTypes.id diff --git a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md deleted file mode 100644 index 447e0cacc0..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/readme.md +++ /dev/null @@ -1,79 +0,0 @@ -# Service Fabric Cluster Application Types `[Microsoft.ServiceFabric/clusters/applicationTypes]` - -This module deploys a Service Fabric Cluster Application Type. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.ServiceFabric/clusters/applicationTypes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters/applicationTypes) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `serviceFabricClusterName` | string | `''` | The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'defaultApplicationType'` | Application type name. | -| `tags` | object | `{object}` | Tags of the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The resource name of the Application type. | -| `resourceGroupName` | string | The resource group of the Application type. | -| `resourceID` | string | The resource ID of the Application type. | diff --git a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json b/modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/applicationTypes/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.ServiceFabric/clusters/deploy.bicep b/modules/Microsoft.ServiceFabric/clusters/deploy.bicep deleted file mode 100644 index 1b8f93e722..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/deploy.bicep +++ /dev/null @@ -1,328 +0,0 @@ -@description('Required. Name of the Service Fabric cluster.') -param name string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Tags of the resource.') -param tags object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@allowed([ - 'BackupRestoreService' - 'DnsService' - 'RepairManager' - 'ResourceMonitorService' -]) -@description('Optional. The list of add-on features to enable in the cluster.') -param addOnFeatures array = [] - -@description('Required. Number of unused versions per application type to keep.') -param maxUnusedVersionsToKeep int = 3 - -@description('Optional. The settings to enable AAD authentication on the cluster.') -param azureActiveDirectory object = {} - -@description('Optional. Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location.') -param certificate object = {} - -@description('Optional. Describes a list of server certificates referenced by common name that are used to secure the cluster.') -param certificateCommonNames object = {} - -@description('Optional. The list of client certificates referenced by common name that are allowed to manage the cluster.') -param clientCertificateCommonNames array = [] - -@description('Optional. The list of client certificates referenced by thumbprint that are allowed to manage the cluster.') -param clientCertificateThumbprints array = [] - -@description('Optional. The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions.') -param clusterCodeVersion string = '' - -@description('Optional. The storage account information for storing Service Fabric diagnostic logs.') -param diagnosticsStorageAccountConfig object = {} - -@description('Optional. Indicates if the event store service is enabled.') -param eventStoreServiceEnabled bool = false - -@description('Optional. The list of custom fabric settings to configure the cluster.') -param fabricSettings array = [] - -@description('Optional. Indicates if infrastructure service manager is enabled.') -param infrastructureServiceManager bool = false - -@description('Required. The http management endpoint of the cluster.') -param managementEndpoint string - -@description('Required. The list of node types in the cluster.') -param nodeTypes array = [] - -@description('Optional. Indicates a list of notification channels for cluster events.') -param notifications array = [] - -@allowed([ - 'Bronze' - 'Gold' - 'None' - 'Platinum' - 'Silver' -]) -@description('Optional. The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9.') -param reliabilityLevel string - -@description('Optional. Describes the certificate details.') -param reverseProxyCertificate object = {} - -@description('Optional. Describes a list of server certificates referenced by common name that are used to secure the cluster.') -param reverseProxyCertificateCommonNames object = {} - -@allowed([ - 'Hierarchical' - 'Parallel' -]) -@description('Optional. This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster.') -param sfZonalUpgradeMode string = 'Hierarchical' - -@description('Optional. Describes the policy used when upgrading the cluster.') -param upgradeDescription object = {} - -@allowed([ - 'Automatic' - 'Manual' -]) -@description('Optional. The upgrade mode of the cluster when new Service Fabric runtime version is available.') -param upgradeMode string = 'Automatic' - -@description('Optional. Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC).') -param upgradePauseEndTimestampUtc string = '' - -@description('Optional. Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC).') -param upgradePauseStartTimestampUtc string = '' - -@allowed([ - 'Wave0' - 'Wave1' - 'Wave2' -]) -@description('Optional. Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0.') -param upgradeWave string = 'Wave0' - -@description('Optional. The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used.') -param vmImage string = '' - -@allowed([ - 'Hierarchical' - 'Parallel' -]) -@description('Optional. This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added.') -param vmssZonalUpgradeMode string = 'Hierarchical' - -@description('Optional. Boolean to pause automatic runtime version upgrades to the cluster.') -param waveUpgradePaused bool = false - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Array of Service Fabric cluster application types.') -param applicationTypes array = [] - -var enableReferencedModulesTelemetry = false - -var clientCertificateCommonNames_var = [for clientCertificateCommonName in clientCertificateCommonNames: { - certificateCommonName: contains(clientCertificateCommonName, 'certificateCommonName') ? clientCertificateCommonName.certificateCommonName : null - certificateIssuerThumbprint: contains(clientCertificateCommonName, 'certificateIssuerThumbprint') ? clientCertificateCommonName.certificateIssuerThumbprint : null - isAdmin: contains(clientCertificateCommonName, 'isAdmin') ? clientCertificateCommonName.isAdmin : false -}] - -var clientCertificateThumbprints_var = [for clientCertificateThumbprint in clientCertificateThumbprints: { - certificateThumbprint: contains(clientCertificateThumbprint, 'certificateThumbprint') ? clientCertificateThumbprint.certificateThumbprint : null - isAdmin: contains(clientCertificateThumbprint, 'isAdmin') ? clientCertificateThumbprint.isAdmin : false -}] - -var fabricSettings_var = [for fabricSetting in fabricSettings: { - name: contains(fabricSetting, 'name') ? fabricSetting.name : null - parameters: contains(fabricSetting, 'parameters') ? fabricSetting.parameters : null -}] - -var nodeTypes_var = [for nodeType in nodeTypes: { - applicationPorts: contains(nodeType, 'applicationPorts') ? { - endPort: contains(nodeType.applicationPorts, 'endPort') ? nodeType.applicationPorts.endPort : null - startPort: contains(nodeType.applicationPorts, 'startPort') ? nodeType.applicationPorts.startPort : null - } : null - capacities: contains(nodeType, 'capacities') ? nodeType.capacities : null - clientConnectionEndpointPort: contains(nodeType, 'clientConnectionEndpointPort') ? nodeType.clientConnectionEndpointPort : null - durabilityLevel: contains(nodeType, 'durabilityLevel') ? nodeType.durabilityLevel : null - ephemeralPorts: contains(nodeType, 'ephemeralPorts') ? { - endPort: contains(nodeType.ephemeralPorts, 'endPort') ? nodeType.ephemeralPorts.endPort : null - startPort: contains(nodeType.ephemeralPorts, 'startPort') ? nodeType.ephemeralPorts.startPort : null - } : null - httpGatewayEndpointPort: contains(nodeType, 'httpGatewayEndpointPort') ? nodeType.httpGatewayEndpointPort : null - isPrimary: contains(nodeType, 'isPrimary') ? nodeType.isPrimary : null - isStateless: contains(nodeType, 'isStateless') ? nodeType.isStateless : null - multipleAvailabilityZones: contains(nodeType, 'multipleAvailabilityZones') ? nodeType.multipleAvailabilityZones : null - name: contains(nodeType, 'name') ? nodeType.name : 'Node00' - placementProperties: contains(nodeType, 'placementProperties') ? nodeType.placementProperties : null - reverseProxyEndpointPort: contains(nodeType, 'reverseProxyEndpointPort') ? nodeType.reverseProxyEndpointPort : null - vmInstanceCount: contains(nodeType, 'vmInstanceCount') ? nodeType.vmInstanceCount : 1 -}] - -var notifications_var = [for notification in notifications: { - isEnabled: contains(notification, 'isEnabled') ? notification.isEnabled : false - notificationCategory: contains(notification, 'notificationCategory') ? notification.notificationCategory : 'WaveProgress' - notificationLevel: contains(notification, 'notificationLevel') ? notification.notificationLevel : 'All' - notificationTargets: contains(notification, 'notificationTargets') ? notification.notificationTargets : [] -}] - -var upgradeDescription_var = union({ - deltaHealthPolicy: { - applicationDeltaHealthPolicies: contains(upgradeDescription, 'applicationDeltaHealthPolicies') ? upgradeDescription.applicationDeltaHealthPolicies : {} - maxPercentDeltaUnhealthyApplications: contains(upgradeDescription, 'maxPercentDeltaUnhealthyApplications') ? upgradeDescription.maxPercentDeltaUnhealthyApplications : 0 - maxPercentDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentDeltaUnhealthyNodes') ? upgradeDescription.maxPercentDeltaUnhealthyNodes : 0 - maxPercentUpgradeDomainDeltaUnhealthyNodes: contains(upgradeDescription, 'maxPercentUpgradeDomainDeltaUnhealthyNodes') ? upgradeDescription.maxPercentUpgradeDomainDeltaUnhealthyNodes : 0 - } - forceRestart: contains(upgradeDescription, 'forceRestart') ? upgradeDescription.forceRestart : false - healthCheckRetryTimeout: contains(upgradeDescription, 'healthCheckRetryTimeout') ? upgradeDescription.healthCheckRetryTimeout : '00:45:00' - healthCheckStableDuration: contains(upgradeDescription, 'healthCheckStableDuration') ? upgradeDescription.healthCheckStableDuration : '00:01:00' - healthCheckWaitDuration: contains(upgradeDescription, 'healthCheckWaitDuration') ? upgradeDescription.healthCheckWaitDuration : '00:00:30' - upgradeDomainTimeout: contains(upgradeDescription, 'upgradeDomainTimeout') ? upgradeDescription.upgradeDomainTimeout : '02:00:00' - upgradeReplicaSetCheckTimeout: contains(upgradeDescription, 'upgradeReplicaSetCheckTimeout') ? upgradeDescription.upgradeReplicaSetCheckTimeout : '1.00:00:00' - upgradeTimeout: contains(upgradeDescription, 'upgradeTimeout') ? upgradeDescription.upgradeTimeout : '02:00:00' - }, contains(upgradeDescription, 'healthPolicy') ? { - healthPolicy: { - applicationHealthPolicies: contains(upgradeDescription.healthPolicy, 'applicationHealthPolicies') ? upgradeDescription.healthPolicy.applicationHealthPolicies : {} - maxPercentUnhealthyApplications: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyApplications') ? upgradeDescription.healthPolicy.maxPercentUnhealthyApplications : 0 - maxPercentUnhealthyNodes: contains(upgradeDescription.healthPolicy, 'maxPercentUnhealthyNodes') ? upgradeDescription.healthPolicy.maxPercentUnhealthyNodes : 0 - } - } : {}) - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -// Service Fabric cluster resource -resource serviceFabricCluster 'Microsoft.ServiceFabric/clusters@2021-06-01' = { - name: name - location: location - tags: tags - properties: { - addOnFeatures: addOnFeatures - applicationTypeVersionsCleanupPolicy: { - maxUnusedVersionsToKeep: maxUnusedVersionsToKeep - } - azureActiveDirectory: !empty(azureActiveDirectory) ? { - clientApplication: contains(azureActiveDirectory, 'clientApplication') ? azureActiveDirectory.clientApplication : null - clusterApplication: contains(azureActiveDirectory, 'clusterApplication') ? azureActiveDirectory.clusterApplication : null - tenantId: contains(azureActiveDirectory, 'tenantId') ? azureActiveDirectory.tenantId : null - } : null - certificate: !empty(certificate) ? { - thumbprint: contains(certificate, 'thumbprint') ? certificate.thumbprint : null - thumbprintSecondary: contains(certificate, 'thumbprintSecondary') ? certificate.thumbprintSecondary : null - x509StoreName: contains(certificate, 'x509StoreName') ? certificate.x509StoreName : null - } : null - certificateCommonNames: !empty(certificateCommonNames) ? { - commonNames: contains(certificateCommonNames, 'commonNames') ? certificateCommonNames.commonNames : null - x509StoreName: contains(certificateCommonNames, 'certificateCommonNamesx509StoreName') ? certificateCommonNames.certificateCommonNamesx509StoreName : null - } : null - clientCertificateCommonNames: !empty(clientCertificateCommonNames) ? clientCertificateCommonNames_var : null - clientCertificateThumbprints: !empty(clientCertificateThumbprints) ? clientCertificateThumbprints_var : null - clusterCodeVersion: !empty(clusterCodeVersion) ? clusterCodeVersion : null - diagnosticsStorageAccountConfig: !empty(diagnosticsStorageAccountConfig) ? { - blobEndpoint: contains(diagnosticsStorageAccountConfig, 'blobEndpoint') ? diagnosticsStorageAccountConfig.blobEndpoint : null - protectedAccountKeyName: contains(diagnosticsStorageAccountConfig, 'protectedAccountKeyName') ? diagnosticsStorageAccountConfig.protectedAccountKeyName : null - protectedAccountKeyName2: contains(diagnosticsStorageAccountConfig, 'protectedAccountKeyName2') ? diagnosticsStorageAccountConfig.protectedAccountKeyName2 : null - queueEndpoint: contains(diagnosticsStorageAccountConfig, 'queueEndpoint') ? diagnosticsStorageAccountConfig.queueEndpoint : null - storageAccountName: contains(diagnosticsStorageAccountConfig, 'storageAccountName') ? diagnosticsStorageAccountConfig.storageAccountName : null - tableEndpoint: contains(diagnosticsStorageAccountConfig, 'tableEndpoint') ? diagnosticsStorageAccountConfig.tableEndpoint : null - } : null - eventStoreServiceEnabled: eventStoreServiceEnabled - fabricSettings: !empty(fabricSettings) ? fabricSettings_var : null - infrastructureServiceManager: infrastructureServiceManager - managementEndpoint: managementEndpoint - nodeTypes: !empty(nodeTypes) ? nodeTypes_var : [] - notifications: !empty(notifications) ? notifications_var : null - reliabilityLevel: !empty(reliabilityLevel) ? reliabilityLevel : 'None' - reverseProxyCertificate: !empty(reverseProxyCertificate) ? { - thumbprint: contains(reverseProxyCertificate, 'thumbprint') ? reverseProxyCertificate.thumbprint : null - thumbprintSecondary: contains(reverseProxyCertificate, 'thumbprintSecondary') ? reverseProxyCertificate.thumbprintSecondary : null - x509StoreName: contains(reverseProxyCertificate, 'x509StoreName') ? reverseProxyCertificate.x509StoreName : null - } : null - reverseProxyCertificateCommonNames: !empty(reverseProxyCertificateCommonNames) ? { - commonNames: contains(reverseProxyCertificateCommonNames, 'commonNames') ? reverseProxyCertificateCommonNames.commonNames : null - x509StoreName: contains(reverseProxyCertificateCommonNames, 'x509StoreName') ? reverseProxyCertificateCommonNames.x509StoreName : null - } : null - sfZonalUpgradeMode: !empty(sfZonalUpgradeMode) ? sfZonalUpgradeMode : null - upgradeDescription: !empty(upgradeDescription) ? upgradeDescription_var : null - upgradeMode: !empty(upgradeMode) ? upgradeMode : null - upgradePauseEndTimestampUtc: !empty(upgradePauseEndTimestampUtc) ? upgradePauseEndTimestampUtc : null - upgradePauseStartTimestampUtc: !empty(upgradePauseStartTimestampUtc) ? upgradePauseStartTimestampUtc : null - upgradeWave: !empty(upgradeWave) ? upgradeWave : null - vmImage: !empty(vmImage) ? vmImage : null - vmssZonalUpgradeMode: !empty(vmssZonalUpgradeMode) ? vmssZonalUpgradeMode : null - waveUpgradePaused: waveUpgradePaused - } -} - -// Service Fabric cluster resource lock -resource serviceFabricCluster_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${serviceFabricCluster.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: serviceFabricCluster -} - -// Service Fabric cluster RBAC assignment -module serviceFabricCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ServiceFabric-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: serviceFabricCluster.id - } -}] - -// Service Fabric cluster application types -module serviceFabricCluster_applicationTypes 'applicationTypes/deploy.bicep' = [for applicationType in applicationTypes: { - name: '${uniqueString(deployment().name, location)}-SFC-${applicationType.name}' - params: { - name: applicationType.name - serviceFabricClusterName: serviceFabricCluster.name - tags: contains(applicationType, 'tags') ? applicationType.tags : {} - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The Service Fabric Cluster name.') -output name string = serviceFabricCluster.name - -@description('The Service Fabric Cluster resource group.') -output resourceGroupName string = resourceGroup().name - -@description('The Service Fabric Cluster resource ID.') -output resourceId string = serviceFabricCluster.id - -@description('The Service Fabric Cluster endpoint.') -output endpoint string = serviceFabricCluster.properties.clusterEndpoint - -@description('The location the resource was deployed into.') -output location string = serviceFabricCluster.location diff --git a/modules/Microsoft.ServiceFabric/clusters/readme.md b/modules/Microsoft.ServiceFabric/clusters/readme.md deleted file mode 100644 index 49f09ce508..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/readme.md +++ /dev/null @@ -1,797 +0,0 @@ -# Service Fabric Clusters `[Microsoft.ServiceFabric/clusters]` - -This module deploys a Service Fabric Cluster. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-04-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) | -| `Microsoft.ServiceFabric/clusters` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters) | -| `Microsoft.ServiceFabric/clusters/applicationTypes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters/applicationTypes) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `managementEndpoint` | string | | The http management endpoint of the cluster. | -| `maxUnusedVersionsToKeep` | int | `3` | Number of unused versions per application type to keep. | -| `name` | string | `''` | Name of the Service Fabric cluster. | -| `nodeTypes` | array | `[]` | The list of node types in the cluster. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addOnFeatures` | array | `[]` | `[BackupRestoreService, DnsService, RepairManager, ResourceMonitorService]` | The list of add-on features to enable in the cluster. | -| `applicationTypes` | _[applicationTypes](applicationTypes/readme.md)_ array | `[]` | | Array of Service Fabric cluster application types. | -| `azureActiveDirectory` | object | `{object}` | | The settings to enable AAD authentication on the cluster. | -| `certificate` | object | `{object}` | | Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location. | -| `certificateCommonNames` | object | `{object}` | | Describes a list of server certificates referenced by common name that are used to secure the cluster. | -| `clientCertificateCommonNames` | array | `[]` | | The list of client certificates referenced by common name that are allowed to manage the cluster. | -| `clientCertificateThumbprints` | array | `[]` | | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | -| `clusterCodeVersion` | string | `''` | | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | -| `diagnosticsStorageAccountConfig` | object | `{object}` | | The storage account information for storing Service Fabric diagnostic logs. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `eventStoreServiceEnabled` | bool | `False` | | Indicates if the event store service is enabled. | -| `fabricSettings` | array | `[]` | | The list of custom fabric settings to configure the cluster. | -| `infrastructureServiceManager` | bool | `False` | | Indicates if infrastructure service manager is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `notifications` | array | `[]` | | Indicates a list of notification channels for cluster events. | -| `reliabilityLevel` | string | | `[Bronze, Gold, None, Platinum, Silver]` | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. | -| `reverseProxyCertificate` | object | `{object}` | | Describes the certificate details. | -| `reverseProxyCertificateCommonNames` | object | `{object}` | | Describes a list of server certificates referenced by common name that are used to secure the cluster. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sfZonalUpgradeMode` | string | `'Hierarchical'` | `[Hierarchical, Parallel]` | This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `upgradeDescription` | object | `{object}` | | Describes the policy used when upgrading the cluster. | -| `upgradeMode` | string | `'Automatic'` | `[Automatic, Manual]` | The upgrade mode of the cluster when new Service Fabric runtime version is available. | -| `upgradePauseEndTimestampUtc` | string | `''` | | Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | -| `upgradePauseStartTimestampUtc` | string | `''` | | Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). | -| `upgradeWave` | string | `'Wave0'` | `[Wave0, Wave1, Wave2]` | Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. | -| `vmImage` | string | `''` | | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | -| `vmssZonalUpgradeMode` | string | `'Hierarchical'` | `[Hierarchical, Parallel]` | This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. | -| `waveUpgradePaused` | bool | `False` | | Boolean to pause automatic runtime version upgrades to the cluster. | - - -### Parameter Usage: `notifications` - -

- -Parameter JSON format - -```json -"notifications": { - "value": [ - { - "isEnabled": true, // Required. Indicates if the notification is enabled. - "notificationCategory": "WaveProgress", // Required. The category of notification. Possible values include: "WaveProgress". - "notificationLevel": "Critical", // Required. The level of notification. Possible values include: "Critical", "All". - "notificationTargets": [ - { - "notificationChannel": "EmailUser", // Required. The notification channel indicates the type of receivers subscribed to the notification, either user or subscription. Possible values include: "EmailUser", "EmailSubscription". - "receivers": [ - "SomeReceiver" // Required. List of targets that subscribe to the notification. - ] - } - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -notifications: [ - { - isEnabled: true // Required. Indicates if the notification is enabled. - notificationCategory: 'WaveProgress' // Required. The category of notification. Possible values include: 'WaveProgress'. - notificationLevel: 'Critical' // Required. The level of notification. Possible values include: 'Critical' 'All'. - notificationTargets: [ - { - notificationChannel: 'EmailUser' // Required. The notification channel indicates the type of receivers subscribed to the notification either user or subscription. Possible values include: 'EmailUser' 'EmailSubscription'. - receivers: [ - 'SomeReceiver' // Required. List of targets that subscribe to the notification. - ] - } - ] - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `endpoint` | string | The Service Fabric Cluster endpoint. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Service Fabric Cluster name. | -| `resourceGroupName` | string | The Service Fabric Cluster resource group. | -| `resourceId` | string | The Service Fabric Cluster resource ID. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-cert-001" - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-cert-001.westeurope.cloudapp.azure.com:19080" - }, - "reliabilityLevel": { - "value": "None" - }, - "certificate": { - "value": { - "thumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", // Mutual exclusive with the other cert specs - "x509StoreName": "My" - } - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "name": "Node01" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module clusters './Microsoft.ServiceFabric/clusters/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-clusters' - params: { - name: '<>-az-sfc-cert-001' - managementEndpoint: 'https://<>-az-sfc-cert-001.westeurope.cloudapp.azure.com:19080' - reliabilityLevel: 'None' - certificate: { - thumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC130' - x509StoreName: 'My' - } - nodeTypes: [ - { - applicationPorts: { - endPort: 30000 - startPort: 20000 - } - clientConnectionEndpointPort: 19000 - durabilityLevel: 'Bronze' - ephemeralPorts: { - endPort: 65534 - startPort: 49152 - } - httpGatewayEndpointPort: 19080 - isPrimary: true - name: 'Node01' - } - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-full-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "tags": { - "value": { - "resourceType": "Service Fabric", - "clusterName": "<>-az-sfc-full-001" - } - }, - "addOnFeatures": { - "value": [ - "RepairManager", - "DnsService", - "BackupRestoreService", - "ResourceMonitorService" - ] - }, - "maxUnusedVersionsToKeep": { - "value": 2 - }, - "azureActiveDirectory": { - "value": { - "clientApplication": "<>", - "clusterApplication": "cf33fea8-b30f-424f-ab73-c48d99e0b222", - "tenantId": "<>" - } - }, - "certificateCommonNames": { - "value": { - "commonNames": [ - { - "certificateCommonName": "certcommon", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130" - } - ], - "x509StoreName": "" - } - }, - "clientCertificateCommonNames": { - "value": [ - { - "certificateCommonName": "clientcommoncert1", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", - "isAdmin": false - }, - { - "certificateCommonName": "clientcommoncert2", - "certificateIssuerThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC131", - "isAdmin": false - } - ] - }, - "clientCertificateThumbprints": { - "value": [ - { - "certificateThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC130", - "isAdmin": false - }, - { - "certificateThumbprint": "0AC113D5E1D94C401DDEB0EE2B1B96CC131", - "isAdmin": false - } - ] - }, - "diagnosticsStorageAccountConfig": { - "value": { - "blobEndpoint": "https://adp<>azsaweux001.blob.core.windows.net/", - "protectedAccountKeyName": "StorageAccountKey1", - "queueEndpoint": "https://adp<>azsaweux001.queue.core.windows.net/", - "storageAccountName": "adp<>azsaweux001", - "tableEndpoint": "https://adp<>azsaweux001.table.core.windows.net/" - } - }, - "fabricSettings": { - "value": [ - { - "name": "Security", - "parameters": [ - { - "name": "ClusterProtectionLevel", - "value": "EncryptAndSign" - } - ] - }, - { - "name": "UpgradeService", - "parameters": [ - { - "name": "AppPollIntervalInSeconds", - "value": "60" - } - ] - } - ] - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-full-001.westeurope.cloudapp.azure.com:19080" - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "capacities": {}, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Silver", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "isStateless": false, - "multipleAvailabilityZones": false, - "name": "Node01", - "placementProperties": {}, - "reverseProxyEndpointPort": "", - "vmInstanceCount": 5 - }, - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 64000, - "startPort": 49000 - }, - "httpGatewayEndpointPort": 19007, - "isPrimary": true, - "name": "Node02", - "vmInstanceCount": 5 - } - ] - }, - "notifications": { - "value": [ - { - "isEnabled": true, - "notificationCategory": "WaveProgress", - "notificationLevel": "Critical", - "notificationTargets": [ - { - "notificationChannel": "EmailUser", - "receivers": [ - "SomeReceiver" - ] - } - ] - } - ] - }, - "upgradeDescription": { - "value": { - "forceRestart": false, - "upgradeReplicaSetCheckTimeout": "1.00:00:00", - "healthCheckWaitDuration": "00:00:30", - "healthCheckStableDuration": "00:01:00", - "healthCheckRetryTimeout": "00:45:00", - "upgradeTimeout": "02:00:00", - "upgradeDomainTimeout": "02:00:00", - "healthPolicy": { - "maxPercentUnhealthyNodes": 0, - "maxPercentUnhealthyApplications": 0 - }, - "deltaHealthPolicy": { - "maxPercentDeltaUnhealthyNodes": 0, - "maxPercentUpgradeDomainDeltaUnhealthyNodes": 0, - "maxPercentDeltaUnhealthyApplications": 0 - } - } - }, - "reliabilityLevel": { - "value": "Silver" - }, - "vmImage": { - "value": "Linux" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "applicationTypes": { - "value": [ - { - "name": "WordCount" // not idempotent - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module clusters './Microsoft.ServiceFabric/clusters/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-clusters' - params: { - name: '<>-az-sfc-full-001' - lock: 'CanNotDelete' - tags: { - resourceType: 'Service Fabric' - clusterName: '<>-az-sfc-full-001' - } - addOnFeatures: [ - 'RepairManager' - 'DnsService' - 'BackupRestoreService' - 'ResourceMonitorService' - ] - maxUnusedVersionsToKeep: 2 - azureActiveDirectory: { - clientApplication: '<>' - clusterApplication: 'cf33fea8-b30f-424f-ab73-c48d99e0b222' - tenantId: '<>' - } - certificateCommonNames: { - commonNames: [ - { - certificateCommonName: 'certcommon' - certificateIssuerThumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC130' - } - ] - x509StoreName: '' - } - clientCertificateCommonNames: [ - { - certificateCommonName: 'clientcommoncert1' - certificateIssuerThumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC130' - isAdmin: false - } - { - certificateCommonName: 'clientcommoncert2' - certificateIssuerThumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC131' - isAdmin: false - } - ] - clientCertificateThumbprints: [ - { - certificateThumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC130' - isAdmin: false - } - { - certificateThumbprint: '0AC113D5E1D94C401DDEB0EE2B1B96CC131' - isAdmin: false - } - ] - diagnosticsStorageAccountConfig: { - blobEndpoint: 'https://adp<>azsaweux001.blob.core.windows.net/' - protectedAccountKeyName: 'StorageAccountKey1' - queueEndpoint: 'https://adp<>azsaweux001.queue.core.windows.net/' - storageAccountName: 'adp<>azsaweux001' - tableEndpoint: 'https://adp<>azsaweux001.table.core.windows.net/' - } - fabricSettings: [ - { - name: 'Security' - parameters: [ - { - name: 'ClusterProtectionLevel' - value: 'EncryptAndSign' - } - ] - } - { - name: 'UpgradeService' - parameters: [ - { - name: 'AppPollIntervalInSeconds' - value: '60' - } - ] - } - ] - managementEndpoint: 'https://<>-az-sfc-full-001.westeurope.cloudapp.azure.com:19080' - nodeTypes: [ - { - applicationPorts: { - endPort: 30000 - startPort: 20000 - } - capacities: {} - clientConnectionEndpointPort: 19000 - durabilityLevel: 'Silver' - ephemeralPorts: { - endPort: 65534 - startPort: 49152 - } - httpGatewayEndpointPort: 19080 - isPrimary: true - isStateless: false - multipleAvailabilityZones: false - name: 'Node01' - placementProperties: {} - reverseProxyEndpointPort: '' - vmInstanceCount: 5 - } - { - applicationPorts: { - endPort: 30000 - startPort: 20000 - } - clientConnectionEndpointPort: 19000 - durabilityLevel: 'Bronze' - ephemeralPorts: { - endPort: 64000 - startPort: 49000 - } - httpGatewayEndpointPort: 19007 - isPrimary: true - name: 'Node02' - vmInstanceCount: 5 - } - ] - notifications: [ - { - isEnabled: true - notificationCategory: 'WaveProgress' - notificationLevel: 'Critical' - notificationTargets: [ - { - notificationChannel: 'EmailUser' - receivers: [ - 'SomeReceiver' - ] - } - ] - } - ] - upgradeDescription: { - forceRestart: false - upgradeReplicaSetCheckTimeout: '1.00:00:00' - healthCheckWaitDuration: '00:00:30' - healthCheckStableDuration: '00:01:00' - healthCheckRetryTimeout: '00:45:00' - upgradeTimeout: '02:00:00' - upgradeDomainTimeout: '02:00:00' - healthPolicy: { - maxPercentUnhealthyNodes: 0 - maxPercentUnhealthyApplications: 0 - } - deltaHealthPolicy: { - maxPercentDeltaUnhealthyNodes: 0 - maxPercentUpgradeDomainDeltaUnhealthyNodes: 0 - maxPercentDeltaUnhealthyApplications: 0 - } - } - reliabilityLevel: 'Silver' - vmImage: 'Linux' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - applicationTypes: [ - { - name: 'WordCount' - } - ] - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sfc-min-001" - }, - "managementEndpoint": { - "value": "https://<>-az-sfc-min-001.westeurope.cloudapp.azure.com:19080" - }, - "reliabilityLevel": { - "value": "None" - }, - "nodeTypes": { - "value": [ - { - "applicationPorts": { - "endPort": 30000, - "startPort": 20000 - }, - "clientConnectionEndpointPort": 19000, - "durabilityLevel": "Bronze", - "ephemeralPorts": { - "endPort": 65534, - "startPort": 49152 - }, - "httpGatewayEndpointPort": 19080, - "isPrimary": true, - "name": "Node01" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module clusters './Microsoft.ServiceFabric/clusters/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-clusters' - params: { - name: '<>-az-sfc-min-001' - managementEndpoint: 'https://<>-az-sfc-min-001.westeurope.cloudapp.azure.com:19080' - reliabilityLevel: 'None' - nodeTypes: [ - { - applicationPorts: { - endPort: 30000 - startPort: 20000 - } - clientConnectionEndpointPort: 19000 - durabilityLevel: 'Bronze' - ephemeralPorts: { - endPort: 65534 - startPort: 49152 - } - httpGatewayEndpointPort: 19080 - isPrimary: true - name: 'Node01' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.ServiceFabric/clusters/version.json b/modules/Microsoft.ServiceFabric/clusters/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.ServiceFabric/clusters/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 63cd145815..0000000000 --- a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reservation Purchaser': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2020-08-01-preview' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(managedInstance.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: managedInstance -}] diff --git a/modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json b/modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json deleted file mode 100644 index 7435419747..0000000000 --- a/modules/Microsoft.Sql/managedInstances/.deploymentTests/parameters.json +++ /dev/null @@ -1,150 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlmi-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "administratorLogin": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLogin" - } - }, - "administratorLoginPassword": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLoginPassword" - } - }, - "subnetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-sqlmi/subnets/<>-az-subnet-x-sqlmi" - }, - "skuName": { - "value": "GP_Gen5" - }, - "skuTier": { - "value": "GeneralPurpose" - }, - "storageSizeInGB": { - "value": 32 - }, - "vCores": { - "value": 4 - }, - "licenseType": { - "value": "LicenseIncluded" - }, - "hardwareFamily": { - "value": "Gen5" - }, - "servicePrincipal": { - "value": "SystemAssigned" - }, - "dnsZonePartner": { - "value": "" - }, - "timezoneId": { - "value": "UTC" - }, - "collation": { - "value": "SQL_Latin1_General_CP1_CI_AS" - }, - "proxyOverride": { - "value": "Proxy" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "primaryUserAssignedIdentityId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "publicDataEndpointEnabled": { - "value": false - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "keys": { - "value": [ - { - "name": "adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "uri": "https://adp-<>-az-kv-x-sqlmi.vault.azure.net/keys/keyEncryptionKeySqlMi/4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "serverKeyType": "AzureKeyVault" - } - ] - }, - "encryptionProtectorObj": { - "value": { - "serverKeyName": "adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "serverKeyType": "AzureKeyVault" - } - }, - "securityAlertPoliciesObj": { - "value": { - "name": "default", - "state": "Enabled", - "emailAccountAdmins": true - } - }, - "vulnerabilityAssessmentsObj": { - "value": { - "name": "default", - "emailSubscriptionAdmins": true, - "recurringScansIsEnabled": true, - "recurringScansEmails": [ - "test1@contoso.com", - "test2@contoso.com" - ], - "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - } - }, - "databases": { - "value": [ - { - "name": "<>-az-sqlmidb-x-001", - "backupShortTermRetentionPolicies": { - "name": "default" - }, - "backupLongTermRetentionPolicies": { - "name": "default" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep b/modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep deleted file mode 100644 index 3883b6f2fd..0000000000 --- a/modules/Microsoft.Sql/managedInstances/administrators/deploy.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Required. Login name of the managed instance administrator.') -param login string - -@description('Required. SID (object ID) of the managed instance administrator.') -param sid string - -@description('Optional. The name of the managed instance administrator.') -param name string = 'ActiveDirectory' - -@description('Optional. Tenant ID of the managed instance administrator.') -param tenantId string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource administrator 'Microsoft.Sql/managedInstances/administrators@2021-02-01-preview' = { - name: name - parent: managedInstance - properties: { - administratorType: 'ActiveDirectory' - login: login - sid: sid - tenantId: tenantId - } -} - -@description('The name of the deployed managed instance.') -output name string = administrator.name - -@description('The resource ID of the deployed managed instance.') -output resourceId string = administrator.id - -@description('The resource group of the deployed managed instance.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/administrators/readme.md b/modules/Microsoft.Sql/managedInstances/administrators/readme.md deleted file mode 100644 index 63efdd9095..0000000000 --- a/modules/Microsoft.Sql/managedInstances/administrators/readme.md +++ /dev/null @@ -1,44 +0,0 @@ -# SQL Managed Instances Administrator `[Microsoft.Sql/managedInstances/administrators]` - -This module deploys an administrator for the SQL managed instance - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/administrators` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `login` | string | Login name of the managed instance administrator. | -| `sid` | string | SID (object ID) of the managed instance administrator. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'ActiveDirectory'` | The name of the managed instance administrator. | -| `tenantId` | string | `''` | Tenant ID of the managed instance administrator. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed managed instance. | -| `resourceGroupName` | string | The resource group of the deployed managed instance. | -| `resourceId` | string | The resource ID of the deployed managed instance. | diff --git a/modules/Microsoft.Sql/managedInstances/administrators/version.json b/modules/Microsoft.Sql/managedInstances/administrators/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/administrators/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep deleted file mode 100644 index cef5b0f1cb..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/deploy.bicep +++ /dev/null @@ -1,63 +0,0 @@ -@description('Required. The name of the Long Term Retention backup policy. For example "default".') -param name string - -@description('Conditional. The name of the parent managed instance database. Required if the template is used in a standalone deployment.') -param databaseName string - -@description('Conditional. The name of the parent managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. The week of year to take the yearly backup in an ISO 8601 format.') -param weekOfYear int = 5 - -@description('Optional. The weekly retention policy for an LTR backup in an ISO 8601 format.') -param weeklyRetention string = 'P1M' - -@description('Optional. The monthly retention policy for an LTR backup in an ISO 8601 format.') -param monthlyRetention string = 'P1Y' - -@description('Optional. The yearly retention policy for an LTR backup in an ISO 8601 format.') -param yearlyRetention string = 'P5Y' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName - - resource managedInstaceDatabase 'databases@2020-02-02-preview' existing = { - name: databaseName - } -} - -resource backupLongTermRetentionPolicy 'Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies@2021-02-01-preview' = { - name: name - parent: managedInstance::managedInstaceDatabase - properties: { - monthlyRetention: monthlyRetention - weeklyRetention: weeklyRetention - weekOfYear: weekOfYear - yearlyRetention: yearlyRetention - } -} - -@description('The name of the deployed database backup long-term retention policy.') -output name string = backupLongTermRetentionPolicy.name - -@description('The resource ID of the deployed database backup long-term retention policy.') -output resourceId string = backupLongTermRetentionPolicy.id - -@description('The resource group of the deployed database backup long-term retention policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md deleted file mode 100644 index 7db8657c7b..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/readme.md +++ /dev/null @@ -1,46 +0,0 @@ -# SQL Managed Instance Database Backup Long-Term Retention Policy `[Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies]` - -This module deploys a backup long-term retention policies for SQL Managed Instance databases - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Long Term Retention backup policy. For example "default". | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `databaseName` | string | The name of the parent managed instance database. Required if the template is used in a standalone deployment. | -| `managedInstanceName` | string | The name of the parent managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `monthlyRetention` | string | `'P1Y'` | The monthly retention policy for an LTR backup in an ISO 8601 format. | -| `weeklyRetention` | string | `'P1M'` | The weekly retention policy for an LTR backup in an ISO 8601 format. | -| `weekOfYear` | int | `5` | The week of year to take the yearly backup in an ISO 8601 format. | -| `yearlyRetention` | string | `'P5Y'` | The yearly retention policy for an LTR backup in an ISO 8601 format. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed database backup long-term retention policy. | -| `resourceGroupName` | string | The resource group of the deployed database backup long-term retention policy. | -| `resourceId` | string | The resource ID of the deployed database backup long-term retention policy. | diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json b/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep deleted file mode 100644 index 3fa3a03853..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/deploy.bicep +++ /dev/null @@ -1,51 +0,0 @@ -@description('Required. The name of the Short Term Retention backup policy. For example "default".') -param name string - -@description('Conditional. The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment.') -param databaseName string - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. The backup retention period in days. This is how many days Point-in-Time Restore will be supported.') -param retentionDays int = 35 - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName - - resource managedInstaceDatabase 'databases@2020-02-02-preview' existing = { - name: databaseName - } -} - -resource backupShortTermRetentionPolicy 'Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies@2017-03-01-preview' = { - name: name - parent: managedInstance::managedInstaceDatabase - properties: { - retentionDays: retentionDays - } -} - -@description('The name of the deployed database backup short-term retention policy.') -output name string = backupShortTermRetentionPolicy.name - -@description('The resource ID of the deployed database backup short-term retention policy.') -output resourceId string = backupShortTermRetentionPolicy.id - -@description('The resource group of the deployed database backup short-term retention policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md deleted file mode 100644 index 3ea8119f91..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/readme.md +++ /dev/null @@ -1,44 +0,0 @@ -# SQL Managed Instance Database Backup Short-Term Retention Policy `[Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies]` - -This module deploys a backup short-term retention policies for SQL Managed Instance databases - - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2017-03-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Short Term Retention backup policy. For example "default". | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `databaseName` | string | The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `retentionDays` | int | `35` | The backup retention period in days. This is how many days Point-in-Time Restore will be supported. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed database backup short-term retention policy. | -| `resourceGroupName` | string | The resource group of the deployed database backup short-term retention policy. | -| `resourceId` | string | The resource ID of the deployed database backup short-term retention policy. | diff --git a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json b/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep b/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep deleted file mode 100644 index 32d9bbd5af..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/deploy.bicep +++ /dev/null @@ -1,203 +0,0 @@ -@description('Required. The name of the SQL managed instance database.') -param name string - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Collation of the managed instance database.') -param collation string = 'SQL_Latin1_General_CP1_CI_AS' - -@description('Optional. Collation of the managed instance.') -param catalogCollation string = 'SQL_Latin1_General_CP1_CI_AS' - -@description('Optional. Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required).') -@allowed([ - 'Default' - 'RestoreExternalBackup' - 'PointInTimeRestore' - 'Recovery' - 'RestoreLongTermRetentionBackup' -]) -param createMode string = 'Default' - -@description('Conditional. The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore.') -param sourceDatabaseId string = '' - -@description('Conditional. Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore.') -param restorePointInTime string = '' - -@description('Optional. The restorable dropped database resource ID to restore when creating this database.') -param restorableDroppedDatabaseId string = '' - -@description('Conditional. Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup.') -param storageContainerUri string = '' - -@description('Conditional. Specifies the storage container sas token. Required if createMode is RestoreExternalBackup.') -param storageContainerSasToken string = '' - -@description('Conditional. The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery.') -param recoverableDatabaseId string = '' - -@description('Conditional. The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup.') -param longTermRetentionBackupResourceId string = '' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. The configuration for the backup short term retention policy definition.') -param backupShortTermRetentionPoliciesObj object = {} - -@description('Optional. The configuration for the backup long term retention policy definition.') -param backupLongTermRetentionPoliciesObj object = {} - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'SQLInsights' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' -]) -param diagnosticLogCategoriesToEnable array = [ - 'SQLInsights' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource database 'Microsoft.Sql/managedInstances/databases@2021-05-01-preview' = { - name: name - parent: managedInstance - location: location - tags: tags - properties: { - collation: empty(collation) ? null : collation - restorePointInTime: empty(restorePointInTime) ? null : restorePointInTime - catalogCollation: empty(catalogCollation) ? null : catalogCollation - createMode: empty(createMode) ? null : createMode - storageContainerUri: empty(storageContainerUri) ? null : storageContainerUri - sourceDatabaseId: empty(sourceDatabaseId) ? null : sourceDatabaseId - restorableDroppedDatabaseId: empty(restorableDroppedDatabaseId) ? null : restorableDroppedDatabaseId - storageContainerSasToken: empty(storageContainerSasToken) ? null : storageContainerSasToken - recoverableDatabaseId: empty(recoverableDatabaseId) ? null : recoverableDatabaseId - longTermRetentionBackupResourceId: empty(longTermRetentionBackupResourceId) ? null : longTermRetentionBackupResourceId - } -} - -resource database_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${last(split(database.name, '/'))}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: database -} - -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - logs: diagnosticsLogs - } - scope: database -} - -module database_backupShortTermRetentionPolicy 'backupShortTermRetentionPolicies/deploy.bicep' = if (!empty(backupShortTermRetentionPoliciesObj)) { - name: '${deployment().name}-BackupShortTRetPol' - params: { - managedInstanceName: managedInstanceName - databaseName: last(split(database.name, '/')) - name: backupShortTermRetentionPoliciesObj.name - retentionDays: contains(backupShortTermRetentionPoliciesObj, 'retentionDays') ? backupShortTermRetentionPoliciesObj.retentionDays : 35 - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module database_backupLongTermRetentionPolicy 'backupLongTermRetentionPolicies/deploy.bicep' = if (!empty(backupLongTermRetentionPoliciesObj)) { - name: '${deployment().name}-BackupLongTRetPol' - params: { - managedInstanceName: managedInstanceName - databaseName: last(split(database.name, '/')) - name: backupLongTermRetentionPoliciesObj.name - weekOfYear: contains(backupLongTermRetentionPoliciesObj, 'weekOfYear') ? backupLongTermRetentionPoliciesObj.weekOfYear : 5 - weeklyRetention: contains(backupLongTermRetentionPoliciesObj, 'weeklyRetention') ? backupLongTermRetentionPoliciesObj.weeklyRetention : 'P1M' - monthlyRetention: contains(backupLongTermRetentionPoliciesObj, 'monthlyRetention') ? backupLongTermRetentionPoliciesObj.monthlyRetention : 'P1Y' - yearlyRetention: contains(backupLongTermRetentionPoliciesObj, 'yearlyRetention') ? backupLongTermRetentionPoliciesObj.yearlyRetention : 'P5Y' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -@description('The name of the deployed database.') -output name string = database.name - -@description('The resource ID of the deployed database.') -output resourceId string = database.id - -@description('The resource group the database was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = database.location diff --git a/modules/Microsoft.Sql/managedInstances/databases/readme.md b/modules/Microsoft.Sql/managedInstances/databases/readme.md deleted file mode 100644 index ae3f798df1..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/readme.md +++ /dev/null @@ -1,113 +0,0 @@ -# SQL Managed Instances Database `[Microsoft.Sql/managedInstances/databases]` - -This template deploys a SQL Managed Instances Database. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Sql/managedInstances/databases` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) | -| `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | -| `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2017-03-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | - -### Deployment prerequisites - -The SQL Managed Instance Database is deployed on a SQL Managed Instance. - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SQL managed instance database. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `longTermRetentionBackupResourceId` | string | `''` | The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. | -| `managedInstanceName` | string | | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | -| `recoverableDatabaseId` | string | `''` | The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. | -| `restorePointInTime` | string | `''` | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. | -| `sourceDatabaseId` | string | `''` | The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. | -| `storageContainerSasToken` | string | `''` | Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. | -| `storageContainerUri` | string | `''` | Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `backupLongTermRetentionPoliciesObj` | _[backupLongTermRetentionPolicies](backupLongTermRetentionPolicies/readme.md)_ object | `{object}` | | The configuration for the backup long term retention policy definition. | -| `backupShortTermRetentionPoliciesObj` | _[backupShortTermRetentionPolicies](backupShortTermRetentionPolicies/readme.md)_ object | `{object}` | | The configuration for the backup short term retention policy definition. | -| `catalogCollation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance database. | -| `createMode` | string | `'Default'` | `[Default, RestoreExternalBackup, PointInTimeRestore, Recovery, RestoreLongTermRetentionBackup]` | Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | `[SQLInsights, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `restorableDroppedDatabaseId` | string | `''` | | The restorable dropped database resource ID to restore when creating this database. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed database. | -| `resourceGroupName` | string | The resource group the database was deployed into. | -| `resourceId` | string | The resource ID of the deployed database. | diff --git a/modules/Microsoft.Sql/managedInstances/databases/version.json b/modules/Microsoft.Sql/managedInstances/databases/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/databases/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/deploy.bicep b/modules/Microsoft.Sql/managedInstances/deploy.bicep deleted file mode 100644 index 4c4bbd46e3..0000000000 --- a/modules/Microsoft.Sql/managedInstances/deploy.bicep +++ /dev/null @@ -1,387 +0,0 @@ -@description('Required. The name of the SQL managed instance.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. The username used to establish jumpbox VMs.') -param administratorLogin string - -@description('Required. The password given to the admin user.') -@secure() -param administratorLoginPassword string - -@description('Required. The fully qualified resource ID of the subnet on which the SQL managed instance will be placed.') -param subnetId string - -@description('Optional. The name of the SKU, typically, a letter + Number code, e.g. P3.') -param skuName string = 'GP_Gen5' - -@description('Optional. The tier or edition of the particular SKU, e.g. Basic, Premium.') -param skuTier string = 'GeneralPurpose' - -@description('Optional. Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only.') -param storageSizeInGB int = 32 - -@description('Optional. The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80.') -param vCores int = 4 - -@description('Optional. The license type. Possible values are \'LicenseIncluded\' (regular price inclusive of a new SQL license) and \'BasePrice\' (discounted AHB price for bringing your own SQL licenses).') -@allowed([ - 'LicenseIncluded' - 'BasePrice' -]) -param licenseType string = 'LicenseIncluded' - -@description('Optional. If the service has different generations of hardware, for the same SKU, then that can be captured here.') -param hardwareFamily string = 'Gen5' - -@description('Optional. Whether or not multi-az is enabled.') -param zoneRedundant bool = false - -@description('Optional. Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal.') -@allowed([ - 'None' - 'SystemAssigned' -]) -param servicePrincipal string = 'None' - -@description('Optional. Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified.') -@allowed([ - 'Default' - 'PointInTimeRestore' -]) -param managedInstanceCreateMode string = 'Default' - -@description('Optional. The resource ID of another managed instance whose DNS zone this managed instance will share after creation.') -param dnsZonePartner string = '' - -@description('Optional. Collation of the managed instance.') -param collation string = 'SQL_Latin1_General_CP1_CI_AS' - -@description('Optional. Connection type used for connecting to the instance.') -@allowed([ - 'Proxy' - 'Redirect' - 'Default' -]) -param proxyOverride string = 'Proxy' - -@description('Optional. Whether or not the public data endpoint is enabled.') -param publicDataEndpointEnabled bool = false - -@description('Optional. ID of the timezone. Allowed values are timezones supported by Windows.') -param timezoneId string = 'UTC' - -@description('Optional. The resource ID of the instance pool this managed server belongs to.') -param instancePoolResourceId string = '' - -@description('Optional. Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.') -param restorePointInTime string = '' - -@description('Optional. The resource identifier of the source managed instance associated with create operation of this instance.') -param sourceManagedInstanceId string = '' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Conditional. The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty.') -param primaryUserAssignedIdentityId string = '' - -@description('Optional. Databases to create in this server.') -param databases array = [] - -@description('Optional. The vulnerability assessment configuration.') -param vulnerabilityAssessmentsObj object = {} - -@description('Optional. The security alert policy configuration.') -param securityAlertPoliciesObj object = {} - -@description('Optional. The keys to configure.') -param keys array = [] - -@description('Optional. The encryption protection configuration.') -param encryptionProtectorObj object = {} - -@description('Optional. The administrator configuration.') -param administratorsObj object = {} - -@description('Optional. The storage account type used to store backups for this database.') -@allowed([ - 'Geo' - 'GeoZone' - 'Local' - 'Zone' -]) -param requestedBackupStorageRedundancy string = 'Geo' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'ResourceUsageStats' - 'SQLSecurityAuditEvents' -]) -param diagnosticLogCategoriesToEnable array = [ - 'ResourceUsageStats' - 'SQLSecurityAuditEvents' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' = { - name: name - location: location - identity: identity - sku: { - name: skuName - tier: skuTier - family: hardwareFamily - } - tags: tags - properties: { - managedInstanceCreateMode: managedInstanceCreateMode - administratorLogin: administratorLogin - administratorLoginPassword: administratorLoginPassword - subnetId: subnetId - licenseType: licenseType - vCores: vCores - storageSizeInGB: storageSizeInGB - collation: collation - dnsZonePartner: dnsZonePartner - publicDataEndpointEnabled: publicDataEndpointEnabled - sourceManagedInstanceId: sourceManagedInstanceId - restorePointInTime: restorePointInTime - proxyOverride: proxyOverride - timezoneId: timezoneId - instancePoolId: instancePoolResourceId - primaryUserAssignedIdentityId: primaryUserAssignedIdentityId - requestedBackupStorageRedundancy: requestedBackupStorageRedundancy - zoneRedundant: zoneRedundant - servicePrincipal: { - type: servicePrincipal - } - } -} - -resource managedInstance_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${managedInstance.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: managedInstance -} - -resource managedInstance_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: managedInstance -} - -module managedInstance_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-SqlMi-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: managedInstance.id - } -}] - -module managedInstance_databases 'databases/deploy.bicep' = [for (database, index) in databases: { - name: '${uniqueString(deployment().name, location)}-SqlMi-DB-${index}' - params: { - name: database.name - managedInstanceName: managedInstance.name - catalogCollation: contains(database, 'catalogCollation') ? database.catalogCollation : 'SQL_Latin1_General_CP1_CI_AS' - collation: contains(database, 'collation') ? database.collation : 'SQL_Latin1_General_CP1_CI_AS' - createMode: contains(database, 'createMode') ? database.createMode : 'Default' - diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' - location: contains(database, 'location') ? database.location : managedInstance.location - lock: contains(database, 'lock') ? database.lock : '' - longTermRetentionBackupResourceId: contains(database, 'longTermRetentionBackupResourceId') ? database.longTermRetentionBackupResourceId : '' - recoverableDatabaseId: contains(database, 'recoverableDatabaseId') ? database.recoverableDatabaseId : '' - restorableDroppedDatabaseId: contains(database, 'restorableDroppedDatabaseId') ? database.restorableDroppedDatabaseId : '' - restorePointInTime: contains(database, 'restorePointInTime') ? database.restorePointInTime : '' - sourceDatabaseId: contains(database, 'sourceDatabaseId') ? database.sourceDatabaseId : '' - storageContainerSasToken: contains(database, 'storageContainerSasToken') ? database.storageContainerSasToken : '' - storageContainerUri: contains(database, 'storageContainerUri') ? database.storageContainerUri : '' - tags: contains(database, 'tags') ? database.tags : {} - diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' - backupShortTermRetentionPoliciesObj: contains(database, 'backupShortTermRetentionPolicies') ? database.backupShortTermRetentionPolicies : {} - backupLongTermRetentionPoliciesObj: contains(database, 'backupLongTermRetentionPolicies') ? database.backupLongTermRetentionPolicies : {} - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module managedInstance_securityAlertPolicy 'securityAlertPolicies/deploy.bicep' = if (!empty(securityAlertPoliciesObj)) { - name: '${uniqueString(deployment().name, location)}-SqlMi-SecAlertPol' - params: { - managedInstanceName: managedInstance.name - name: securityAlertPoliciesObj.name - emailAccountAdmins: contains(securityAlertPoliciesObj, 'emailAccountAdmins') ? securityAlertPoliciesObj.emailAccountAdmins : false - state: contains(securityAlertPoliciesObj, 'state') ? securityAlertPoliciesObj.state : 'Disabled' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module managedInstance_vulnerabilityAssessment 'vulnerabilityAssessments/deploy.bicep' = if (!empty(vulnerabilityAssessmentsObj)) { - name: '${uniqueString(deployment().name, location)}-SqlMi-VulnAssessm' - params: { - managedInstanceName: managedInstance.name - name: vulnerabilityAssessmentsObj.name - recurringScansEmails: contains(vulnerabilityAssessmentsObj, 'recurringScansEmails') ? vulnerabilityAssessmentsObj.recurringScansEmails : [] - recurringScansEmailSubscriptionAdmins: contains(vulnerabilityAssessmentsObj, 'recurringScansEmailSubscriptionAdmins') ? vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins : false - recurringScansIsEnabled: contains(vulnerabilityAssessmentsObj, 'recurringScansIsEnabled') ? vulnerabilityAssessmentsObj.recurringScansIsEnabled : false - vulnerabilityAssessmentsStorageAccountId: contains(vulnerabilityAssessmentsObj, 'vulnerabilityAssessmentsStorageAccountId') ? vulnerabilityAssessmentsObj.vulnerabilityAssessmentsStorageAccountId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - managedInstance_securityAlertPolicy - ] -} - -module managedInstance_key 'keys/deploy.bicep' = [for (key, index) in keys: { - name: '${uniqueString(deployment().name, location)}-SqlMi-Key-${index}' - params: { - managedInstanceName: managedInstance.name - name: contains(key, 'name') ? key.name : '' - serverKeyType: contains(key, 'serverKeyType') ? key.serverKeyType : 'ServiceManaged' - uri: contains(key, 'uri') ? key.uri : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module managedInstance_encryptionProtector 'encryptionProtector/deploy.bicep' = if (!empty(encryptionProtectorObj)) { - name: '${uniqueString(deployment().name, location)}-SqlMi-EncryProtector' - params: { - managedInstanceName: managedInstance.name - serverKeyName: contains(encryptionProtectorObj, 'serverKeyName') ? encryptionProtectorObj.serverKeyName : managedInstance_key[0].outputs.name - name: contains(encryptionProtectorObj, 'name') ? encryptionProtectorObj.serverKeyType : 'current' - serverKeyType: contains(encryptionProtectorObj, 'serverKeyType') ? encryptionProtectorObj.serverKeyType : 'ServiceManaged' - autoRotationEnabled: contains(encryptionProtectorObj, 'autoRotationEnabled') ? encryptionProtectorObj.autoRotationEnabled : true - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module managedInstance_administrator 'administrators/deploy.bicep' = if (!empty(administratorsObj)) { - name: '${uniqueString(deployment().name, location)}-SqlMi-Admin' - params: { - managedInstanceName: managedInstance.name - login: administratorsObj.name - sid: administratorsObj.sid - tenantId: contains(administratorsObj, 'tenantId') ? administratorsObj.tenantId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -@description('The name of the deployed managed instance.') -output name string = managedInstance.name - -@description('The resource ID of the deployed managed instance.') -output resourceId string = managedInstance.id - -@description('The resource group of the deployed managed instance.') -output resourceGroupName string = resourceGroup().name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(managedInstance.identity, 'principalId') ? managedInstance.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = managedInstance.location diff --git a/modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep b/modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep deleted file mode 100644 index 689c570062..0000000000 --- a/modules/Microsoft.Sql/managedInstances/encryptionProtector/deploy.bicep +++ /dev/null @@ -1,56 +0,0 @@ -@description('Required. The name of the encryptionProtector.') -param name string = 'current' - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Required. The name of the SQL managed instance key.') -param serverKeyName string - -@description('Optional. The encryption protector type like "ServiceManaged", "AzureKeyVault".') -@allowed([ - 'AzureKeyVault' - 'ServiceManaged' -]) -param serverKeyType string = 'ServiceManaged' - -@description('Optional. Key auto rotation opt-in flag.') -param autoRotationEnabled bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource encryptionProtector 'Microsoft.Sql/managedInstances/encryptionProtector@2021-05-01-preview' = { - name: name - parent: managedInstance - properties: { - autoRotationEnabled: autoRotationEnabled - serverKeyName: serverKeyName - serverKeyType: serverKeyType - } -} - -@description('The name of the deployed managed instance.') -output name string = encryptionProtector.name - -@description('The resource ID of the deployed managed instance.') -output resourceId string = encryptionProtector.id - -@description('The resource group of the deployed managed instance.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md b/modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md deleted file mode 100644 index c1a2834147..0000000000 --- a/modules/Microsoft.Sql/managedInstances/encryptionProtector/readme.md +++ /dev/null @@ -1,44 +0,0 @@ -# SQL Managed Instance Encryption Protector `[Microsoft.Sql/managedInstances/encryptionProtector]` - -This module deploys an encryption protector for a SQL managed instance. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/encryptionProtector` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/encryptionProtector) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `'current'` | The name of the encryptionProtector. | -| `serverKeyName` | string | | The name of the SQL managed instance key. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoRotationEnabled` | bool | `False` | | Key auto rotation opt-in flag. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type like "ServiceManaged", "AzureKeyVault". | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed managed instance. | -| `resourceGroupName` | string | The resource group of the deployed managed instance. | -| `resourceId` | string | The resource ID of the deployed managed instance. | diff --git a/modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json b/modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/encryptionProtector/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/keys/deploy.bicep b/modules/Microsoft.Sql/managedInstances/keys/deploy.bicep deleted file mode 100644 index 6361d529f9..0000000000 --- a/modules/Microsoft.Sql/managedInstances/keys/deploy.bicep +++ /dev/null @@ -1,58 +0,0 @@ -@description('Optional. The name of the key. Must follow the [__] pattern.') -param name string = '' - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. The encryption protector type like "ServiceManaged", "AzureKeyVault".') -@allowed([ - 'AzureKeyVault' - 'ServiceManaged' -]) -param serverKeyType string = 'ServiceManaged' - -@description('Optional. The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required.') -param uri string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var splittedKeyUri = split(uri, '/') - -// if serverManaged, use serverManaged, if uri provided use concated uri value -// MUST match the pattern '__' -var serverKeyName = empty(uri) ? 'ServiceManaged' : '${split(splittedKeyUri[2], '.')[0]}_${splittedKeyUri[4]}_${splittedKeyUri[5]}' - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource key 'Microsoft.Sql/managedInstances/keys@2021-05-01-preview' = { - name: !empty(name) ? name : serverKeyName - parent: managedInstance - properties: { - serverKeyType: serverKeyType - uri: uri - } -} - -@description('The name of the deployed managed instance.') -output name string = key.name - -@description('The resource ID of the deployed managed instance.') -output resourceId string = key.id - -@description('The resource group of the deployed managed instance.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/keys/readme.md b/modules/Microsoft.Sql/managedInstances/keys/readme.md deleted file mode 100644 index 3563721a66..0000000000 --- a/modules/Microsoft.Sql/managedInstances/keys/readme.md +++ /dev/null @@ -1,39 +0,0 @@ -# SQL Managed Instance Keys `[Microsoft.Sql/managedInstances/keys]` - -This module deploys a key for a SQL managed instance. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/keys` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/keys) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `''` | | The name of the key. Must follow the [__] pattern. | -| `serverKeyType` | string | `'ServiceManaged'` | `[AzureKeyVault, ServiceManaged]` | The encryption protector type like "ServiceManaged", "AzureKeyVault". | -| `uri` | string | `''` | | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed managed instance. | -| `resourceGroupName` | string | The resource group of the deployed managed instance. | -| `resourceId` | string | The resource ID of the deployed managed instance. | diff --git a/modules/Microsoft.Sql/managedInstances/keys/version.json b/modules/Microsoft.Sql/managedInstances/keys/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/keys/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md deleted file mode 100644 index c2b83a041c..0000000000 --- a/modules/Microsoft.Sql/managedInstances/readme.md +++ /dev/null @@ -1,528 +0,0 @@ -# SQL Managed Instances `[Microsoft.Sql/managedInstances]` - -This template deploys a SQL managed instance. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Sql/managedInstances` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances) | -| `Microsoft.Sql/managedInstances/administrators` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) | -| `Microsoft.Sql/managedInstances/databases` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/databases) | -| `Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/databases/backupLongTermRetentionPolicies) | -| `Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies` | [2017-03-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/databases/backupShortTermRetentionPolicies) | -| `Microsoft.Sql/managedInstances/encryptionProtector` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/encryptionProtector) | -| `Microsoft.Sql/managedInstances/keys` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances/keys) | -| `Microsoft.Sql/managedInstances/securityAlertPolicies` | [2017-03-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/securityAlertPolicies) | -| `Microsoft.Sql/managedInstances/vulnerabilityAssessments` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/vulnerabilityAssessments) | - -### Deployment prerequisites - -#### Networking - -SQL Managed Instance is deployed on a virtual network to a subnet that is delagated to the SQL MI service. This network is required to satisfy the requirements explained [here](https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql#network-requirements). - -SQL MI requires that the subnet have a Route Table and NSG assigned to it. The SQL MI service will automatically add Routes to the Route Table and Rules to the NSG once the SQL MI has been deployed. As a result, the parameter file for the Route Table and NSG will have to be updated afterwards with the created Routes & Rules, otherwise redeployment of the Route Table & NSG via Bicep/ARM will fail. - -#### Azure AD Authentication - -SQL MI allows for Azure AD Authentication via an [Azure AD Admin](https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-powershell#provision-azure-ad-admin-sql-managed-instance). This requires a Service Principal to be assigned and granted Reader rights to Azure AD by an AD Admin. To do so via this module, the `servicePrincipal` parameter must be set to `SystemAssigned` and deploy the SQL MI. Afterwards an Azure AD Admin must go to the SQL MI Azure Active Directory admin page in the Azure Portal and assigned the Reader rights. Next the `administratorsObj` must be configured in the parameter file and be redeployed. - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `administratorLogin` | string | The username used to establish jumpbox VMs. | -| `administratorLoginPassword` | secureString | The password given to the admin user. | -| `name` | string | The name of the SQL managed instance. | -| `subnetId` | string | The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `primaryUserAssignedIdentityId` | string | `''` | The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `administratorsObj` | _[administrators](administrators/readme.md)_ object | `{object}` | | The administrator configuration. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | Collation of the managed instance. | -| `databases` | _[databases](databases/readme.md)_ array | `[]` | | Databases to create in this server. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[ResourceUsageStats, SQLSecurityAuditEvents]` | `[ResourceUsageStats, SQLSecurityAuditEvents]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsZonePartner` | string | `''` | | The resource ID of another managed instance whose DNS zone this managed instance will share after creation. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `encryptionProtectorObj` | _[encryptionProtector](encryptionProtector/readme.md)_ object | `{object}` | | The encryption protection configuration. | -| `hardwareFamily` | string | `'Gen5'` | | If the service has different generations of hardware, for the same SKU, then that can be captured here. | -| `instancePoolResourceId` | string | `''` | | The resource ID of the instance pool this managed server belongs to. | -| `keys` | _[keys](keys/readme.md)_ array | `[]` | | The keys to configure. | -| `licenseType` | string | `'LicenseIncluded'` | `[LicenseIncluded, BasePrice]` | The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedInstanceCreateMode` | string | `'Default'` | `[Default, PointInTimeRestore]` | Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. | -| `proxyOverride` | string | `'Proxy'` | `[Proxy, Redirect, Default]` | Connection type used for connecting to the instance. | -| `publicDataEndpointEnabled` | bool | `False` | | Whether or not the public data endpoint is enabled. | -| `requestedBackupStorageRedundancy` | string | `'Geo'` | `[Geo, GeoZone, Local, Zone]` | The storage account type used to store backups for this database. | -| `restorePointInTime` | string | `''` | | Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityAlertPoliciesObj` | _[securityAlertPolicies](securityAlertPolicies/readme.md)_ object | `{object}` | | The security alert policy configuration. | -| `servicePrincipal` | string | `'None'` | `[None, SystemAssigned]` | Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal. | -| `skuName` | string | `'GP_Gen5'` | | The name of the SKU, typically, a letter + Number code, e.g. P3. | -| `skuTier` | string | `'GeneralPurpose'` | | The tier or edition of the particular SKU, e.g. Basic, Premium. | -| `sourceManagedInstanceId` | string | `''` | | The resource identifier of the source managed instance associated with create operation of this instance. | -| `storageSizeInGB` | int | `32` | | Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timezoneId` | string | `'UTC'` | | ID of the timezone. Allowed values are timezones supported by Windows. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vCores` | int | `4` | | The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. | -| `vulnerabilityAssessmentsObj` | _[vulnerabilityAssessments](vulnerabilityAssessments/readme.md)_ object | `{object}` | | The vulnerability assessment configuration. | -| `zoneRedundant` | bool | `False` | | Whether or not multi-az is enabled. | - - -### Parameter Usage : `userAssignedIdentities` - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- - -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed managed instance. | -| `resourceGroupName` | string | The resource group of the deployed managed instance. | -| `resourceId` | string | The resource ID of the deployed managed instance. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlmi-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "administratorLogin": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLogin" - } - }, - "administratorLoginPassword": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLoginPassword" - } - }, - "subnetId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-sqlmi/subnets/<>-az-subnet-x-sqlmi" - }, - "skuName": { - "value": "GP_Gen5" - }, - "skuTier": { - "value": "GeneralPurpose" - }, - "storageSizeInGB": { - "value": 32 - }, - "vCores": { - "value": 4 - }, - "licenseType": { - "value": "LicenseIncluded" - }, - "hardwareFamily": { - "value": "Gen5" - }, - "servicePrincipal": { - "value": "SystemAssigned" - }, - "dnsZonePartner": { - "value": "" - }, - "timezoneId": { - "value": "UTC" - }, - "collation": { - "value": "SQL_Latin1_General_CP1_CI_AS" - }, - "proxyOverride": { - "value": "Proxy" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "primaryUserAssignedIdentityId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "publicDataEndpointEnabled": { - "value": false - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "keys": { - "value": [ - { - "name": "adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "uri": "https://adp-<>-az-kv-x-sqlmi.vault.azure.net/keys/keyEncryptionKeySqlMi/4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "serverKeyType": "AzureKeyVault" - } - ] - }, - "encryptionProtectorObj": { - "value": { - "serverKeyName": "adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07", // ID must be updated for new keys - "serverKeyType": "AzureKeyVault" - } - }, - "securityAlertPoliciesObj": { - "value": { - "name": "default", - "state": "Enabled", - "emailAccountAdmins": true - } - }, - "vulnerabilityAssessmentsObj": { - "value": { - "name": "default", - "emailSubscriptionAdmins": true, - "recurringScansIsEnabled": true, - "recurringScansEmails": [ - "test1@contoso.com", - "test2@contoso.com" - ], - "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - } - }, - "databases": { - "value": [ - { - "name": "<>-az-sqlmidb-x-001", - "backupShortTermRetentionPolicies": { - "name": "default" - }, - "backupLongTermRetentionPolicies": { - "name": "default" - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = { - name: 'adp-<>-az-kv-x-001' - scope: resourceGroup('<>','validation-rg') -} - -module managedInstances './Microsoft.Sql/managedInstances/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-managedInstances' - params: { - name: '<>-az-sqlmi-x-002' - lock: 'CanNotDelete' - administratorLogin: kv1.getSecret('administratorLogin') - administratorLoginPassword: kv1.getSecret('administratorLoginPassword') - subnetId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-sqlmi/subnets/<>-az-subnet-x-sqlmi' - skuName: 'GP_Gen5' - skuTier: 'GeneralPurpose' - storageSizeInGB: 32 - vCores: 4 - licenseType: 'LicenseIncluded' - hardwareFamily: 'Gen5' - servicePrincipal: 'SystemAssigned' - dnsZonePartner: '' - timezoneId: 'UTC' - collation: 'SQL_Latin1_General_CP1_CI_AS' - proxyOverride: 'Proxy' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - primaryUserAssignedIdentityId: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - publicDataEndpointEnabled: false - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - keys: [ - { - name: 'adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07' - uri: 'https://adp-<>-az-kv-x-sqlmi.vault.azure.net/keys/keyEncryptionKeySqlMi/4bf367f64c914d8ba698700fb598ad07' - serverKeyType: 'AzureKeyVault' - } - ] - encryptionProtectorObj: { - serverKeyName: 'adp-<>-az-kv-x-sqlmi_keyEncryptionKeySqlMi_4bf367f64c914d8ba698700fb598ad07' - serverKeyType: 'AzureKeyVault' - } - securityAlertPoliciesObj: { - name: 'default' - state: 'Enabled' - emailAccountAdmins: true - } - vulnerabilityAssessmentsObj: { - name: 'default' - emailSubscriptionAdmins: true - recurringScansIsEnabled: true - recurringScansEmails: [ - 'test1@contoso.com' - 'test2@contoso.com' - ] - vulnerabilityAssessmentsStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - } - databases: [ - { - name: '<>-az-sqlmidb-x-001' - backupShortTermRetentionPolicies: { - name: 'default' - } - backupLongTermRetentionPolicies: { - name: 'default' - } - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep deleted file mode 100644 index 76cb3121cb..0000000000 --- a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/deploy.bicep +++ /dev/null @@ -1,52 +0,0 @@ -@description('Required. The name of the security alert policy.') -param name string - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param state string = 'Disabled' - -@description('Optional. Specifies that the schedule scan notification will be is sent to the subscription administrators.') -param emailAccountAdmins bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource securityAlertPolicy 'Microsoft.Sql/managedInstances/securityAlertPolicies@2017-03-01-preview' = { - name: name - parent: managedInstance - properties: { - state: state - emailAccountAdmins: emailAccountAdmins - } -} - -@description('The name of the deployed security alert policy.') -output name string = securityAlertPolicy.name - -@description('The resource ID of the deployed security alert policy.') -output resourceId string = securityAlertPolicy.id - -@description('The resource group of the deployed security alert policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md deleted file mode 100644 index f2142fd2d0..0000000000 --- a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# SQL Managed Instance Security Alert Policy `[Microsoft.Sql/managedInstances/securityAlertPolicies]` - -This module deploys a security alert policy for a SQL managed instance. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/securityAlertPolicies` | [2017-03-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2017-03-01-preview/managedInstances/securityAlertPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the security alert policy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `emailAccountAdmins` | bool | `False` | | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `state` | string | `'Disabled'` | `[Enabled, Disabled]` | Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed security alert policy. | -| `resourceGroupName` | string | The resource group of the deployed security alert policy. | -| `resourceId` | string | The resource ID of the deployed security alert policy. | diff --git a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json b/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/securityAlertPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/version.json b/modules/Microsoft.Sql/managedInstances/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep deleted file mode 100644 index 6289616e20..0000000000 --- a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/deploy.bicep +++ /dev/null @@ -1,59 +0,0 @@ -@description('Required. The name of the vulnerability assessment.') -param name string - -@description('Conditional. The name of the parent SQL managed instance. Required if the template is used in a standalone deployment.') -param managedInstanceName string - -@description('Optional. Recurring scans state.') -param recurringScansIsEnabled bool = false - -@description('Optional. Specifies that the schedule scan notification will be is sent to the subscription administrators.') -param recurringScansEmailSubscriptionAdmins bool = false - -@description('Optional. Specifies an array of email addresses to which the scan notification is sent.') -param recurringScansEmails array = [] - -@description('Optional. A blob storage to hold the scan results.') -param vulnerabilityAssessmentsStorageAccountId string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource managedInstance 'Microsoft.Sql/managedInstances@2021-05-01-preview' existing = { - name: managedInstanceName -} - -resource vulnerabilityAssessment 'Microsoft.Sql/managedInstances/vulnerabilityAssessments@2021-02-01-preview' = { - name: name - parent: managedInstance - properties: { - storageContainerPath: 'https://${last(split(vulnerabilityAssessmentsStorageAccountId, '/'))}.blob.${environment().suffixes.storage}/vulnerability-assessment/' - storageAccountAccessKey: listKeys(vulnerabilityAssessmentsStorageAccountId, '2019-06-01').keys[0].value - recurringScans: { - isEnabled: recurringScansIsEnabled - emailSubscriptionAdmins: recurringScansEmailSubscriptionAdmins - emails: recurringScansEmails - } - } -} - -@description('The name of the deployed vulnerability assessment.') -output name string = vulnerabilityAssessment.name - -@description('The resource ID of the deployed vulnerability assessment.') -output resourceId string = vulnerabilityAssessment.id - -@description('The resource group of the deployed vulnerability assessment.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md deleted file mode 100644 index c46c877900..0000000000 --- a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/readme.md +++ /dev/null @@ -1,45 +0,0 @@ -# SQL Managed Instance Vulnerability Assessments `[Microsoft.Sql/managedInstances/vulnerabilityAssessments]` - -This module deploys a vulnerability assessment for a SQL managed instance. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/managedInstances/vulnerabilityAssessments` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/vulnerabilityAssessments) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the vulnerability assessment. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `managedInstanceName` | string | The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `recurringScansEmails` | array | `[]` | Specifies an array of email addresses to which the scan notification is sent. | -| `recurringScansEmailSubscriptionAdmins` | bool | `False` | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `recurringScansIsEnabled` | bool | `False` | Recurring scans state. | -| `vulnerabilityAssessmentsStorageAccountId` | string | `''` | A blob storage to hold the scan results. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed vulnerability assessment. | -| `resourceGroupName` | string | The resource group of the deployed vulnerability assessment. | -| `resourceId` | string | The resource ID of the deployed vulnerability assessment. | diff --git a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json b/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/managedInstances/vulnerabilityAssessments/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index be5cfb01a9..0000000000 --- a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,57 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reservation Purchaser': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'SQL DB Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9b7fa17d-e63e-47b0-bb0a-15c516ac86ec') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'SQL Server Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource server 'Microsoft.Sql/servers@2020-02-02-preview' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(server.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: server -}] diff --git a/modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json b/modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json deleted file mode 100644 index eadb38deec..0000000000 --- a/modules/Microsoft.Sql/servers/.deploymentTests/admin.parameters.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlsrv-admin-001" - }, - "administrators": { - "value": { - "azureADOnlyAuthentication": true, - "login": "myspn", - "sid": "<>", - "principalType": "Application", - "tenantId": "<>" - } - } - } -} diff --git a/modules/Microsoft.Sql/servers/.deploymentTests/parameters.json b/modules/Microsoft.Sql/servers/.deploymentTests/parameters.json deleted file mode 100644 index 091333e683..0000000000 --- a/modules/Microsoft.Sql/servers/.deploymentTests/parameters.json +++ /dev/null @@ -1,106 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlsrv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "administratorLogin": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLogin" - } - }, - "administratorLoginPassword": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLoginPassword" - } - }, - "location": { - "value": "westeurope" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "vulnerabilityAssessmentsObj": { - "value": { - "name": "default", - "emailSubscriptionAdmins": true, - "recurringScansIsEnabled": true, - "recurringScansEmails": [ - "test1@contoso.com", - "test2@contoso.com" - ], - "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - } - }, - "databases": { - "value": [ - { - "name": "<>-az-sqldb-x-001", - "collation": "SQL_Latin1_General_CP1_CI_AS", - "skuTier": "BusinessCritical", - "skuName": "BC_Gen5", - "skuCapacity": 12, - "skuFamily": "Gen5", - "maxSizeBytes": 34359738368, - "licenseType": "LicenseIncluded", - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001" - } - ] - }, - "firewallRules": { - "value": [ - { - "name": "AllowAllWindowsAzureIps", - "endIpAddress": "0.0.0.0", - "startIpAddress": "0.0.0.0" - } - ] - }, - "securityAlertPolicies": { - "value": [ - { - "name": "Default", - "state": "Enabled", - "emailAccountAdmins": true - } - ] - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sqlServer" - } - ] - } - } -} diff --git a/modules/Microsoft.Sql/servers/databases/deploy.bicep b/modules/Microsoft.Sql/servers/databases/deploy.bicep deleted file mode 100644 index 917978fd6c..0000000000 --- a/modules/Microsoft.Sql/servers/databases/deploy.bicep +++ /dev/null @@ -1,230 +0,0 @@ -@description('Required. The name of the database.') -param name string - -@description('Conditional. The name of the parent SQL Server. Required if the template is used in a standalone deployment.') -param serverName string - -@description('Optional. The collation of the database.') -param collation string = 'SQL_Latin1_General_CP1_CI_AS' - -@description('Optional. The skuTier or edition of the particular SKU.') -param skuTier string = 'GeneralPurpose' - -@description('Optional. The name of the SKU.') -param skuName string = 'GP_Gen5_2' - -@description('Optional. Capacity of the particular SKU.') -param skuCapacity int = -1 - -@description('Optional. If the service has different generations of hardware, for the same SKU, then that can be captured here.') -param skuFamily string = '' - -@description('Optional. Size of the particular SKU.') -param skuSize string = '' - -@description('Optional. The max size of the database expressed in bytes.') -param maxSizeBytes int = 34359738368 - -@description('Optional. The name of the sample schema to apply when creating this database.') -param sampleName string = '' - -@description('Optional. Whether or not this database is zone redundant.') -param zoneRedundant bool = false - -@description('Optional. The license type to apply for this database.') -param licenseType string = '' - -@description('Optional. The state of read-only routing.') -@allowed([ - 'Enabled' - 'Disabled' -]) -param readScale string = 'Disabled' - -@description('Optional. The number of readonly secondary replicas associated with the database.') -param highAvailabilityReplicaCount int = 0 - -@description('Optional. Minimal capacity that database will always have allocated.') -param minCapacity string = '' - -@description('Optional. Time in minutes after which database is automatically paused.') -param autoPauseDelay string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'SQLInsights' - 'AutomaticTuning' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' - 'DatabaseWaitStatistics' - 'Timeouts' - 'Blocks' - 'Deadlocks' - 'DevOpsOperationsAudit' - 'SQLSecurityAuditEvents' -]) -param diagnosticLogCategoriesToEnable array = [ - 'SQLInsights' - 'AutomaticTuning' - 'QueryStoreRuntimeStatistics' - 'QueryStoreWaitStatistics' - 'Errors' - 'DatabaseWaitStatistics' - 'Timeouts' - 'Blocks' - 'Deadlocks' - 'DevOpsOperationsAudit' - 'SQLSecurityAuditEvents' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Basic' - 'InstanceAndAppAdvanced' - 'WorkloadManagement' -]) -param diagnosticMetricsToEnable array = [ - 'Basic' - 'InstanceAndAppAdvanced' - 'WorkloadManagement' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -@description('Optional. The storage account type to be used to store backups for this database.') -@allowed([ - 'Geo' - 'Local' - 'Zone' - '' -]) -param requestedBackupStorageRedundancy string = '' - -@description('Optional. Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.') -param isLedgerOn bool = false - -@description('Optional. Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur.') -param maintenanceConfigurationId string = '' - -// The SKU object must be built in a variable -// The alternative, 'null' as default values, leads to non-terminating deployments -var skuVar = union({ - name: skuName - tier: skuTier - }, (skuCapacity != -1) ? { - capacity: skuCapacity - } : !empty(skuFamily) ? { - family: skuFamily - } : !empty(skuSize) ? { - size: skuSize - } : {}) - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = { - name: serverName -} - -resource database 'Microsoft.Sql/servers/databases@2021-02-01-preview' = { - name: name - parent: server - location: location - tags: tags - properties: { - collation: collation - maxSizeBytes: maxSizeBytes - sampleName: sampleName - zoneRedundant: zoneRedundant - licenseType: licenseType - readScale: readScale - minCapacity: !empty(minCapacity) ? json(minCapacity) : 0 - autoPauseDelay: !empty(autoPauseDelay) ? json(autoPauseDelay) : 0 - highAvailabilityReplicaCount: highAvailabilityReplicaCount - requestedBackupStorageRedundancy: any(requestedBackupStorageRedundancy) - isLedgerOn: isLedgerOn - maintenanceConfigurationId: !empty(maintenanceConfigurationId) ? maintenanceConfigurationId : null - } - sku: skuVar -} - -resource database_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: database -} - -@description('The name of the deployed database.') -output name string = database.name - -@description('The resource ID of the deployed database.') -output resourceId string = database.id - -@description('The resource group of the deployed database.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = database.location diff --git a/modules/Microsoft.Sql/servers/databases/readme.md b/modules/Microsoft.Sql/servers/databases/readme.md deleted file mode 100644 index 6d735cb721..0000000000 --- a/modules/Microsoft.Sql/servers/databases/readme.md +++ /dev/null @@ -1,111 +0,0 @@ -# SQL Server Database `[Microsoft.Sql/servers/databases]` - -This module deploys an Azure SQL Server. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Sql/servers/databases` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the database. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoPauseDelay` | string | `''` | | Time in minutes after which database is automatically paused. | -| `collation` | string | `'SQL_Latin1_General_CP1_CI_AS'` | | The collation of the database. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[SQLInsights, AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timeouts, Blocks, Deadlocks, DevOpsOperationsAudit, SQLSecurityAuditEvents]` | `[SQLInsights, AutomaticTuning, QueryStoreRuntimeStatistics, QueryStoreWaitStatistics, Errors, DatabaseWaitStatistics, Timeouts, Blocks, Deadlocks, DevOpsOperationsAudit, SQLSecurityAuditEvents]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | `[Basic, InstanceAndAppAdvanced, WorkloadManagement]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `highAvailabilityReplicaCount` | int | `0` | | The number of readonly secondary replicas associated with the database. | -| `isLedgerOn` | bool | `False` | | Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. | -| `licenseType` | string | `''` | | The license type to apply for this database. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `maintenanceConfigurationId` | string | `''` | | Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. | -| `maxSizeBytes` | int | `34359738368` | | The max size of the database expressed in bytes. | -| `minCapacity` | string | `''` | | Minimal capacity that database will always have allocated. | -| `readScale` | string | `'Disabled'` | `[Enabled, Disabled]` | The state of read-only routing. | -| `requestedBackupStorageRedundancy` | string | `''` | `[Geo, Local, Zone, ]` | The storage account type to be used to store backups for this database. | -| `sampleName` | string | `''` | | The name of the sample schema to apply when creating this database. | -| `skuCapacity` | int | `-1` | | Capacity of the particular SKU. | -| `skuFamily` | string | `''` | | If the service has different generations of hardware, for the same SKU, then that can be captured here. | -| `skuName` | string | `'GP_Gen5_2'` | | The name of the SKU. | -| `skuSize` | string | `''` | | Size of the particular SKU. | -| `skuTier` | string | `'GeneralPurpose'` | | The skuTier or edition of the particular SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `False` | | Whether or not this database is zone redundant. | - - -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed database. | -| `resourceGroupName` | string | The resource group of the deployed database. | -| `resourceId` | string | The resource ID of the deployed database. | diff --git a/modules/Microsoft.Sql/servers/databases/version.json b/modules/Microsoft.Sql/servers/databases/version.json deleted file mode 100644 index a086a1818e..0000000000 --- a/modules/Microsoft.Sql/servers/databases/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "1.0" -} diff --git a/modules/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep deleted file mode 100644 index 91e1453530..0000000000 --- a/modules/Microsoft.Sql/servers/deploy.bicep +++ /dev/null @@ -1,227 +0,0 @@ -@description('Conditional. The administrator username for the server. Required if no `administrators` object for AAD authentication is provided.') -param administratorLogin string = '' - -@description('Conditional. The administrator login password. Required if no `administrators` object for AAD authentication is provided.') -@secure() -param administratorLoginPassword string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. The name of the server.') -param name string - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The databases to create in the server.') -param databases array = [] - -@description('Optional. The firewall rules to create in the server.') -param firewallRules array = [] - -@description('Optional. The security alert policies to create in the server.') -param securityAlertPolicies array = [] - -@description('Conditional. The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided.') -param administrators object = {} - -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints array = [] - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -@description('Optional. The vulnerability assessment configuration.') -param vulnerabilityAssessmentsObj object = {} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-05-01-preview' = { - location: location - name: name - tags: tags - identity: identity - properties: { - administratorLogin: !empty(administratorLogin) ? administratorLogin : null - administratorLoginPassword: !empty(administratorLoginPassword) ? administratorLoginPassword : null - administrators: !empty(administrators) ? { - administratorType: 'ActiveDirectory' - azureADOnlyAuthentication: administrators.azureADOnlyAuthentication - login: administrators.login - principalType: administrators.principalType - sid: administrators.sid - tenantId: administrators.tenantId - } : null - version: '12.0' - } -} - -resource server_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${server.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: server -} - -module server_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-Sql-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: server.id - } -}] - -module server_databases 'databases/deploy.bicep' = [for (database, index) in databases: { - name: '${uniqueString(deployment().name, location)}-Sql-DB-${index}' - params: { - name: database.name - serverName: server.name - skuTier: contains(database, 'skuTier') ? database.skuTier : 'GeneralPurpose' - skuName: contains(database, 'skuName') ? database.skuName : 'GP_Gen5_2' - skuCapacity: contains(database, 'skuCapacity') ? database.skuCapacity : -1 - skuFamily: contains(database, 'skuFamily') ? database.skuFamily : '' - skuSize: contains(database, 'skuSize') ? database.skuSize : '' - collation: contains(database, 'collation') ? database.collation : 'SQL_Latin1_General_CP1_CI_AS' - maxSizeBytes: contains(database, 'maxSizeBytes') ? database.maxSizeBytes : 34359738368 - autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : '' - diagnosticLogsRetentionInDays: contains(database, 'diagnosticLogsRetentionInDays') ? database.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(database, 'diagnosticStorageAccountId') ? database.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(database, 'diagnosticEventHubAuthorizationRuleId') ? database.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(database, 'diagnosticEventHubName') ? database.diagnosticEventHubName : '' - isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false - location: contains(database, 'location') ? database.location : server.location - diagnosticLogCategoriesToEnable: contains(database, 'diagnosticLogCategoriesToEnable') ? database.diagnosticLogCategoriesToEnable : [] - licenseType: contains(database, 'licenseType') ? database.licenseType : '' - maintenanceConfigurationId: contains(database, 'maintenanceConfigurationId') ? database.maintenanceConfigurationId : '' - minCapacity: contains(database, 'minCapacity') ? database.minCapacity : '' - diagnosticMetricsToEnable: contains(database, 'diagnosticMetricsToEnable') ? database.diagnosticMetricsToEnable : [] - highAvailabilityReplicaCount: contains(database, 'highAvailabilityReplicaCount') ? database.highAvailabilityReplicaCount : 0 - readScale: contains(database, 'readScale') ? database.readScale : 'Disabled' - requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy') ? database.requestedBackupStorageRedundancy : '' - sampleName: contains(database, 'sampleName') ? database.sampleName : '' - tags: contains(database, 'tags') ? database.tags : {} - diagnosticWorkspaceId: contains(database, 'diagnosticWorkspaceId') ? database.diagnosticWorkspaceId : '' - zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module server_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-SQLServer-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(server.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: server.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -module server_firewallRules 'firewallRules/deploy.bicep' = [for (firewallRule, index) in firewallRules: { - name: '${uniqueString(deployment().name, location)}-Sql-FirewallRules-${index}' - params: { - name: firewallRule.name - serverName: server.name - endIpAddress: contains(firewallRule, 'endIpAddress') ? firewallRule.endIpAddress : '0.0.0.0' - startIpAddress: contains(firewallRule, 'startIpAddress') ? firewallRule.startIpAddress : '0.0.0.0' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module server_securityAlertPolicies 'securityAlertPolicies/deploy.bicep' = [for (securityAlertPolicy, index) in securityAlertPolicies: { - name: '${uniqueString(deployment().name, location)}-Sql-SecAlertPolicy-${index}' - params: { - name: securityAlertPolicy.name - serverName: server.name - disabledAlerts: contains(securityAlertPolicy, 'disabledAlerts') ? securityAlertPolicy.disabledAlerts : [] - emailAccountAdmins: contains(securityAlertPolicy, 'emailAccountAdmins') ? securityAlertPolicy.emailAccountAdmins : false - emailAddresses: contains(securityAlertPolicy, 'emailAddresses') ? securityAlertPolicy.emailAddresses : [] - retentionDays: contains(securityAlertPolicy, 'retentionDays') ? securityAlertPolicy.retentionDays : 0 - state: contains(securityAlertPolicy, 'state') ? securityAlertPolicy.state : 'Disabled' - storageAccountAccessKey: contains(securityAlertPolicy, 'storageAccountAccessKey') ? securityAlertPolicy.storageAccountAccessKey : '' - storageEndpoint: contains(securityAlertPolicy, 'storageEndpoint') ? securityAlertPolicy.storageEndpoint : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -module server_vulnerabilityAssessment 'vulnerabilityAssessments/deploy.bicep' = if (!empty(vulnerabilityAssessmentsObj)) { - name: '${uniqueString(deployment().name, location)}-Sql-VulnAssessm' - params: { - serverName: server.name - name: vulnerabilityAssessmentsObj.name - recurringScansEmails: contains(vulnerabilityAssessmentsObj, 'recurringScansEmails') ? vulnerabilityAssessmentsObj.recurringScansEmails : [] - recurringScansEmailSubscriptionAdmins: contains(vulnerabilityAssessmentsObj, 'recurringScansEmailSubscriptionAdmins') ? vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins : false - recurringScansIsEnabled: contains(vulnerabilityAssessmentsObj, 'recurringScansIsEnabled') ? vulnerabilityAssessmentsObj.recurringScansIsEnabled : false - vulnerabilityAssessmentsStorageAccountId: contains(vulnerabilityAssessmentsObj, 'vulnerabilityAssessmentsStorageAccountId') ? vulnerabilityAssessmentsObj.vulnerabilityAssessmentsStorageAccountId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } - dependsOn: [ - server_securityAlertPolicies - ] -} - -@description('The name of the deployed SQL server.') -output name string = server.name - -@description('The resource ID of the deployed SQL server.') -output resourceId string = server.id - -@description('The resource group of the deployed SQL server.') -output resourceGroupName string = resourceGroup().name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(server.identity, 'principalId') ? server.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = server.location diff --git a/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep b/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep deleted file mode 100644 index 2ca51b8545..0000000000 --- a/modules/Microsoft.Sql/servers/firewallRules/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@description('Required. The name of the Server Firewall Rule.') -param name string - -@description('Optional. The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value \'0.0.0.0\' for all Azure-internal IP addresses.') -param endIpAddress string = '0.0.0.0' - -@description('Optional. The start IP address of the firewall rule. Must be IPv4 format. Use value \'0.0.0.0\' for all Azure-internal IP addresses.') -param startIpAddress string = '0.0.0.0' - -@description('Conditional. The name of the parent SQL Server. Required if the template is used in a standalone deployment.') -param serverName string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = { - name: serverName -} - -resource firewallRule 'Microsoft.Sql/servers/firewallRules@2021-05-01-preview' = { - name: name - parent: server - properties: { - endIpAddress: endIpAddress - startIpAddress: startIpAddress - } -} - -@description('The name of the deployed firewall rule.') -output name string = firewallRule.name - -@description('The resource ID of the deployed firewall rule.') -output resourceId string = firewallRule.id - -@description('The resource group of the deployed firewall rule.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/servers/firewallRules/readme.md b/modules/Microsoft.Sql/servers/firewallRules/readme.md deleted file mode 100644 index cfaef0038a..0000000000 --- a/modules/Microsoft.Sql/servers/firewallRules/readme.md +++ /dev/null @@ -1,43 +0,0 @@ -# SQL Server Firewall rule `[Microsoft.Sql/servers/firewallrules]` - -This module deploys an SQL Server Firewall rule. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/servers/firewallRules` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Server Firewall Rule. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endIpAddress` | string | `'0.0.0.0'` | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `startIpAddress` | string | `'0.0.0.0'` | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed firewall rule. | -| `resourceGroupName` | string | The resource group of the deployed firewall rule. | -| `resourceId` | string | The resource ID of the deployed firewall rule. | diff --git a/modules/Microsoft.Sql/servers/firewallRules/version.json b/modules/Microsoft.Sql/servers/firewallRules/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/servers/firewallRules/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md deleted file mode 100644 index c83c4d5229..0000000000 --- a/modules/Microsoft.Sql/servers/readme.md +++ /dev/null @@ -1,571 +0,0 @@ -# SQL Servers `[Microsoft.Sql/servers]` - -This module deploys a SQL server. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Sql/servers` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers) | -| `Microsoft.Sql/servers/databases` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/servers/databases) | -| `Microsoft.Sql/servers/firewallRules` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/firewallRules) | -| `Microsoft.Sql/servers/securityAlertPolicies` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/securityAlertPolicies) | -| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the server. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `administratorLogin` | string | `''` | The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. | -| `administratorLoginPassword` | secureString | `''` | The administrator login password. Required if no `administrators` object for AAD authentication is provided. | -| `administrators` | object | `{object}` | The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `databases` | _[databases](databases/readme.md)_ array | `[]` | | The databases to create in the server. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `firewallRules` | _[firewallRules](firewallRules/readme.md)_ array | `[]` | | The firewall rules to create in the server. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityAlertPolicies` | _[securityAlertPolicies](securityAlertPolicies/readme.md)_ array | `[]` | | The security alert policies to create in the server. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vulnerabilityAssessmentsObj` | _[vulnerabilityAssessments](vulnerabilityAssessments/readme.md)_ object | `{object}` | | The vulnerability assessment configuration. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -### Parameter Usage: `administrators` - -Configure Azure Active Directory Authentication method for server administrator. -https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/servers/administrators?tabs=bicep - -

- -Parameter JSON format - -```json -"administrators": { - "value": { - "azureADOnlyAuthentication": true - "login": "John Doe", // if application can be anything - "sid": "<>", // if application, the object ID - "principalType" : "User", // options: "User", "Group", "Application" - "tenantId": "<>" - } -} -``` - -
- -
- -Bicep format - -```bicep -administrators: { - azureADOnlyAuthentication: true - login: 'John Doe' // if application can be anything - sid: '<>' // if application the object ID - 'principalType' : 'User' // options: 'User' 'Group' 'Application' - tenantId: '<>' -} -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed SQL server. | -| `resourceGroupName` | string | The resource group of the deployed SQL server. | -| `resourceId` | string | The resource ID of the deployed SQL server. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlsrv-admin-001" - }, - "administrators": { - "value": { - "azureADOnlyAuthentication": true, - "login": "myspn", - "sid": "<>", - "principalType": "Application", - "tenantId": "<>" - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module servers './Microsoft.Sql/servers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-servers' - params: { - name: '<>-az-sqlsrv-admin-001' - administrators: { - azureADOnlyAuthentication: true - login: 'myspn' - sid: '<>' - principalType: 'Application' - tenantId: '<>' - } - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-sqlsrv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "administratorLogin": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLogin" - } - }, - "administratorLoginPassword": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLoginPassword" - } - }, - "location": { - "value": "westeurope" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "vulnerabilityAssessmentsObj": { - "value": { - "name": "default", - "emailSubscriptionAdmins": true, - "recurringScansIsEnabled": true, - "recurringScansEmails": [ - "test1@contoso.com", - "test2@contoso.com" - ], - "vulnerabilityAssessmentsStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - } - }, - "databases": { - "value": [ - { - "name": "<>-az-sqldb-x-001", - "collation": "SQL_Latin1_General_CP1_CI_AS", - "skuTier": "BusinessCritical", - "skuName": "BC_Gen5", - "skuCapacity": 12, - "skuFamily": "Gen5", - "maxSizeBytes": 34359738368, - "licenseType": "LicenseIncluded", - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001" - } - ] - }, - "firewallRules": { - "value": [ - { - "name": "AllowAllWindowsAzureIps", - "endIpAddress": "0.0.0.0", - "startIpAddress": "0.0.0.0" - } - ] - }, - "securityAlertPolicies": { - "value": [ - { - "name": "Default", - "state": "Enabled", - "emailAccountAdmins": true - } - ] - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sqlServer" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -resource kv1 'Microsoft.KeyVault/vaults@2019-09-01' existing = { - name: 'adp-<>-az-kv-x-001' - scope: resourceGroup('<>','<>') -} - -module servers './Microsoft.Sql/servers/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-servers' - params: { - name: '<>-az-sqlsrv-x-001' - lock: 'CanNotDelete' - administratorLogin: kv1.getSecret('administratorLogin') - administratorLoginPassword: kv1.getSecret('administratorLoginPassword') - location: 'westeurope' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - vulnerabilityAssessmentsObj: { - name: 'default' - emailSubscriptionAdmins: true - recurringScansIsEnabled: true - recurringScansEmails: [ - 'test1@contoso.com' - 'test2@contoso.com' - ] - vulnerabilityAssessmentsStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - } - databases: [ - { - name: '<>-az-sqldb-x-001' - collation: 'SQL_Latin1_General_CP1_CI_AS' - skuTier: 'BusinessCritical' - skuName: 'BC_Gen5' - skuCapacity: 12 - skuFamily: 'Gen5' - maxSizeBytes: 34359738368 - licenseType: 'LicenseIncluded' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } - ] - firewallRules: [ - { - name: 'AllowAllWindowsAzureIps' - endIpAddress: '0.0.0.0' - startIpAddress: '0.0.0.0' - } - ] - securityAlertPolicies: [ - { - name: 'Default' - state: 'Enabled' - emailAccountAdmins: true - } - ] - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'sqlServer' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep b/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep deleted file mode 100644 index 7800a6c409..0000000000 --- a/modules/Microsoft.Sql/servers/securityAlertPolicies/deploy.bicep +++ /dev/null @@ -1,73 +0,0 @@ -@description('Required. The name of the Security Alert Policy.') -param name string - -@description('Optional. Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force.') -param disabledAlerts array = [] - -@description('Optional. Specifies that the alert is sent to the account administrators.') -param emailAccountAdmins bool = false - -@description('Optional. Specifies an array of email addresses to which the alert is sent.') -param emailAddresses array = [] - -@description('Optional. Specifies the number of days to keep in the Threat Detection audit logs.') -param retentionDays int = 0 - -@description('Optional. Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.') -@allowed([ - 'Disabled' - 'Enabled' -]) -param state string = 'Disabled' - -@description('Optional. Specifies the identifier key of the Threat Detection audit storage account..') -@secure() -param storageAccountAccessKey string = '' - -@description('Optional. Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs.') -param storageEndpoint string = '' - -@description('Conditional. The name of the parent SQL Server. Required if the template is used in a standalone deployment.') -param serverName string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = { - name: serverName -} - -resource securityAlertPolicy 'Microsoft.Sql/servers/securityAlertPolicies@2021-05-01-preview' = { - name: name - parent: server - properties: { - disabledAlerts: disabledAlerts - emailAccountAdmins: emailAccountAdmins - emailAddresses: emailAddresses - retentionDays: retentionDays - state: state - storageAccountAccessKey: empty(storageAccountAccessKey) ? null : storageAccountAccessKey - storageEndpoint: empty(storageEndpoint) ? null : storageEndpoint - } -} - -@description('The name of the deployed security alert policy.') -output name string = securityAlertPolicy.name - -@description('The resource ID of the deployed security alert policy.') -output resourceId string = securityAlertPolicy.id - -@description('The resource group of the deployed security alert policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md b/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md deleted file mode 100644 index 31cf4c9f55..0000000000 --- a/modules/Microsoft.Sql/servers/securityAlertPolicies/readme.md +++ /dev/null @@ -1,48 +0,0 @@ -# SQL Server Security Alert Policy `[Microsoft.Sql/servers/securityAlertPolicies]` - -This module deploys an SQL Server Security Alert Policy. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/servers/securityAlertPolicies` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/servers/securityAlertPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Security Alert Policy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `serverName` | string | The name of the parent SQL Server. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `disabledAlerts` | array | `[]` | | Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force. | -| `emailAccountAdmins` | bool | `False` | | Specifies that the alert is sent to the account administrators. | -| `emailAddresses` | array | `[]` | | Specifies an array of email addresses to which the alert is sent. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `retentionDays` | int | `0` | | Specifies the number of days to keep in the Threat Detection audit logs. | -| `state` | string | `'Disabled'` | `[Disabled, Enabled]` | Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. | -| `storageAccountAccessKey` | secureString | `''` | | Specifies the identifier key of the Threat Detection audit storage account.. | -| `storageEndpoint` | string | `''` | | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed security alert policy. | -| `resourceGroupName` | string | The resource group of the deployed security alert policy. | -| `resourceId` | string | The resource ID of the deployed security alert policy. | diff --git a/modules/Microsoft.Sql/servers/securityAlertPolicies/version.json b/modules/Microsoft.Sql/servers/securityAlertPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/servers/securityAlertPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/servers/version.json b/modules/Microsoft.Sql/servers/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Sql/servers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep deleted file mode 100644 index 777f905259..0000000000 --- a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/deploy.bicep +++ /dev/null @@ -1,59 +0,0 @@ -@description('Required. The name of the vulnerability assessment.') -param name string - -@description('Required. The Name of SQL Server.') -param serverName string - -@description('Optional. Recurring scans state.') -param recurringScansIsEnabled bool = false - -@description('Optional. Specifies that the schedule scan notification will be is sent to the subscription administrators.') -param recurringScansEmailSubscriptionAdmins bool = false - -@description('Optional. Specifies an array of email addresses to which the scan notification is sent.') -param recurringScansEmails array = [] - -@description('Optional. A blob storage to hold the scan results.') -param vulnerabilityAssessmentsStorageAccountId string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-9319755b-f697-4146-b966-4656e0b46cac-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource server 'Microsoft.Sql/servers@2021-05-01-preview' existing = { - name: serverName -} - -resource vulnerabilityAssessment 'Microsoft.Sql/servers/vulnerabilityAssessments@2021-11-01-preview' = { - name: name - parent: server - properties: { - storageContainerPath: 'https://${last(split(vulnerabilityAssessmentsStorageAccountId, '/'))}.blob.${environment().suffixes.storage}/vulnerability-assessment/' - storageAccountAccessKey: listKeys(vulnerabilityAssessmentsStorageAccountId, '2019-06-01').keys[0].value - recurringScans: { - isEnabled: recurringScansIsEnabled - emailSubscriptionAdmins: recurringScansEmailSubscriptionAdmins - emails: recurringScansEmails - } - } -} - -@description('The name of the deployed vulnerability assessment.') -output name string = vulnerabilityAssessment.name - -@description('The resource ID of the deployed vulnerability assessment.') -output resourceId string = vulnerabilityAssessment.id - -@description('The resource group of the deployed vulnerability assessment.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md deleted file mode 100644 index e9aae9829c..0000000000 --- a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/readme.md +++ /dev/null @@ -1,41 +0,0 @@ -# SQL Server Vulnerability Assessments `[Microsoft.Sql/servers/vulnerabilityAssessments]` - -This module deploys a vulnerability assessment for a SQL server. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Sql/servers/vulnerabilityAssessments` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-11-01-preview/servers/vulnerabilityAssessments) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the vulnerability assessment. | -| `serverName` | string | The Name of SQL Server. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `recurringScansEmails` | array | `[]` | Specifies an array of email addresses to which the scan notification is sent. | -| `recurringScansEmailSubscriptionAdmins` | bool | `False` | Specifies that the schedule scan notification will be is sent to the subscription administrators. | -| `recurringScansIsEnabled` | bool | `False` | Recurring scans state. | -| `vulnerabilityAssessmentsStorageAccountId` | string | `''` | A blob storage to hold the scan results. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed vulnerability assessment. | -| `resourceGroupName` | string | The resource group of the deployed vulnerability assessment. | -| `resourceId` | string | The resource ID of the deployed vulnerability assessment. | diff --git a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json b/modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json deleted file mode 100644 index badc0a2285..0000000000 --- a/modules/Microsoft.Sql/servers/vulnerabilityAssessments/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.5" -} diff --git a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 269332a976..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,80 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reader and Data Access': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Storage Account Backup Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12') - 'Storage Blob Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') - 'Storage Blob Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b') - 'Storage Blob Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1') - 'Storage Blob Delegator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a') - 'Storage File Data SMB Share Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb') - 'Storage File Data SMB Share Elevated Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7264617-510b-434b-a828-9731dc254ea7') - 'Storage File Data SMB Share Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aba4ae5f-2193-4029-9191-0cb91df5e314') - 'Storage Queue Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88') - 'Storage Queue Data Message Processor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8a0f0c08-91a1-4084-bc3d-661d67233fed') - 'Storage Queue Data Message Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a') - 'Storage Queue Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '19e7f393-937e-4f77-808e-94535e297925') - 'Storage Table Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3') - 'Storage Table Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76199698-9eea-4c19-bc75-cec21354c6b6') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(storageAccount.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: storageAccount -}] diff --git a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json deleted file mode 100644 index cdc4f530c1..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/encr.parameters.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsaencr001" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "publicNetworkAccess": { - "value": "Disabled" - }, - "requireInfrastructureEncryption": { - "value": true - }, - "systemAssignedIdentity": { - "value": false - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" - }, - "cMKKeyName": { - "value": "keyEncryptionKey" - }, - "cMKUserAssignedIdentityResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - } - } -} diff --git a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json deleted file mode 100644 index 30ac50db6d..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "allowBlobPublicAccess": { - "value": false - } - } -} diff --git a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json deleted file mode 100644 index 7ae90dbdad..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/nfs.parameters.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsax002" - }, - "storageAccountSku": { - "value": "Premium_LRS" - }, - "storageAccountKind": { - "value": "FileStorage" - }, - "allowBlobPublicAccess": { - "value": false - }, - "supportsHttpsTrafficOnly": { - "value": false - }, - "fileServices": { - "value": { - "shares": [ - { - "name": "nfsfileshare", - "enabledProtocols": "NFS" - } - ] - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json deleted file mode 100644 index 6783c5818a..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/parameters.json +++ /dev/null @@ -1,192 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsax001" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "publicNetworkAccess": { - "value": "Disabled" - }, - "requireInfrastructureEncryption": { - "value": true - }, - "lock": { - "value": "CanNotDelete" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "blob" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "table" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "queue" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "file" - } - ] - }, - "networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "action": "Allow" - } - ], - "ipRules": [ - { - "action": "Allow", - "value": "1.1.1.1" - } - ] - } - }, - "blobServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "containers": [ - { - "name": "avdscripts", - "publicAccess": "None", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "archivecontainer", - "publicAccess": "None", - "enableWORM": true, - "WORMRetention": 666, - "allowProtectedAppendWrites": false - } - ] - } - }, - "fileServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "shares": [ - { - "name": "avdprofiles", - "shareQuota": "5120", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "avdprofiles2", - "shareQuota": "5120" - } - ] - } - }, - "tableServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "tables": [ - "table1", - "table2" - ] - } - }, - "queueServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "queues": [ - { - "name": "queue1", - "metadata": {}, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "queue2", - "metadata": {} - } - ] - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json b/modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json deleted file mode 100644 index c411287f9c..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/.deploymentTests/v1.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "storageAccountKind": { - "value": "Storage" - }, - "allowBlobPublicAccess": { - "value": false - } - } -} diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index b1efabf41c..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,71 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reader and Data Access': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Storage Account Backup Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12') - 'Storage Blob Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') - 'Storage Blob Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b') - 'Storage Blob Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1') - 'Storage Blob Delegator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(container.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: container -}] diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep deleted file mode 100644 index 2f19f5fb2d..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep +++ /dev/null @@ -1,91 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. Name of the blob service.') -param blobServicesName string = 'default' - -@description('Required. The name of the storage container to deploy.') -param name string - -@description('Optional. Name of the immutable policy.') -param immutabilityPolicyName string = 'default' - -@allowed([ - 'Container' - 'Blob' - 'None' -]) -@description('Optional. Specifies whether data in the container may be accessed publicly and the level of access.') -param publicAccess string = 'None' - -@description('Optional. Configure immutability policy.') -param immutabilityPolicyProperties object = {} - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName - - resource blobServices 'blobServices@2021-06-01' existing = { - name: blobServicesName - } -} - -resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2019-06-01' = { - name: name - parent: storageAccount::blobServices - properties: { - publicAccess: publicAccess - } -} - -module immutabilityPolicy 'immutabilityPolicies/deploy.bicep' = if (!empty(immutabilityPolicyProperties)) { - name: immutabilityPolicyName - params: { - storageAccountName: storageAccount.name - blobServicesName: storageAccount::blobServices.name - containerName: container.name - immutabilityPeriodSinceCreationInDays: contains(immutabilityPolicyProperties, 'immutabilityPeriodSinceCreationInDays') ? immutabilityPolicyProperties.immutabilityPeriodSinceCreationInDays : 365 - allowProtectedAppendWrites: contains(immutabilityPolicyProperties, 'allowProtectedAppendWrites') ? immutabilityPolicyProperties.allowProtectedAppendWrites : true - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module container_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: container.id - } -}] - -@description('The name of the deployed container.') -output name string = container.name - -@description('The resource ID of the deployed container.') -output resourceId string = container.id - -@description('The resource group of the deployed container.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep deleted file mode 100644 index 82611798cb..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/deploy.bicep +++ /dev/null @@ -1,63 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Conditional. The name of the parent blob service. Required if the template is used in a standalone deployment.') -param blobServicesName string = 'default' - -@description('Conditional. The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment.') -param containerName string - -@description('Optional. Name of the immutable policy.') -param name string = 'default' - -@description('Optional. The immutability period for the blobs in the container since the policy creation, in days.') -param immutabilityPeriodSinceCreationInDays int = 365 - -@description('Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API.') -param allowProtectedAppendWrites bool = true - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName - - resource blobServices 'blobServices@2021-06-01' existing = { - name: blobServicesName - - resource container 'containers@2019-06-01' existing = { - name: containerName - } - } -} - -resource immutabilityPolicy 'Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2019-06-01' = { - name: name - parent: storageAccount::blobServices::container - properties: { - immutabilityPeriodSinceCreationInDays: immutabilityPeriodSinceCreationInDays - allowProtectedAppendWrites: allowProtectedAppendWrites - } -} - -@description('The name of the deployed immutability policy.') -output name string = immutabilityPolicy.name - -@description('The resource ID of the deployed immutability policy.') -output resourceId string = immutabilityPolicy.id - -@description('The resource group of the deployed immutability policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md deleted file mode 100644 index 6d896b03ae..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/readme.md +++ /dev/null @@ -1,41 +0,0 @@ -# Blob Container Immutability Policy `[Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies]` - -This module deploys an Immutability Policy for a blob container - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `blobServicesName` | string | `'default'` | The name of the parent blob service. Required if the template is used in a standalone deployment. | -| `containerName` | string | | The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. | -| `storageAccountName` | string | | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowProtectedAppendWrites` | bool | `True` | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `immutabilityPeriodSinceCreationInDays` | int | `365` | The immutability period for the blobs in the container since the policy creation, in days. | -| `name` | string | `'default'` | Name of the immutable policy. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed immutability policy. | -| `resourceGroupName` | string | The resource group of the deployed immutability policy. | -| `resourceId` | string | The resource ID of the deployed immutability policy. | diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md deleted file mode 100644 index 3166ec4c32..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md +++ /dev/null @@ -1,107 +0,0 @@ -# Storage Account Container `[Microsoft.Storage/storageAccounts/blobServices/containers]` - -This module deploys a blob container - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Storage/storageAccounts/blobServices/containers` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) | -| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the storage container to deploy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `blobServicesName` | string | `'default'` | | Name of the blob service. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `immutabilityPolicyName` | string | `'default'` | | Name of the immutable policy. | -| `immutabilityPolicyProperties` | object | `{object}` | | Configure immutability policy. | -| `publicAccess` | string | `'None'` | `[Container, Blob, None]` | Specifies whether data in the container may be accessed publicly and the level of access. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed container. | -| `resourceGroupName` | string | The resource group of the deployed container. | -| `resourceId` | string | The resource ID of the deployed container. | diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep deleted file mode 100644 index 333e1a429c..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/deploy.bicep +++ /dev/null @@ -1,145 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. The name of the blob service.') -param name string = 'default' - -@description('Optional. Indicates whether DeleteRetentionPolicy is enabled for the Blob service.') -param deleteRetentionPolicy bool = true - -@description('Optional. Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365.') -param deleteRetentionPolicyDays int = 7 - -@description('Optional. Automatic Snapshot is enabled if set to true.') -param automaticSnapshotPolicyEnabled bool = false - -@description('Optional. Blob containers to create.') -param containers array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of a log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -]) -param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Transaction' -]) -param diagnosticMetricsToEnable array = [ - 'Transaction' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName -} - -resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01' = { - name: name - parent: storageAccount - properties: { - deleteRetentionPolicy: { - enabled: deleteRetentionPolicy - days: deleteRetentionPolicyDays - } - automaticSnapshotPolicyEnabled: automaticSnapshotPolicyEnabled - } -} - -resource blobServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: blobServices -} - -module blobServices_container 'containers/deploy.bicep' = [for (container, index) in containers: { - name: '${deployment().name}-Container-${index}' - params: { - storageAccountName: storageAccount.name - blobServicesName: blobServices.name - name: container.name - publicAccess: contains(container, 'publicAccess') ? container.publicAccess : 'None' - roleAssignments: contains(container, 'roleAssignments') ? container.roleAssignments : [] - immutabilityPolicyProperties: contains(container, 'immutabilityPolicyProperties') ? container.immutabilityPolicyProperties : {} - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed blob service.') -output name string = blobServices.name - -@description('The resource ID of the deployed blob service.') -output resourceId string = blobServices.id - -@description('The name of the deployed blob service.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md deleted file mode 100644 index 79e6bb38fd..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ /dev/null @@ -1,53 +0,0 @@ -# Storage Account blob services `[Microsoft.Storage/storageAccounts/blobServices]` - -This module can be used to deploy a blob service into a storage account. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Storage/storageAccounts/blobServices` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) | -| `Microsoft.Storage/storageAccounts/blobServices/containers` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) | -| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `automaticSnapshotPolicyEnabled` | bool | `False` | | Automatic Snapshot is enabled if set to true. | -| `containers` | _[containers](containers/readme.md)_ array | `[]` | | Blob containers to create. | -| `deleteRetentionPolicy` | bool | `True` | | Indicates whether DeleteRetentionPolicy is enabled for the Blob service. | -| `deleteRetentionPolicyDays` | int | `7` | | Indicates the number of days that the deleted blob should be retained. The minimum specified value can be 1 and the maximum value can be 365. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | | The name of the blob service. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed blob service. | -| `resourceGroupName` | string | The name of the deployed blob service. | -| `resourceId` | string | The resource ID of the deployed blob service. | diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/version.json b/modules/Microsoft.Storage/storageAccounts/blobServices/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep deleted file mode 100644 index 3197f8c17f..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ /dev/null @@ -1,404 +0,0 @@ -@maxLength(24) -@description('Optional. Name of the Storage Account. Autogenerated with a unique string if not provided.') -param name string = '' - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@allowed([ - 'Storage' - 'StorageV2' - 'BlobStorage' - 'FileStorage' - 'BlockBlobStorage' -]) -@description('Optional. Type of Storage Account to create.') -param storageAccountKind string = 'StorageV2' - -@allowed([ - 'Standard_LRS' - 'Standard_GRS' - 'Standard_RAGRS' - 'Standard_ZRS' - 'Premium_LRS' - 'Premium_ZRS' - 'Standard_GZRS' - 'Standard_RAGZRS' -]) -@description('Optional. Storage Account Sku Name.') -param storageAccountSku string = 'Standard_GRS' - -@allowed([ - 'Hot' - 'Cool' -]) -@description('Optional. Storage Account Access Tier.') -param storageAccountAccessTier string = 'Hot' - -@description('Optional. Provides the identity based authentication settings for Azure Files.') -param azureFilesIdentityBasedAuthentication object = {} - -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints array = [] - -@description('Optional. The Storage Account ManagementPolicies Rules.') -param managementPolicyRules array = [] - -@description('Optional. Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny.') -param networkAcls object = {} - -@description('Optional. A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true.') -param requireInfrastructureEncryption bool = true - -@description('Optional. Blob service and containers to deploy.') -param blobServices object = {} - -@description('Optional. File service and shares to deploy.') -param fileServices object = {} - -@description('Optional. Queue service and queues to create.') -param queueServices object = {} - -@description('Optional. Table service and tables to create.') -param tableServices object = {} - -@description('Optional. Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false.') -param allowBlobPublicAccess bool = false - -@allowed([ - 'TLS1_0' - 'TLS1_1' - 'TLS1_2' -]) -@description('Optional. Set the minimum TLS version on request to storage.') -param minimumTlsVersion string = 'TLS1_2' - -@description('Optional. If true, enables Hierarchical Namespace for the storage account.') -param enableHierarchicalNamespace bool = false - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Generated. Do not provide a value! This date value is used to generate a SAS token to access the modules.') -param basetime string = utcNow('u') - -@allowed([ - 'Enabled' - 'Disabled' -]) - -@description('Optional. Enable or disallow public network access to Storage Account..') -param publicNetworkAccess string = 'Enabled' - -@description('Optional. Allows HTTPS traffic only to storage service if sets to true.') -param supportsHttpsTrafficOnly bool = true - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Transaction' -]) -param diagnosticMetricsToEnable array = [ - 'Transaction' -] - -@description('Optional. The resource ID of a key vault to reference a customer managed key for encryption from.') -param cMKKeyVaultResourceId string = '' - -@description('Optional. The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter \'systemAssignedIdentity\' enabled.') -param cMKKeyName string = '' - -@description('Conditional. User assigned identity to use when fetching the customer managed key. Required if \'cMKKeyName\' is not empty.') -param cMKUserAssignedIdentityResourceId string = '' - -@description('Optional. The version of the customer managed key to reference for encryption. If not provided, latest is used.') -param cMKKeyVersion string = '' - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var maxNameLength = 24 -var uniqueStorageNameUntrim = uniqueString('Storage Account${basetime}') -var uniqueStorageName = length(uniqueStorageNameUntrim) > maxNameLength ? substring(uniqueStorageNameUntrim, 0, maxNameLength) : uniqueStorageNameUntrim - -var supportsBlobService = storageAccountKind == 'BlockBlobStorage' || storageAccountKind == 'BlobStorage' || storageAccountKind == 'StorageV2' || storageAccountKind == 'Storage' -var supportsFileService = storageAccountKind == 'FileStorage' || storageAccountKind == 'StorageV2' || storageAccountKind == 'Storage' - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = if (!empty(cMKKeyVaultResourceId)) { - name: last(split(cMKKeyVaultResourceId, '/')) - scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = { - name: !empty(name) ? name : uniqueStorageName - location: location - kind: storageAccountKind - sku: { - name: storageAccountSku - } - identity: identity - tags: tags - properties: { - encryption: { - keySource: !empty(cMKKeyName) ? 'Microsoft.Keyvault' : 'Microsoft.Storage' - services: { - blob: supportsBlobService ? { - enabled: true - } : null - file: supportsFileService ? { - enabled: true - } : null - table: { - enabled: true - } - queue: { - enabled: true - } - } - requireInfrastructureEncryption: storageAccountKind != 'Storage' ? requireInfrastructureEncryption : null - keyvaultproperties: !empty(cMKKeyName) ? { - keyname: cMKKeyName - keyvaulturi: keyVault.properties.vaultUri - keyversion: !empty(cMKKeyVersion) ? cMKKeyVersion : null - } : null - identity: !empty(cMKKeyName) ? { - userAssignedIdentity: cMKUserAssignedIdentityResourceId - } : null - } - accessTier: storageAccountKind != 'Storage' ? storageAccountAccessTier : null - supportsHttpsTrafficOnly: supportsHttpsTrafficOnly - isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null - minimumTlsVersion: minimumTlsVersion - networkAcls: !empty(networkAcls) ? { - bypass: !empty(networkAcls) ? networkAcls.bypass : null - defaultAction: !empty(networkAcls) ? networkAcls.defaultAction : null - virtualNetworkRules: (!empty(networkAcls) && contains(networkAcls, 'virtualNetworkRules')) ? networkAcls.virtualNetworkRules : [] - ipRules: (!empty(networkAcls) && contains(networkAcls, 'ipRules')) ? networkAcls.ipRules : [] - } : null - allowBlobPublicAccess: allowBlobPublicAccess - publicNetworkAccess: publicNetworkAccess - azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null - } -} - -resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - } - scope: storageAccount -} - -resource storageAccount_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${storageAccount.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: storageAccount -} - -module storageAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-Storage-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: storageAccount.id - } -}] - -module storageAccount_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-StorageAccount-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: storageAccount.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -// Lifecycle Policy -module storageAccount_managementPolicies 'managementPolicies/deploy.bicep' = if (!empty(managementPolicyRules)) { - name: '${uniqueString(deployment().name, location)}-Storage-ManagementPolicies' - params: { - storageAccountName: storageAccount.name - rules: managementPolicyRules - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -// Containers -module storageAccount_blobServices 'blobServices/deploy.bicep' = if (!empty(blobServices)) { - name: '${uniqueString(deployment().name, location)}-Storage-BlobServices' - params: { - storageAccountName: storageAccount.name - containers: contains(blobServices, 'containers') ? blobServices.containers : [] - automaticSnapshotPolicyEnabled: contains(blobServices, 'automaticSnapshotPolicyEnabled') ? blobServices.automaticSnapshotPolicyEnabled : false - deleteRetentionPolicy: contains(blobServices, 'deleteRetentionPolicy') ? blobServices.deleteRetentionPolicy : true - deleteRetentionPolicyDays: contains(blobServices, 'deleteRetentionPolicyDays') ? blobServices.deleteRetentionPolicyDays : 7 - diagnosticLogsRetentionInDays: contains(blobServices, 'diagnosticLogsRetentionInDays') ? blobServices.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(blobServices, 'diagnosticStorageAccountId') ? blobServices.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(blobServices, 'diagnosticEventHubAuthorizationRuleId') ? blobServices.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(blobServices, 'diagnosticEventHubName') ? blobServices.diagnosticEventHubName : '' - diagnosticLogCategoriesToEnable: contains(blobServices, 'diagnosticLogCategoriesToEnable') ? blobServices.diagnosticLogCategoriesToEnable : [] - diagnosticMetricsToEnable: contains(blobServices, 'diagnosticMetricsToEnable') ? blobServices.diagnosticMetricsToEnable : [] - diagnosticWorkspaceId: contains(blobServices, 'diagnosticWorkspaceId') ? blobServices.diagnosticWorkspaceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -// File Shares -module storageAccount_fileServices 'fileServices/deploy.bicep' = if (!empty(fileServices)) { - name: '${uniqueString(deployment().name, location)}-Storage-FileServices' - params: { - storageAccountName: storageAccount.name - diagnosticLogsRetentionInDays: contains(fileServices, 'diagnosticLogsRetentionInDays') ? fileServices.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(fileServices, 'diagnosticStorageAccountId') ? fileServices.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(fileServices, 'diagnosticEventHubAuthorizationRuleId') ? fileServices.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(fileServices, 'diagnosticEventHubName') ? fileServices.diagnosticEventHubName : '' - diagnosticLogCategoriesToEnable: contains(fileServices, 'diagnosticLogCategoriesToEnable') ? fileServices.diagnosticLogCategoriesToEnable : [] - diagnosticMetricsToEnable: contains(fileServices, 'diagnosticMetricsToEnable') ? fileServices.diagnosticMetricsToEnable : [] - protocolSettings: contains(fileServices, 'protocolSettings') ? fileServices.protocolSettings : {} - shareDeleteRetentionPolicy: contains(fileServices, 'shareDeleteRetentionPolicy') ? fileServices.shareDeleteRetentionPolicy : { - enabled: true - days: 7 - } - shares: contains(fileServices, 'shares') ? fileServices.shares : [] - diagnosticWorkspaceId: contains(fileServices, 'diagnosticWorkspaceId') ? fileServices.diagnosticWorkspaceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -// Queue -module storageAccount_queueServices 'queueServices/deploy.bicep' = if (!empty(queueServices)) { - name: '${uniqueString(deployment().name, location)}-Storage-QueueServices' - params: { - storageAccountName: storageAccount.name - diagnosticLogsRetentionInDays: contains(queueServices, 'diagnosticLogsRetentionInDays') ? queueServices.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(queueServices, 'diagnosticStorageAccountId') ? queueServices.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(queueServices, 'diagnosticEventHubAuthorizationRuleId') ? queueServices.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(queueServices, 'diagnosticEventHubName') ? queueServices.diagnosticEventHubName : '' - diagnosticLogCategoriesToEnable: contains(queueServices, 'diagnosticLogCategoriesToEnable') ? queueServices.diagnosticLogCategoriesToEnable : [] - diagnosticMetricsToEnable: contains(queueServices, 'diagnosticMetricsToEnable') ? queueServices.diagnosticMetricsToEnable : [] - queues: contains(queueServices, 'queues') ? queueServices.queues : [] - diagnosticWorkspaceId: contains(queueServices, 'diagnosticWorkspaceId') ? queueServices.diagnosticWorkspaceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -// Table -module storageAccount_tableServices 'tableServices/deploy.bicep' = if (!empty(tableServices)) { - name: '${uniqueString(deployment().name, location)}-Storage-TableServices' - params: { - storageAccountName: storageAccount.name - diagnosticLogsRetentionInDays: contains(tableServices, 'diagnosticLogsRetentionInDays') ? tableServices.diagnosticLogsRetentionInDays : 365 - diagnosticStorageAccountId: contains(tableServices, 'diagnosticStorageAccountId') ? tableServices.diagnosticStorageAccountId : '' - diagnosticEventHubAuthorizationRuleId: contains(tableServices, 'diagnosticEventHubAuthorizationRuleId') ? tableServices.diagnosticEventHubAuthorizationRuleId : '' - diagnosticEventHubName: contains(tableServices, 'diagnosticEventHubName') ? tableServices.diagnosticEventHubName : '' - diagnosticLogCategoriesToEnable: contains(tableServices, 'diagnosticLogCategoriesToEnable') ? tableServices.diagnosticLogCategoriesToEnable : [] - diagnosticMetricsToEnable: contains(tableServices, 'diagnosticMetricsToEnable') ? tableServices.diagnosticMetricsToEnable : [] - tables: contains(tableServices, 'tables') ? tableServices.tables : [] - diagnosticWorkspaceId: contains(tableServices, 'diagnosticWorkspaceId') ? tableServices.diagnosticWorkspaceId : '' - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -@description('The resource ID of the deployed storage account.') -output resourceId string = storageAccount.id - -@description('The name of the deployed storage account.') -output name string = storageAccount.name - -@description('The resource group of the deployed storage account.') -output resourceGroupName string = resourceGroup().name - -@description('The primary blob endpoint reference if blob services are deployed.') -output primaryBlobEndpoint string = !empty(blobServices) && contains(blobServices, 'containers') ? reference('Microsoft.Storage/storageAccounts/${storageAccount.name}', '2019-04-01').primaryEndpoints.blob : '' - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(storageAccount.identity, 'principalId') ? storageAccount.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = storageAccount.location diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep deleted file mode 100644 index e3e81b1935..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/deploy.bicep +++ /dev/null @@ -1,143 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. The name of the file service.') -param name string = 'default' - -@description('Optional. Protocol settings for file service.') -param protocolSettings object = {} - -@description('Optional. The service properties for soft delete.') -param shareDeleteRetentionPolicy object = { - enabled: true - days: 7 -} - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of a log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. File shares to create.') -param shares array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -]) -param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Transaction' -]) -param diagnosticMetricsToEnable array = [ - 'Transaction' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName -} - -resource fileServices 'Microsoft.Storage/storageAccounts/fileServices@2021-04-01' = { - name: name - parent: storageAccount - properties: { - protocolSettings: protocolSettings - shareDeleteRetentionPolicy: shareDeleteRetentionPolicy - } -} - -resource fileServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: fileServices -} - -module fileServices_shares 'shares/deploy.bicep' = [for (share, index) in shares: { - name: '${deployment().name}-shares-${index}' - params: { - storageAccountName: storageAccount.name - fileServicesName: fileServices.name - name: share.name - enabledProtocols: contains(share, 'enabledProtocols') ? share.enabledProtocols : 'SMB' - rootSquash: contains(share, 'rootSquash') ? share.rootSquash : 'NoRootSquash' - sharedQuota: contains(share, 'sharedQuota') ? share.sharedQuota : 5120 - roleAssignments: contains(share, 'roleAssignments') ? share.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed file share service.') -output name string = fileServices.name - -@description('The resource ID of the deployed file share service.') -output resourceId string = fileServices.id - -@description('The resource group of the deployed file share service.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md deleted file mode 100644 index e074cf13aa..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ /dev/null @@ -1,51 +0,0 @@ -# Storage Account file share services `[Microsoft.Storage/storageAccounts/fileServices]` - -This module can be used to deploy a file share service into a storage account. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Storage/storageAccounts/fileServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/fileServices) | -| `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts/fileServices/shares) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | | The name of the file service. | -| `protocolSettings` | object | `{object}` | | Protocol settings for file service. | -| `shareDeleteRetentionPolicy` | object | `{object}` | | The service properties for soft delete. | -| `shares` | _[shares](shares/readme.md)_ array | `[]` | | File shares to create. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed file share service. | -| `resourceGroupName` | string | The resource group of the deployed file share service. | -| `resourceId` | string | The resource ID of the deployed file share service. | diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 9d211dd063..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,80 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reader and Data Access': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Storage Account Backup Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12') - 'Storage Blob Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ba92f5b4-2d11-453d-a403-e96b0029c9fe') - 'Storage Blob Data Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b') - 'Storage Blob Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1') - 'Storage Blob Delegator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a') - 'Storage File Data SMB Share Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb') - 'Storage File Data SMB Share Elevated Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7264617-510b-434b-a828-9731dc254ea7') - 'Storage File Data SMB Share Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aba4ae5f-2193-4029-9191-0cb91df5e314') - 'Storage Queue Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88') - 'Storage Queue Data Message Processor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8a0f0c08-91a1-4084-bc3d-661d67233fed') - 'Storage Queue Data Message Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a') - 'Storage Queue Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '19e7f393-937e-4f77-808e-94535e297925') - 'Storage Table Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3') - 'Storage Table Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76199698-9eea-4c19-bc75-cec21354c6b6') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-06-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(fileShare.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: fileShare -}] diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep deleted file mode 100644 index 979a601b13..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep +++ /dev/null @@ -1,83 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Conditional. The name of the parent file service. Required if the template is used in a standalone deployment.') -param fileServicesName string = 'default' - -@description('Required. The name of the file share to create.') -param name string - -@description('Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400.') -param sharedQuota int = 5120 - -@allowed([ - 'NFS' - 'SMB' -]) -@description('Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share.') -param enabledProtocols string = 'SMB' - -@allowed([ - 'AllSquash' - 'NoRootSquash' - 'RootSquash' -]) -@description('Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares.') -param rootSquash string = 'NoRootSquash' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName - - resource fileService 'fileServices@2021-04-01' existing = { - name: fileServicesName - } -} - -resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2021-08-01' = { - name: name - parent: storageAccount::fileService - properties: { - shareQuota: sharedQuota - rootSquash: enabledProtocols == 'NFS' ? rootSquash : null - enabledProtocols: enabledProtocols - } -} - -module fileShare_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: fileShare.id - } -}] - -@description('The name of the deployed file share.') -output name string = fileShare.name - -@description('The resource ID of the deployed file share.') -output resourceId string = fileShare.id - -@description('The resource group of the deployed file share.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md deleted file mode 100644 index be24359634..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md +++ /dev/null @@ -1,106 +0,0 @@ -# File Share `[Microsoft.Storage/storageAccounts/fileServices/shares]` - -This module deploys a storage account file share. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts/fileServices/shares) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the file share to create. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `fileServicesName` | string | `'default'` | The name of the parent file service. Required if the template is used in a standalone deployment. | -| `storageAccountName` | string | | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enabledProtocols` | string | `'SMB'` | `[NFS, SMB]` | The authentication protocol that is used for the file share. Can only be specified when creating a share. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rootSquash` | string | `'NoRootSquash'` | `[AllSquash, NoRootSquash, RootSquash]` | Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. | -| `sharedQuota` | int | `5120` | | The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5TB (5120). For Large File Shares, the maximum size is 102400. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed file share. | -| `resourceGroupName` | string | The resource group of the deployed file share. | -| `resourceId` | string | The resource ID of the deployed file share. | diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/version.json b/modules/Microsoft.Storage/storageAccounts/fileServices/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep deleted file mode 100644 index 6115be34ea..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/managementPolicies/deploy.bicep +++ /dev/null @@ -1,48 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. The name of the storage container to deploy.') -param name string = 'default' - -@description('Required. The Storage Account ManagementPolicies Rules.') -param rules array - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName -} - -// lifecycle policy -resource managementPolicy 'Microsoft.Storage/storageAccounts/managementPolicies@2019-06-01' = if (!empty(rules)) { - name: name - parent: storageAccount - properties: { - policy: { - rules: rules - } - } -} - -@description('The resource ID of the deployed management policy.') -output resourceId string = managementPolicy.name - -@description('The name of the deployed management policy.') -output name string = managementPolicy.name - -@description('The resource group of the deployed management policy.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md b/modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md deleted file mode 100644 index c8b8d136fa..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/managementPolicies/readme.md +++ /dev/null @@ -1,123 +0,0 @@ -# Storage Account Management Policies `[Microsoft.Storage/storageAccounts/managementPolicies]` - -This module can be used to deploy a management policies into a storage account. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Storage/storageAccounts/managementPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/managementPolicies) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `rules` | array | The Storage Account ManagementPolicies Rules. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | The name of the storage container to deploy. | - - -### Parameter Usage: `rules` - -

- -Parameter JSON format - -```json -"rules": { - "value": [ - { - "enabled": true, - "name": "retention-policy", - "type": "Lifecycle", - "definition": { - "actions": { - "baseBlob": { - "tierToArchive": { - "daysAfterModificationGreaterThan": 30 - }, - "delete": { - "daysAfterModificationGreaterThan": 1096 - } - }, - "snapshot": { - "delete": { - "daysAfterCreationGreaterThan": 1096 - } - } - }, - "filters": { - "blobTypes": [ - "blockBlob" - ] - } - } - } - ] -} -``` -
- - -
- -Bicep format - -```bicep -rules: [ - { - enabled: true - name: 'retention-policy' - type: 'Lifecycle' - definition: { - actions: { - baseBlob: { - tierToArchive: { - daysAfterModificationGreaterThan: 30 - } - delete: { - daysAfterModificationGreaterThan: 1096 - } - } - snapshot: { - delete: { - daysAfterCreationGreaterThan: 1096 - } - } - } - filters: { - blobTypes: [ - 'blockBlob' - ] - } - } - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed management policy. | -| `resourceGroupName` | string | The resource group of the deployed management policy. | -| `resourceId` | string | The resource ID of the deployed management policy. | diff --git a/modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json b/modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/managementPolicies/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep deleted file mode 100644 index 1eead7817f..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/deploy.bicep +++ /dev/null @@ -1,129 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. The name of the queue service.') -param name string = 'default' - -@description('Optional. Queues to create.') -param queues array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of a log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -]) -param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Transaction' -]) -param diagnosticMetricsToEnable array = [ - 'Transaction' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName -} - -resource queueServices 'Microsoft.Storage/storageAccounts/queueServices@2021-04-01' = { - name: name - parent: storageAccount - properties: {} -} - -resource queueServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: queueServices -} - -module queueServices_queues 'queues/deploy.bicep' = [for (queue, index) in queues: { - name: '${deployment().name}-Queue-${index}' - params: { - storageAccountName: storageAccount.name - queueServicesName: queueServices.name - name: queue.name - metadata: contains(queue, 'metadata') ? queue.metadata : {} - roleAssignments: contains(queue, 'roleAssignments') ? queue.roleAssignments : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed file share service.') -output name string = queueServices.name - -@description('The resource ID of the deployed file share service.') -output resourceId string = queueServices.id - -@description('The resource group of the deployed file share service.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index f1e85f9964..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,77 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'Disk Snapshot Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce') - 'Dsms Role (deprecated)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b91f4c0b-46e3-47bb-a242-eecfe23b3b5b') - 'Dsms Role (do not use)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7aff565e-6c55-448d-83db-ccf482c6da2f') - 'GenevaWarmPathResourceContributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9f15f5f5-77bd-413a-aa88-4b9c68b1e7bc') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Reader and Data Access': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c12c1c16-33a1-487b-954d-41c89c60f349') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'Storage Account Backup Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'Storage Account Key Operator Service Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '81a9662b-bebf-436f-a333-f67b29880f12') - 'Storage Queue Data Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '974c5e8b-45b9-4653-ba55-5f855dd0fb88') - 'Storage Queue Data Message Processor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8a0f0c08-91a1-4084-bc3d-661d67233fed') - 'Storage Queue Data Message Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c6a89b2d-59bc-44d0-9896-0f6e12d7b80a') - 'Storage Queue Data Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '19e7f393-937e-4f77-808e-94535e297925') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') -} - -resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2019-06-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(queue.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: queue -}] diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep deleted file mode 100644 index 5abea9c492..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Conditional. The name of the parent queue service. Required if the template is used in a standalone deployment.') -param queueServicesName string = 'default' - -@description('Required. The name of the storage queue to deploy.') -param name string - -@description('Required. A name-value pair that represents queue metadata.') -param metadata object = {} - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName - - resource queueServices 'queueServices@2021-06-01' existing = { - name: queueServicesName - } -} - -resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2019-06-01' = { - name: name - parent: storageAccount::queueServices - properties: { - metadata: metadata - } -} - -module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: queue.id - } -}] - -@description('The name of the deployed queue.') -output name string = queue.name - -@description('The resource ID of the deployed queue.') -output resourceId string = queue.id - -@description('The resource group of the deployed queue.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md deleted file mode 100644 index 4aa16d20b9..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md +++ /dev/null @@ -1,104 +0,0 @@ -# Storage Account Queue `[Microsoft.Storage/storageAccounts/queueServices/queues]` - -This module deploys a storage account queue - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Storage/storageAccounts/queueServices/queues` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `metadata` | object | A name-value pair that represents queue metadata. | -| `name` | string | The name of the storage queue to deploy. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `queueServicesName` | string | `'default'` | The name of the parent queue service. Required if the template is used in a standalone deployment. | -| `storageAccountName` | string | | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed queue. | -| `resourceGroupName` | string | The resource group of the deployed queue. | -| `resourceId` | string | The resource ID of the deployed queue. | diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md deleted file mode 100644 index 65aac76390..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ /dev/null @@ -1,49 +0,0 @@ -# Storage Account Queue Services `[Microsoft.Storage/storageAccounts/queueServices]` - -This module can be used to deploy a file share service into a storage account. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Storage/storageAccounts/queueServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/queueServices) | -| `Microsoft.Storage/storageAccounts/queueServices/queues` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | | The name of the queue service. | -| `queues` | _[queues](queues/readme.md)_ array | `[]` | | Queues to create. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed file share service. | -| `resourceGroupName` | string | The resource group of the deployed file share service. | -| `resourceId` | string | The resource ID of the deployed file share service. | diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/version.json b/modules/Microsoft.Storage/storageAccounts/queueServices/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md deleted file mode 100644 index 418f064a82..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ /dev/null @@ -1,1001 +0,0 @@ -# Storage Accounts `[Microsoft.Storage/storageAccounts]` - -This module is used to deploy a storage account, with the ability to deploy 1 or more blob containers, file shares, tables and queues. Optional ACLs can be configured on the storage account and optional RBAC can be assigned on the storage account and on each child resource. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Considerations](#Considerations) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Storage/storageAccounts` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts) | -| `Microsoft.Storage/storageAccounts/blobServices` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/blobServices) | -| `Microsoft.Storage/storageAccounts/blobServices/containers` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers) | -| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/blobServices/containers/immutabilityPolicies) | -| `Microsoft.Storage/storageAccounts/fileServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/fileServices) | -| `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-08-01/storageAccounts/fileServices/shares) | -| `Microsoft.Storage/storageAccounts/managementPolicies` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/managementPolicies) | -| `Microsoft.Storage/storageAccounts/queueServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/queueServices) | -| `Microsoft.Storage/storageAccounts/queueServices/queues` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2019-06-01/storageAccounts/queueServices/queues) | -| `Microsoft.Storage/storageAccounts/tableServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/tableServices) | -| `Microsoft.Storage/storageAccounts/tableServices/tables` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/tableServices/tables) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowBlobPublicAccess` | bool | `False` | | Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false. | -| `azureFilesIdentityBasedAuthentication` | object | `{object}` | | Provides the identity based authentication settings for Azure Files. | -| `blobServices` | _[blobServices](blobServices/readme.md)_ object | `{object}` | | Blob service and containers to deploy. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, latest is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableHierarchicalNamespace` | bool | `False` | | If true, enables Hierarchical Namespace for the storage account. | -| `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | File service and shares to deploy. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementPolicyRules` | array | `[]` | | The Storage Account ManagementPolicies Rules. | -| `minimumTlsVersion` | string | `'TLS1_2'` | `[TLS1_0, TLS1_1, TLS1_2]` | Set the minimum TLS version on request to storage. | -| `name` | string | `''` | | Name of the Storage Account. Autogenerated with a unique string if not provided. | -| `networkAcls` | object | `{object}` | | Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Enabled, Disabled]` | Enable or disallow public network access to Storage Account.. | -| `queueServices` | _[queueServices](queueServices/readme.md)_ object | `{object}` | | Queue service and queues to create. | -| `requireInfrastructureEncryption` | bool | `True` | | A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `storageAccountAccessTier` | string | `'Hot'` | `[Hot, Cool]` | Storage Account Access Tier. | -| `storageAccountKind` | string | `'StorageV2'` | `[Storage, StorageV2, BlobStorage, FileStorage, BlockBlobStorage]` | Type of Storage Account to create. | -| `storageAccountSku` | string | `'Standard_GRS'` | `[Standard_LRS, Standard_GRS, Standard_RAGRS, Standard_ZRS, Premium_LRS, Premium_ZRS, Standard_GZRS, Standard_RAGZRS]` | Storage Account Sku Name. | -| `supportsHttpsTrafficOnly` | bool | `True` | | Allows HTTPS traffic only to storage service if sets to true. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tableServices` | _[tableServices](tableServices/readme.md)_ object | `{object}` | | Table service and tables to create. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - -**Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `basetime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a SAS token to access the modules. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `networkAcls` - -

- -Parameter JSON format - -```json -"networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001" - } - ], - "ipRules": [ - { - "action": "Allow", - "value": "1.1.1.1" - } - ] - } -} -``` - -
- -
- -Bicep format - -```bicep -networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - virtualNetworkRules: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - } - ] - ipRules: [ - { - action: 'Allow' - value: '1.1.1.1' - } - ] -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed storage account. | -| `primaryBlobEndpoint` | string | The primary blob endpoint reference if blob services are deployed. | -| `resourceGroupName` | string | The resource group of the deployed storage account. | -| `resourceId` | string | The resource ID of the deployed storage account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Considerations - -This is a generic module for deploying a Storage Account. Any customization for different storage needs (such as a diagnostic or other storage account) need to be done through the Archetype. -The hierarchical namespace of the storage account (see parameter `enableHierarchicalNamespace`), can be only set at creation time. - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsaencr001" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "publicNetworkAccess": { - "value": "Disabled" - }, - "requireInfrastructureEncryption": { - "value": true - }, - "systemAssignedIdentity": { - "value": false - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" - }, - "cMKKeyName": { - "value": "keyEncryptionKey" - }, - "cMKUserAssignedIdentityResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-storageAccounts' - params: { - name: '<>azsaencr001' - storageAccountSku: 'Standard_LRS' - allowBlobPublicAccess: false - publicNetworkAccess: 'Disabled' - requireInfrastructureEncryption: true - systemAssignedIdentity: false - userAssignedIdentities: { - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002' - cMKKeyName: 'keyEncryptionKey' - cMKUserAssignedIdentityResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "allowBlobPublicAccess": { - "value": false - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-storageAccounts' - params: { - allowBlobPublicAccess: false - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsax002" - }, - "storageAccountSku": { - "value": "Premium_LRS" - }, - "storageAccountKind": { - "value": "FileStorage" - }, - "allowBlobPublicAccess": { - "value": false - }, - "supportsHttpsTrafficOnly": { - "value": false - }, - "fileServices": { - "value": { - "shares": [ - { - "name": "nfsfileshare", - "enabledProtocols": "NFS" - } - ] - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-storageAccounts' - params: { - name: '<>azsax002' - storageAccountSku: 'Premium_LRS' - storageAccountKind: 'FileStorage' - allowBlobPublicAccess: false - supportsHttpsTrafficOnly: false - fileServices: { - shares: [ - { - name: 'nfsfileshare' - enabledProtocols: 'NFS' - } - ] - } - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 4

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azsax001" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "publicNetworkAccess": { - "value": "Disabled" - }, - "requireInfrastructureEncryption": { - "value": true - }, - "lock": { - "value": "CanNotDelete" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "blob" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "table" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "queue" - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "file" - } - ] - }, - "networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "action": "Allow" - } - ], - "ipRules": [ - { - "action": "Allow", - "value": "1.1.1.1" - } - ] - } - }, - "blobServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "containers": [ - { - "name": "avdscripts", - "publicAccess": "None", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "archivecontainer", - "publicAccess": "None", - "enableWORM": true, - "WORMRetention": 666, - "allowProtectedAppendWrites": false - } - ] - } - }, - "fileServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "shares": [ - { - "name": "avdprofiles", - "shareQuota": "5120", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "avdprofiles2", - "shareQuota": "5120" - } - ] - } - }, - "tableServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "tables": [ - "table1", - "table2" - ] - } - }, - "queueServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001", - "diagnosticWorkspaceId": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001", - "diagnosticEventHubAuthorizationRuleId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey", - "diagnosticEventHubName": "adp-<>-az-evh-x-001", - "queues": [ - { - "name": "queue1", - "metadata": {}, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - { - "name": "queue2", - "metadata": {} - } - ] - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-storageAccounts' - params: { - name: '<>azsax001' - storageAccountSku: 'Standard_LRS' - allowBlobPublicAccess: false - publicNetworkAccess: 'Disabled' - requireInfrastructureEncryption: true - lock: 'CanNotDelete' - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'blob' - } - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'table' - } - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'queue' - } - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'file' - } - ] - networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - virtualNetworkRules: [ - { - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' - action: 'Allow' - } - ] - ipRules: [ - { - action: 'Allow' - value: '1.1.1.1' - } - ] - } - blobServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - containers: [ - { - name: 'avdscripts' - publicAccess: 'None' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: 'archivecontainer' - publicAccess: 'None' - enableWORM: true - WORMRetention: 666 - allowProtectedAppendWrites: false - } - ] - } - fileServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - shares: [ - { - name: 'avdprofiles' - shareQuota: '5120' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: 'avdprofiles2' - shareQuota: '5120' - } - ] - } - tableServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - tables: [ - 'table1' - 'table2' - ] - } - queueServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - queues: [ - { - name: 'queue1' - metadata: {} - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } - { - name: 'queue2' - metadata: {} - } - ] - } - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 5

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "storageAccountKind": { - "value": "Storage" - }, - "allowBlobPublicAccess": { - "value": false - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-storageAccounts' - params: { - storageAccountKind: 'Storage' - allowBlobPublicAccess: false - } -} -``` - -
-

diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep deleted file mode 100644 index 735855c143..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/deploy.bicep +++ /dev/null @@ -1,127 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Optional. The name of the table service.') -param name string = 'default' - -@description('Optional. tables to create.') -param tables array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of a log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -]) -param diagnosticLogCategoriesToEnable array = [ - 'StorageRead' - 'StorageWrite' - 'StorageDelete' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'Transaction' -]) -param diagnosticMetricsToEnable array = [ - 'Transaction' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName -} - -resource tableServices 'Microsoft.Storage/storageAccounts/tableServices@2021-04-01' = { - name: name - parent: storageAccount - properties: {} -} - -resource tableServices_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: tableServices -} - -module tableServices_tables 'tables/deploy.bicep' = [for (tableName, index) in tables: { - name: '${deployment().name}-Table-${index}' - params: { - storageAccountName: storageAccount.name - tableServicesName: tableServices.name - name: tableName - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -@description('The name of the deployed table service.') -output name string = tableServices.name - -@description('The resource ID of the deployed table service.') -output resourceId string = tableServices.id - -@description('The resource group of the deployed table service.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md b/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md deleted file mode 100644 index f514db5ed2..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/readme.md +++ /dev/null @@ -1,48 +0,0 @@ -# Storage Account Table Services `[Microsoft.Storage/storageAccounts/tableServices]` - -This module deploys a storage account table service - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Storage/storageAccounts/tableServices` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-04-01/storageAccounts/tableServices) | -| `Microsoft.Storage/storageAccounts/tableServices/tables` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/tableServices/tables) | - -## Parameters - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[StorageRead, StorageWrite, StorageDelete]` | `[StorageRead, StorageWrite, StorageDelete]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[Transaction]` | `[Transaction]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'default'` | | The name of the table service. | -| `tables` | _[tables](tables/readme.md)_ array | `[]` | | tables to create. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed table service. | -| `resourceGroupName` | string | The resource group of the deployed table service. | -| `resourceId` | string | The resource ID of the deployed table service. | diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep deleted file mode 100644 index 42454817c7..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/deploy.bicep +++ /dev/null @@ -1,46 +0,0 @@ -@maxLength(24) -@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') -param storageAccountName string - -@description('Conditional. The name of the parent table service. Required if the template is used in a standalone deployment.') -param tableServicesName string = 'default' - -@description('Required. Name of the table.') -param name string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { - name: storageAccountName - - resource tableServices 'tableServices@2021-04-01' existing = { - name: tableServicesName - } -} - -resource table 'Microsoft.Storage/storageAccounts/tableServices/tables@2021-06-01' = { - name: name - parent: storageAccount::tableServices -} - -@description('The name of the deployed file share service.') -output name string = table.name - -@description('The resource ID of the deployed file share service.') -output resourceId string = table.id - -@description('The resource group of the deployed file share service.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md deleted file mode 100644 index 03e1bd8c9d..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/readme.md +++ /dev/null @@ -1,42 +0,0 @@ -# Storage Account Table `[Microsoft.Storage/storageAccounts/tableServices/tables]` - -This module deploys a storage account table - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Storage/storageAccounts/tableServices/tables` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-06-01/storageAccounts/tableServices/tables) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the table. | - -**Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `storageAccountName` | string | | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | -| `tableServicesName` | string | `'default'` | The name of the parent table service. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the deployed file share service. | -| `resourceGroupName` | string | The resource group of the deployed file share service. | -| `resourceId` | string | The resource ID of the deployed file share service. | diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json b/modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/tables/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/tableServices/version.json b/modules/Microsoft.Storage/storageAccounts/tableServices/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/tableServices/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Storage/storageAccounts/version.json b/modules/Microsoft.Storage/storageAccounts/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Storage/storageAccounts/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 810e105821..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(privateLinkHub.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: privateLinkHub -}] diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json deleted file mode 100644 index 4bd5cc5f65..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "synplhmin001" - } - } -} diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json b/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json deleted file mode 100644 index 36fe03f6ad..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/.deploymentTests/parameters.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "synplhstandard001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "Web" - } - ] - } - } -} diff --git a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep deleted file mode 100644 index 522c590aa2..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ /dev/null @@ -1,100 +0,0 @@ -@description('Required. The name of the Private Link Hub.') -param name string - -@description('Optional. The geo-location where the resource lives.') -param location string = resourceGroup().location - -@description('Optional. Tags of the resource.') -param tags object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Configuration Details for private endpoints.') -param privateEndpoints array = [] - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' = { - name: name - location: location - tags: tags -} - -// Resource Lock -resource privateLinkHub_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${privateLinkHub.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: privateLinkHub -} - -// RBAC -module privateLinkHub_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${deployment().name}-rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: privateLinkHub.id - } -}] - -// Private Endpoints -module privateLinkHub_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-PrivateLinkHub-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(privateLinkHub.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: privateLinkHub.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -@description('The resource ID of the deployed Synapse Private Link Hub.') -output resourceId string = privateLinkHub.id - -@description('The name of the deployed Synapse Private Link Hub.') -output name string = privateLinkHub.name - -@description('The resource group of the deployed Synapse Private Link Hub.') -output resourceGroupName string = resourceGroup().name - -@description('The location the resource was deployed into.') -output location string = privateLinkHub.location diff --git a/modules/Microsoft.Synapse/privateLinkHubs/readme.md b/modules/Microsoft.Synapse/privateLinkHubs/readme.md deleted file mode 100644 index 0f89482ad3..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/readme.md +++ /dev/null @@ -1,346 +0,0 @@ -# Azure Synapse Analytics `[Microsoft.Synapse/privateLinkHubs]` - -This module deploys Azure Synapse Analytics (private link hubs). - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Synapse/privateLinkHubs` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Private Link Hub. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed Synapse Private Link Hub. | -| `resourceGroupName` | string | The resource group of the deployed Synapse Private Link Hub. | -| `resourceId` | string | The resource ID of the deployed Synapse Private Link Hub. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "synplhmin001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateLinkHubs './Microsoft.Synapse/privateLinkHubs/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateLinkHubs' - params: { - name: 'synplhmin001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "synplhstandard001" - }, - "lock": { - "value": "CanNotDelete" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "Web" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module privateLinkHubs './Microsoft.Synapse/privateLinkHubs/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-privateLinkHubs' - params: { - name: 'synplhstandard001' - lock: 'CanNotDelete' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' - principalIds: [ - '<>' - ] - } - ] - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'Web' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Synapse/privateLinkHubs/version.json b/modules/Microsoft.Synapse/privateLinkHubs/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Synapse/privateLinkHubs/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 1bd3d488bf..0000000000 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,53 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(imageTemplate.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: imageTemplate -}] diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json b/modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json deleted file mode 100644 index df382ff2e0..0000000000 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/.deploymentTests/parameters.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-imgt-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userMsiName": { - "value": "adp-<>-az-msi-x-001" - }, - "userMsiResourceGroup": { - "value": "validation-rg" - }, - "buildTimeoutInMinutes": { - "value": 0 - }, - "vmSize": { - "value": "Standard_D2s_v3" - }, - "osDiskSizeGB": { - "value": 127 - }, - "subnetId": { - "value": "" - }, - "imageSource": { - "value": { - "type": "PlatformImage", - "publisher": "MicrosoftWindowsDesktop", - "offer": "Windows-10", - "sku": "19h2-evd", - "version": "latest" - } - }, - "customizationSteps": { - "value": [ - { - "type": "WindowsRestart", - "restartTimeout": "30m" - } - ] - }, - "managedImageName": { - "value": "<>-az-mi-x-001" - }, - "unManagedImageName": { - "value": "<>-az-umi-x-001" - }, - "sigImageDefinitionId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/galleries/adp<>azsigweux001/images/adp-<>-az-imgd-x-001" - }, - "imageReplicationRegions": { - "value": [] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep deleted file mode 100644 index 8dc204a0b5..0000000000 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ /dev/null @@ -1,191 +0,0 @@ -@description('Required. Name of the Image Template to be built by the Azure Image Builder service.') -param name string - -@description('Required. Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder.') -param userMsiName string - -@description('Optional. Resource group of the user assigned identity.') -param userMsiResourceGroup string = resourceGroup().name - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes.') -@minValue(0) -@maxValue(960) -param buildTimeoutInMinutes int = 0 - -@description('Optional. Specifies the size for the VM.') -param vmSize string = 'Standard_D2s_v3' - -@description('Optional. Specifies the size of OS disk.') -param osDiskSizeGB int = 128 - -@description('Optional. Resource ID of an already existing subnet, e.g. \'/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/\'. If no value is provided, a new VNET will be created in the target Resource Group.') -param subnetId string = '' - -@description('Required. Image source definition in object format.') -param imageSource object - -@description('Required. Customization steps to be run when building the VM image.') -param customizationSteps array - -@description('Optional. Name of the managed image that will be created in the AIB resourcegroup.') -param managedImageName string = '' - -@description('Optional. Name of the unmanaged image that will be created in the AIB resourcegroup.') -param unManagedImageName string = '' - -@description('Optional. Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/.') -param sigImageDefinitionId string = '' - -@description('Optional. List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment\'s location will be taken as a default value.') -param imageReplicationRegions array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Generated. Do not provide a value! This date value is used to generate a unique image template name.') -param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss') - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -var managedImageName_var = '${managedImageName}-${baseTime}' -var managedImageId = '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Compute/images/${managedImageName_var}' -var imageReplicationRegions_var = empty(imageReplicationRegions) ? array(location) : imageReplicationRegions - -var managedImage = { - type: 'ManagedImage' - imageId: managedImageId - location: location - runOutputName: '${managedImageName_var}-ManagedImage' - artifactTags: { - sourceType: imageSource.type - sourcePublisher: contains(imageSource, 'publisher') ? imageSource.publisher : null - sourceOffer: contains(imageSource, 'offer') ? imageSource.offer : null - sourceSku: contains(imageSource, 'sku') ? imageSource.sku : null - sourceVersion: contains(imageSource, 'version') ? imageSource.version : null - sourceImageId: contains(imageSource, 'imageId') ? imageSource.imageId : null - sourceImageVersionID: contains(imageSource, 'imageVersionID') ? imageSource.imageVersionID : null - creationTime: baseTime - } -} -var conditionalManagedImage = empty(managedImageName) ? [] : array(managedImage) -var sharedImage = { - type: 'SharedImage' - galleryImageId: sigImageDefinitionId - runOutputName: !empty(sigImageDefinitionId) ? '${split(sigImageDefinitionId, '/')[10]}-SharedImage' : 'SharedImage' - artifactTags: { - sourceType: imageSource.type - sourcePublisher: contains(imageSource, 'publisher') ? imageSource.publisher : null - sourceOffer: contains(imageSource, 'offer') ? imageSource.offer : null - sourceSku: contains(imageSource, 'sku') ? imageSource.sku : null - sourceVersion: contains(imageSource, 'version') ? imageSource.version : null - sourceImageId: contains(imageSource, 'imageId') ? imageSource.imageId : null - sourceImageVersionID: contains(imageSource, 'imageVersionID') ? imageSource.imageVersionID : null - creationTime: baseTime - } - replicationRegions: imageReplicationRegions_var -} -var conditionalSharedImage = empty(sigImageDefinitionId) ? [] : array(sharedImage) -var unManagedImage = { - type: 'VHD' - runOutputName: '${unManagedImageName}-VHD' - artifactTags: { - sourceType: imageSource.type - sourcePublisher: contains(imageSource, 'publisher') ? imageSource.publisher : null - sourceOffer: contains(imageSource, 'offer') ? imageSource.offer : null - sourceSku: contains(imageSource, 'sku') ? imageSource.sku : null - sourceVersion: contains(imageSource, 'version') ? imageSource.version : null - sourceImageId: contains(imageSource, 'imageId') ? imageSource.imageId : null - sourceImageVersionID: contains(imageSource, 'imageVersionID') ? imageSource.imageVersionID : null - creationTime: baseTime - } -} -var conditionalUnManagedImage = empty(unManagedImageName) ? [] : array(unManagedImage) -var distribute = concat(conditionalManagedImage, conditionalSharedImage, conditionalUnManagedImage) -var vnetConfig = { - subnetId: subnetId -} - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14' = { - name: '${name}-${baseTime}' - location: location - tags: tags - identity: { - type: 'UserAssigned' - userAssignedIdentities: { - '${az.resourceId(userMsiResourceGroup, 'Microsoft.ManagedIdentity/userAssignedIdentities', userMsiName)}': {} - } - } - properties: { - buildTimeoutInMinutes: buildTimeoutInMinutes - vmProfile: { - vmSize: vmSize - osDiskSizeGB: osDiskSizeGB - vnetConfig: !empty(subnetId) ? vnetConfig : null - } - source: imageSource - customize: customizationSteps - distribute: distribute - } -} - -resource imageTemplate_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${imageTemplate.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: imageTemplate -} - -module imageTemplate_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-ImageTemplate-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: imageTemplate.id - } -}] - -@description('The resource ID of the image template.') -output resourceId string = imageTemplate.id - -@description('The resource group the image template was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the image template.') -output name string = imageTemplate.name - -@description('The command to run in order to trigger the image build.') -output runThisCommand string = 'Invoke-AzResourceAction -ResourceName ${imageTemplate.name} -ResourceGroupName ${resourceGroup().name} -ResourceType Microsoft.VirtualMachineImages/imageTemplates -Action Run -Force' - -@description('The location the resource was deployed into.') -output location string = imageTemplate.location diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md deleted file mode 100644 index f8edd4cdd7..0000000000 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md +++ /dev/null @@ -1,389 +0,0 @@ -# Image Templates `[Microsoft.VirtualMachineImages/imageTemplates]` - -This module deploys an image template that can be consumed by the Azure Image Builder (AIB) service. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.VirtualMachineImages/imageTemplates` | [2020-02-14](https://docs.microsoft.com/en-us/azure/templates/Microsoft.VirtualMachineImages/2020-02-14/imageTemplates) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `customizationSteps` | array | Customization steps to be run when building the VM image. | -| `imageSource` | object | Image source definition in object format. | -| `name` | string | Name of the Image Template to be built by the Azure Image Builder service. | -| `userMsiName` | string | Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `buildTimeoutInMinutes` | int | `0` | | Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `imageReplicationRegions` | array | `[]` | | List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedImageName` | string | `''` | | Name of the managed image that will be created in the AIB resourcegroup. | -| `osDiskSizeGB` | int | `128` | | Specifies the size of OS disk. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sigImageDefinitionId` | string | `''` | | Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/. | -| `subnetId` | string | `''` | | Resource ID of an already existing subnet, e.g. '/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/'. If no value is provided, a new VNET will be created in the target Resource Group. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `unManagedImageName` | string | `''` | | Name of the unmanaged image that will be created in the AIB resourcegroup. | -| `userMsiResourceGroup` | string | `[resourceGroup().name]` | | Resource group of the user assigned identity. | -| `vmSize` | string | `'Standard_D2s_v3'` | | Specifies the size for the VM. | - -**Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to generate a unique image template name. | - - -### Parameter Usage: `imageSource` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -#### Platform Image - -

- -Parameter JSON format - -```json -"source": { - "type": "PlatformImage", - "publisher": "MicrosoftWindowsDesktop", - "offer": "Windows-10", - "sku": "19h2-evd", - "version": "latest" -} -``` - -
- -
- -Bicep format - -```bicep -source: { - type: 'PlatformImage' - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-10' - sku: '19h2-evd' - version: 'latest' -} -``` - -
-

- -#### Managed Image - -

- -Parameter JSON format - -```json -"source": { - "type": "ManagedImage", - "imageId": "/subscriptions//resourceGroups/{destinationResourceGroupName}/providers/Microsoft.Compute/images/" -} -``` - -
- -
- -Bicep format - -```bicep -source: { - type: 'ManagedImage' - imageId: '/subscriptions//resourceGroups/{destinationResourceGroupName}/providers/Microsoft.Compute/images/' -} -``` - -
-

- -#### Shared Image - -

- -Parameter JSON format - -```json -"source": { - "type": "SharedImageVersion", - "imageVersionID": "/subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/" -} -``` - -
- -
- -Bicep format - -```bicep -source: { - type: 'SharedImageVersion' - imageVersionID: '/subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/' -} -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the image template. | -| `resourceGroupName` | string | The resource group the image template was deployed into. | -| `resourceId` | string | The resource ID of the image template. | -| `runThisCommand` | string | The command to run in order to trigger the image build. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-imgt-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "userMsiName": { - "value": "adp-<>-az-msi-x-001" - }, - "userMsiResourceGroup": { - "value": "validation-rg" - }, - "buildTimeoutInMinutes": { - "value": 0 - }, - "vmSize": { - "value": "Standard_D2s_v3" - }, - "osDiskSizeGB": { - "value": 127 - }, - "subnetId": { - "value": "" - }, - "imageSource": { - "value": { - "type": "PlatformImage", - "publisher": "MicrosoftWindowsDesktop", - "offer": "Windows-10", - "sku": "19h2-evd", - "version": "latest" - } - }, - "customizationSteps": { - "value": [ - { - "type": "WindowsRestart", - "restartTimeout": "30m" - } - ] - }, - "managedImageName": { - "value": "<>-az-mi-x-001" - }, - "unManagedImageName": { - "value": "<>-az-umi-x-001" - }, - "sigImageDefinitionId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/galleries/adp<>azsigweux001/images/adp-<>-az-imgd-x-001" - }, - "imageReplicationRegions": { - "value": [] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module imageTemplates './Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-imageTemplates' - params: { - name: '<>-az-imgt-x-001' - lock: 'CanNotDelete' - userMsiName: 'adp-<>-az-msi-x-001' - userMsiResourceGroup: 'validation-rg' - buildTimeoutInMinutes: 0 - vmSize: 'Standard_D2s_v3' - osDiskSizeGB: 127 - subnetId: '' - imageSource: { - type: 'PlatformImage' - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-10' - sku: '19h2-evd' - version: 'latest' - } - customizationSteps: [ - { - type: 'WindowsRestart' - restartTimeout: '30m' - } - ] - managedImageName: '<>-az-mi-x-001' - unManagedImageName: '<>-az-umi-x-001' - sigImageDefinitionId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Compute/galleries/adp<>azsigweux001/images/adp-<>-az-imgd-x-001' - imageReplicationRegions: [] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/version.json b/modules/Microsoft.VirtualMachineImages/imageTemplates/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index e34dc1dff1..0000000000 --- a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Logic App Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource connection 'Microsoft.Web/connections@2016-06-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(connection.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: connection -}] diff --git a/modules/Microsoft.Web/connections/.deploymentTests/parameters.json b/modules/Microsoft.Web/connections/.deploymentTests/parameters.json deleted file mode 100644 index c2862592b5..0000000000 --- a/modules/Microsoft.Web/connections/.deploymentTests/parameters.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "azuremonitor" - }, - "lock": { - "value": "CanNotDelete" - }, - "displayName": { - "value": "azuremonitorlogs" - }, - "connectionApi": { - "value": { - "id": "/subscriptions/<>/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Web/connections/deploy.bicep b/modules/Microsoft.Web/connections/deploy.bicep deleted file mode 100644 index cb7ee4b257..0000000000 --- a/modules/Microsoft.Web/connections/deploy.bicep +++ /dev/null @@ -1,106 +0,0 @@ -@description('Optional. Alternative parameter values.') -param alternativeParameterValues object = {} - -@description('Optional. Specific values for some API connections.') -param connectionApi object = {} - -@description('Required. Connection name for connection. Example: \'azureblob\' when using blobs. It can change depending on the resource.') -param name string - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Customized parameter values for specific connections.') -param customParameterValues object = {} - -@description('Required. Display name connection. Example: \'blobconnection\' when using blobs. It can change depending on the resource.') -param displayName string - -@description('Optional. Location of the deployment.') -param location string = resourceGroup().location - -@description('Optional. Dictionary of nonsecret parameter values.') -param nonSecretParameterValues object = {} - -@description('Optional. Connection strings or access keys for connection. Example: \'accountName\' and \'accessKey\' when using blobs. It can change depending on the resource.') -@secure() -param parameterValues object = {} - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Status of the connection.') -param statuses array = [] - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Links to test the API connection.') -param testLinks array = [] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource connection 'Microsoft.Web/connections@2016-06-01' = { - name: name - location: location - tags: tags - properties: { - displayName: displayName - customParameterValues: customParameterValues - api: connectionApi - parameterValues: empty(alternativeParameterValues) ? parameterValues : null - nonSecretParameterValues: !empty(nonSecretParameterValues) ? nonSecretParameterValues : null - testLinks: !empty(testLinks) ? testLinks : null - statuses: !empty(statuses) ? statuses : null - } -} - -resource connection_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${connection.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: connection -} - -module connection_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-Connection-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: connection.id - } -}] - -@description('The resource ID of the connection.') -output resourceId string = connection.id - -@description('The resource group the connection was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the connection.') -output name string = connection.name - -@description('The location the resource was deployed into.') -output location string = connection.location diff --git a/modules/Microsoft.Web/connections/readme.md b/modules/Microsoft.Web/connections/readme.md deleted file mode 100644 index 17d31cbb98..0000000000 --- a/modules/Microsoft.Web/connections/readme.md +++ /dev/null @@ -1,224 +0,0 @@ -# API Connections `[Microsoft.Web/connections]` - -This module deploys an Azure API connection. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Web/connections` | [2016-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `displayName` | string | Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. | -| `name` | string | Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `alternativeParameterValues` | object | `{object}` | | Alternative parameter values. | -| `connectionApi` | object | `{object}` | | Specific values for some API connections. | -| `customParameterValues` | object | `{object}` | | Customized parameter values for specific connections. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location of the deployment. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `nonSecretParameterValues` | object | `{object}` | | Dictionary of nonsecret parameter values. | -| `parameterValues` | secureObject | `{object}` | | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `statuses` | array | `[]` | | Status of the connection. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `testLinks` | array | `[]` | | Links to test the API connection. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the connection. | -| `resourceGroupName` | string | The resource group the connection was deployed into. | -| `resourceId` | string | The resource ID of the connection. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "azuremonitor" - }, - "lock": { - "value": "CanNotDelete" - }, - "displayName": { - "value": "azuremonitorlogs" - }, - "connectionApi": { - "value": { - "id": "/subscriptions/<>/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs" - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module connections './Microsoft.Web/connections/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-connections' - params: { - name: 'azuremonitor' - lock: 'CanNotDelete' - displayName: 'azuremonitorlogs' - connectionApi: { - id: '/subscriptions/<>/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs' - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Web/connections/version.json b/modules/Microsoft.Web/connections/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/connections/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 698394c2cf..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,54 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') -} - -resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(appServiceEnvironment.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: appServiceEnvironment -}] diff --git a/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json deleted file mode 100644 index c556495066..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev2.parameters.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appse-asev2-001" - }, - "kind": { - "value": "ASEv2" - }, - "multiSize": { - "value": "Standard_D1_V2" - }, - "ipsslAddressCount": { - "value": 2 - }, - "clusterSettings": { - "value": [ - { - "name": "DisableTls1.0", - "value": "1" - } - ] - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-008" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json deleted file mode 100644 index a304822546..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/.deploymentTests/asev3.parameters.json +++ /dev/null @@ -1,48 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appse-asev3-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-006" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "clusterSettings": { - "value": [ - { - "name": "DisableTls1.0", - "value": "1" - } - ] - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep deleted file mode 100644 index b93e5bd838..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep +++ /dev/null @@ -1,194 +0,0 @@ -@description('Required. Name of the App Service Environment.') -@minLength(1) -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Kind of resource.') -param kind string = 'ASEv3' - -@description('Required. ResourceId for the subnet.') -param subnetResourceId string - -@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing.') -@allowed([ - 'None' - 'Web' - 'Publishing' -]) -param internalLoadBalancingMode string = 'None' - -@description('Optional. Frontend VM size. Cannot be used with \'kind\' `ASEv3`.') -@allowed([ - '' - 'Medium' - 'Large' - 'ExtraLarge' - 'Standard_D2' - 'Standard_D3' - 'Standard_D4' - 'Standard_D1_V2' - 'Standard_D2_V2' - 'Standard_D3_V2' - 'Standard_D4_V2' -]) -param multiSize string = '' - -@description('Optional. Number of IP SSL addresses reserved for the App Service Environment.') -param ipsslAddressCount int = -1 - -@description('Optional. DNS suffix of the App Service Environment.') -param dnsSuffix string = '' - -@description('Optional. Scale factor for frontends.') -param frontEndScaleFactor int = 15 - -@description('Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with \'kind\' `ASEv3`.') -param userWhitelistedIpRanges array = [] - -@description('Optional. Custom settings for changing the behavior of the App Service Environment.') -param clusterSettings array = [ - { - name: 'DisableTls1.0' - value: '1' - } -] - -@description('Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.') -param zoneRedundant bool = false - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Resource tags.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0.') -param dedicatedHostCount int = -1 - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'AppServiceEnvironmentPlatformLogs' -]) -param diagnosticLogCategoriesToEnable array = [ - 'AppServiceEnvironmentPlatformLogs' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-03-01' = { - name: name - kind: kind - location: location - tags: tags - properties: { - virtualNetwork: { - id: subnetResourceId - subnet: last(split(subnetResourceId, '/')) - } - internalLoadBalancingMode: internalLoadBalancingMode - multiSize: !empty(multiSize) ? any(multiSize) : null - ipsslAddressCount: ipsslAddressCount != -1 ? ipsslAddressCount : null - dnsSuffix: dnsSuffix - frontEndScaleFactor: frontEndScaleFactor - clusterSettings: clusterSettings - userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null - dedicatedHostCount: dedicatedHostCount != -1 ? dedicatedHostCount : null - zoneRedundant: zoneRedundant - } -} - -resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${appServiceEnvironment.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: appServiceEnvironment -} - -resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - logs: diagnosticsLogs - } - scope: appServiceEnvironment -} - -module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: appServiceEnvironment.id - } -}] - -@description('The resource ID of the app service environment.') -output resourceId string = appServiceEnvironment.id - -@description('The resource group the app service environment was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the app service environment.') -output name string = appServiceEnvironment.name - -@description('The location the resource was deployed into.') -output location string = appServiceEnvironment.location diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md deleted file mode 100644 index 0dd5e01601..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/readme.md +++ /dev/null @@ -1,400 +0,0 @@ -# App Service Environments `[Microsoft.Web/hostingEnvironments]` - -This module deploys an app service environment. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Web/hostingEnvironments` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/hostingEnvironments) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the App Service Environment. | -| `subnetResourceId` | string | ResourceId for the subnet. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `clusterSettings` | array | `[System.Collections.Hashtable]` | | Custom settings for changing the behavior of the App Service Environment. | -| `dedicatedHostCount` | int | `-1` | | The Dedicated Host Count. Is not supported by ASEv2. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AppServiceEnvironmentPlatformLogs]` | `[AppServiceEnvironmentPlatformLogs]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsSuffix` | string | `''` | | DNS suffix of the App Service Environment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `frontEndScaleFactor` | int | `15` | | Scale factor for frontends. | -| `internalLoadBalancingMode` | string | `'None'` | `[None, Web, Publishing]` | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. | -| `ipsslAddressCount` | int | `-1` | | Number of IP SSL addresses reserved for the App Service Environment. | -| `kind` | string | `'ASEv3'` | | Kind of resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `multiSize` | string | `''` | `[, Medium, Large, ExtraLarge, Standard_D2, Standard_D3, Standard_D4, Standard_D1_V2, Standard_D2_V2, Standard_D3_V2, Standard_D4_V2]` | Frontend VM size. Cannot be used with 'kind' `ASEv3`. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | -| `userWhitelistedIpRanges` | array | `[]` | | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. | -| `zoneRedundant` | bool | `False` | | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. | - - -### Parameter Usage: `clusterSettings` - -

- -Parameter JSON format - -```json -"clusterSettings": { - "value": [ - { - "name": "DisableTls1.0", - "value": "1" - } - ] -} -``` - -
- - -
- -Bicep format - -```bicep -clusterSettings: [ - { - name: 'DisableTls1.0' - value: '1' - } -] -``` - -
- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -
- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app service environment. | -| `resourceGroupName` | string | The resource group the app service environment was deployed into. | -| `resourceId` | string | The resource ID of the app service environment. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appse-asev2-001" - }, - "kind": { - "value": "ASEv2" - }, - "multiSize": { - "value": "Standard_D1_V2" - }, - "ipsslAddressCount": { - "value": 2 - }, - "clusterSettings": { - "value": [ - { - "name": "DisableTls1.0", - "value": "1" - } - ] - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-008" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-hostingEnvironments' - params: { - name: '<>-az-appse-asev2-001' - kind: 'ASEv2' - multiSize: 'Standard_D1_V2' - ipsslAddressCount: 2 - clusterSettings: [ - { - name: 'DisableTls1.0' - value: '1' - } - ] - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-008' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-appse-asev3-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "subnetResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-006" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "clusterSettings": { - "value": [ - { - "name": "DisableTls1.0", - "value": "1" - } - ] - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-hostingEnvironments' - params: { - name: '<>-az-appse-asev3-001' - lock: 'CanNotDelete' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-006' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - clusterSettings: [ - { - name: 'DisableTls1.0' - value: '1' - } - ] - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/modules/Microsoft.Web/hostingEnvironments/version.json b/modules/Microsoft.Web/hostingEnvironments/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/hostingEnvironments/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 459ca0ee20..0000000000 --- a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,57 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Logic App Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '515c2055-d9d4-4321-b1b9-bd0c9a0f79fe') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') - 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') -} - -resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(appServicePlan.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: appServicePlan -}] diff --git a/modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json b/modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json deleted file mode 100644 index 63e6aa9044..0000000000 --- a/modules/Microsoft.Web/serverfarms/.deploymentTests/parameters.json +++ /dev/null @@ -1,46 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-asp-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": { - "name": "S1", - "tier": "Standard", - "size": "S1", - "family": "S", - "capacity": "1" - } - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} diff --git a/modules/Microsoft.Web/serverfarms/deploy.bicep b/modules/Microsoft.Web/serverfarms/deploy.bicep deleted file mode 100644 index ce4e22f60d..0000000000 --- a/modules/Microsoft.Web/serverfarms/deploy.bicep +++ /dev/null @@ -1,185 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@description('Required. The name of the app service plan to deploy.') -@minLength(1) -@maxLength(40) -param name string - -@description('Required. Defines the name, tier, size, family and capacity of the App Service Plan.') -param sku object - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Optional. Kind of server OS.') -@allowed([ - 'Windows' - 'Linux' -]) -param serverOS string = 'Windows' - -@description('Optional. The Resource ID of the App Service Environment to use for the App Service Plan.') -param appServiceEnvironmentId string = '' - -@description('Optional. Target worker tier assigned to the App Service plan.') -param workerTierName string = '' - -@description('Optional. If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan.') -param perSiteScaling bool = false - -@description('Optional. Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.') -param maximumElasticWorkerCount int = 1 - -@description('Optional. Scaling worker count.') -param targetWorkerCount int = 0 - -@description('Optional. The instance size of the hosting plan (small, medium, or large).') -@allowed([ - 0 - 1 - 2 -]) -param targetWorkerSize int = 0 - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -// =========== // -// Variables // -// =========== // -var hostingEnvironmentProfile = { - id: appServiceEnvironmentId -} - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = { - name: name - kind: serverOS == 'Windows' ? '' : 'linux' - location: location - tags: tags - sku: sku - properties: { - workerTierName: workerTierName - hostingEnvironmentProfile: !empty(appServiceEnvironmentId) ? hostingEnvironmentProfile : null - perSiteScaling: perSiteScaling - maximumElasticWorkerCount: maximumElasticWorkerCount - reserved: serverOS == 'Linux' - targetWorkerCount: targetWorkerCount - targetWorkerSizeId: targetWorkerSize - } -} - -resource appServicePlan_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: [] - } - scope: appServicePlan -} - -resource appServicePlan_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${appServicePlan.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: appServicePlan -} - -module appServicePlan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-AppServicePlan-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: appServicePlan.id - } -}] - -// =========== // -// Outputs // -// =========== // -@description('The resource group the app service plan was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the app service plan.') -output name string = appServicePlan.name - -@description('The resource ID of the app service plan.') -output resourceId string = appServicePlan.id - -@description('The location the resource was deployed into.') -output location string = appServicePlan.location diff --git a/modules/Microsoft.Web/serverfarms/readme.md b/modules/Microsoft.Web/serverfarms/readme.md deleted file mode 100644 index 72d0297048..0000000000 --- a/modules/Microsoft.Web/serverfarms/readme.md +++ /dev/null @@ -1,293 +0,0 @@ -# App Service Plans `[Microsoft.Web/serverfarms]` - -This module deploys an app service plan. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Web/serverfarms` | [2021-02-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the app service plan to deploy. | -| `sku` | object | Defines the name, tier, size, family and capacity of the App Service Plan. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appServiceEnvironmentId` | string | `''` | | The Resource ID of the App Service Environment to use for the App Service Plan. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maximumElasticWorkerCount` | int | `1` | | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. | -| `perSiteScaling` | bool | `False` | | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverOS` | string | `'Windows'` | `[Windows, Linux]` | Kind of server OS. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetWorkerCount` | int | `0` | | Scaling worker count. | -| `targetWorkerSize` | int | `0` | `[0, 1, 2]` | The instance size of the hosting plan (small, medium, or large). | -| `workerTierName` | string | `''` | | Target worker tier assigned to the App Service plan. | - - -### Parameter Usage: `sku` - -

- -Parameter JSON format - -```json -"sku": { - "value": { - "name": "P1v2", - "tier": "PremiumV2", - "size": "P1v2", - "family": "Pv2", - "capacity": 1 - } -} -``` - -
- -
- -Bicep format - -```bicep -sku: { - name: 'P1v2' - tier: 'PremiumV2' - size: 'P1v2' - family: 'Pv2' - capacity: 1 -} -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app service plan. | -| `resourceGroupName` | string | The resource group the app service plan was deployed into. | -| `resourceId` | string | The resource ID of the app service plan. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-asp-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": { - "name": "S1", - "tier": "Standard", - "size": "S1", - "family": "S", - "capacity": "1" - } - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module serverfarms './Microsoft.Web/serverfarms/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-serverfarms' - params: { - name: '<>-az-asp-x-001' - lock: 'CanNotDelete' - sku: { - name: 'S1' - tier: 'Standard' - size: 'S1' - family: 'S' - capacity: '1' - } - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Web/serverfarms/version.json b/modules/Microsoft.Web/serverfarms/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/serverfarms/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index ff31a44080..0000000000 --- a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,55 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Logic App Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '87a39d53-fc1b-424a-814c-f7e04687dc9e') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') -} - -resource app 'Microsoft.Web/sites@2020-12-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(app.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: app -}] diff --git a/modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json deleted file mode 100644 index 0d4b5e85fb..0000000000 --- a/modules/Microsoft.Web/sites/.deploymentTests/fa.min.parameters.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fa-min-001" - }, - "kind": { - "value": "functionapp" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "alwaysOn": true - } - } - } -} diff --git a/modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json deleted file mode 100644 index e67fc9f53e..0000000000 --- a/modules/Microsoft.Web/sites/.deploymentTests/fa.parameters.json +++ /dev/null @@ -1,146 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fa-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "kind": { - "value": "functionapp" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "alwaysOn": true, - "use32BitWorkerProcess": false - } - }, - "appInsightId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "setAzureWebJobsDashboard": { - "value": true - }, - "appSettingsKeyValuePairs": { - "value": { - "FUNCTIONS_EXTENSION_VERSION": "~4", - "FUNCTIONS_WORKER_RUNTIME": "dotnet", - "AzureFunctionsJobHost__logging__logLevel__default": "Trace", - "EASYAUTH_SECRET": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password" - } - }, - "authSettingV2Configuration": { - "value": { - "globalValidation": { - "requireAuthentication": true, - "unauthenticatedClientAction": "Return401" - }, - "httpSettings": { - "forwardProxy": { - "convention": "NoProxy" - }, - "requireHttps": true, - "routes": { - "apiPrefix": "/.auth" - } - }, - "identityProviders": { - "azureActiveDirectory": { - "enabled": true, - "login": { - "disableWWWAuthenticate": false - }, - "registration": { - "openIdIssuer": "https://sts.windows.net/<>/v2.0/", - "clientId": "d874dd2f-2032-4db1-a053-f0ec243685aa", - "clientSecretSettingName": "EASYAUTH_SECRET" - }, - "validation": { - "allowedAudiences": [ - "api://d874dd2f-2032-4db1-a053-f0ec243685aa" - ], - "defaultAuthorizationPolicy": { - "allowedPrincipals": {} - }, - "jwtClaimChecks": {} - } - } - }, - "login": { - "allowedExternalRedirectUrls": [ - "string" - ], - "cookieExpiration": { - "convention": "FixedTime", - "timeToExpiration": "08:00:00" - }, - "nonce": { - "nonceExpirationInterval": "00:05:00", - "validateNonce": true - }, - "preserveUrlFragmentsForLogins": false, - "routes": {}, - "tokenStore": { - "azureBlobStorage": {}, - "enabled": true, - "fileSystem": {}, - "tokenRefreshExtensionHours": 72 - } - }, - "platform": { - "enabled": true, - "runtimeVersion": "~1" - } - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sites" - } - ] - } - } -} diff --git a/modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json deleted file mode 100644 index 588beef102..0000000000 --- a/modules/Microsoft.Web/sites/.deploymentTests/wa.min.parameters.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wa-min-001" - }, - "kind": { - "value": "app" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - } - } -} diff --git a/modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json b/modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json deleted file mode 100644 index 75ea5f8f00..0000000000 --- a/modules/Microsoft.Web/sites/.deploymentTests/wa.parameters.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wa-x-001" - }, - "kind": { - "value": "app" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "metadata": [ - { - "name": "CURRENT_STACK", - "value": "dotnetcore" - } - ], - "alwaysOn": true - } - }, - "httpsOnly": { - "value": true - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sites" - } - ] - } - } -} diff --git a/modules/Microsoft.Web/sites/config-appsettings/deploy.bicep b/modules/Microsoft.Web/sites/config-appsettings/deploy.bicep deleted file mode 100644 index d8ab337a74..0000000000 --- a/modules/Microsoft.Web/sites/config-appsettings/deploy.bicep +++ /dev/null @@ -1,95 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') -param appName string - -@description('Required. Type of site to deploy.') -@allowed([ - 'functionapp' - 'functionapp,linux' - 'app' -]) -param kind string - -@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') -param storageAccountId string = '' - -@description('Optional. Resource ID of the app insight to leverage for this resource.') -param appInsightId string = '' - -@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') -param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false - -@description('Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') -param appSettingsKeyValuePairs object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -// =========== // -// Variables // -// =========== // -var azureWebJobsValues = !empty(storageAccountId) ? union({ - AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' - }, ((setAzureWebJobsDashboard == true) ? { - AzureWebJobsDashboard: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' - } : {})) : {} - -var appInsightsValues = !empty(appInsightId) ? { - APPINSIGHTS_INSTRUMENTATIONKEY: appInsight.properties.InstrumentationKey - APPLICATIONINSIGHTS_CONNECTION_STRING: appInsight.properties.ConnectionString -} : {} - -var expandedAppSettings = union(appSettingsKeyValuePairs, azureWebJobsValues, appInsightsValues) - -// =========== // -// Existing resources // -// =========== // -resource app 'Microsoft.Web/sites@2020-12-01' existing = { - name: appName -} - -resource appInsight 'microsoft.insights/components@2020-02-02' existing = if (!empty(appInsightId)) { - name: last(split(appInsightId, '/')) - scope: resourceGroup(split(appInsightId, '/')[2], split(appInsightId, '/')[4]) -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-02-01' existing = if (!empty(storageAccountId)) { - name: last(split(storageAccountId, '/')) - scope: resourceGroup(split(storageAccountId, '/')[2], split(storageAccountId, '/')[4]) -} - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource appSettings 'Microsoft.Web/sites/config@2020-12-01' = { - name: 'appsettings' - kind: kind - parent: app - properties: expandedAppSettings -} - -// =========== // -// Outputs // -// =========== // -@description('The name of the site config.') -output name string = appSettings.name - -@description('The resource ID of the site config.') -output resourceId string = appSettings.id - -@description('The resource group the site config was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Web/sites/config-appsettings/readme.md b/modules/Microsoft.Web/sites/config-appsettings/readme.md deleted file mode 100644 index 0106f0b8e7..0000000000 --- a/modules/Microsoft.Web/sites/config-appsettings/readme.md +++ /dev/null @@ -1,91 +0,0 @@ -# Site Config `[Microsoft.Web/sites/config-appsettings]` - -This module deploys the app settings. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/config` | [2020-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[functionapp, functionapp,linux, app]` | Type of site to deploy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `appInsightId` | string | `''` | Resource ID of the app insight to leverage for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `storageAccountId` | string | `''` | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | - - -### Parameter Usage: `appSettingsKeyValuePairs` - -AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). -For all other app settings key-value pairs use this object. - -

- -Parameter JSON format - -```json -"appSettingsKeyValuePairs": { - "value": [ - { - "name": "key1", - "value": "val1" - }, - { - "name": "key2", - "value": "val2" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -appSettingsKeyValuePairs: [ - { - name: 'key1' - value: 'val1' - } - { - name: 'key2' - value: 'val2' - } -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the site config. | -| `resourceGroupName` | string | The resource group the site config was deployed into. | -| `resourceId` | string | The resource ID of the site config. | diff --git a/modules/Microsoft.Web/sites/config-appsettings/version.json b/modules/Microsoft.Web/sites/config-appsettings/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/sites/config-appsettings/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep b/modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep deleted file mode 100644 index a8ca1f4d72..0000000000 --- a/modules/Microsoft.Web/sites/config-authsettingsv2/deploy.bicep +++ /dev/null @@ -1,60 +0,0 @@ -// ================ // -// Parameters // -// ================ // -@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') -param appName string - -@description('Required. Type of site to deploy.') -@allowed([ - 'functionapp' - 'functionapp,linux' - 'app' -]) -param kind string - -@description('Required. The auth settings V2 configuration.') -param authSettingV2Configuration object - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -// =========== // -// Existing resources // -// =========== // -resource app 'Microsoft.Web/sites@2020-12-01' existing = { - name: appName -} - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource appSettings 'Microsoft.Web/sites/config@2020-12-01' = { - name: 'authsettingsV2' - kind: kind - parent: app - properties: authSettingV2Configuration -} - -// =========== // -// Outputs // -// =========== // -@description('The name of the site config.') -output name string = appSettings.name - -@description('The resource ID of the site config.') -output resourceId string = appSettings.id - -@description('The resource group the site config was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Web/sites/config-authsettingsv2/readme.md b/modules/Microsoft.Web/sites/config-authsettingsv2/readme.md deleted file mode 100644 index a2d52b1418..0000000000 --- a/modules/Microsoft.Web/sites/config-authsettingsv2/readme.md +++ /dev/null @@ -1,73 +0,0 @@ -# Site Config `[Microsoft.Web/sites/config-authsettingsv2]` - -This module deploys the auth settings v2. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/config` | [2020-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `authSettingV2Configuration` | object | | The auth settings V2 configuration. | -| `kind` | string | `[functionapp, functionapp,linux, app]` | Type of site to deploy. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `appName` | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | - - -### Parameter Usage: `authSettingV2Configuration` - -The auth settings V2 configuration. - -

- -Parameter JSON format - -```json -"siteConfig": { - "value": [ - // Check out https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties - ] -} -``` - -
- -
- -Bicep format - -```bicep -siteConfig: [ - // Check out https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties -] -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the site config. | -| `resourceGroupName` | string | The resource group the site config was deployed into. | -| `resourceId` | string | The resource ID of the site config. | diff --git a/modules/Microsoft.Web/sites/config-authsettingsv2/version.json b/modules/Microsoft.Web/sites/config-authsettingsv2/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/sites/config-authsettingsv2/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/sites/deploy.bicep b/modules/Microsoft.Web/sites/deploy.bicep deleted file mode 100644 index fe58ab36e0..0000000000 --- a/modules/Microsoft.Web/sites/deploy.bicep +++ /dev/null @@ -1,294 +0,0 @@ -// ================ // -// Parameters // -// ================ // -// General -@description('Required. Name of the site.') -param name string - -@description('Optional. Location for all Resources.') -param location string = resourceGroup().location - -@description('Required. Type of site to deploy.') -@allowed([ - 'functionapp' - 'functionapp,linux' - 'app' -]) -param kind string - -@description('Optional. The resource ID of the app service plan to use for the site.') -param serverFarmResourceId string = '' - -@description('Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests.') -param httpsOnly bool = true - -@description('Optional. If client affinity is enabled.') -param clientAffinityEnabled bool = true - -@description('Optional. The resource ID of the app service environment to use for this resource.') -param appServiceEnvironmentId string = '' - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@description('Optional. Checks if Customer provided storage account is required.') -param storageAccountRequired bool = false - -@description('Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.') -param virtualNetworkSubnetId string = '' - -// Site Config -@description('Optional. The site config object.') -param siteConfig object = {} - -@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') -param storageAccountId string = '' - -@description('Optional. Resource ID of the app insight to leverage for this resource.') -param appInsightId string = '' - -@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') -param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false - -@description('Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') -param appSettingsKeyValuePairs object = {} - -@description('Optional. The auth settings V2 configuration.') -param authSettingV2Configuration object = {} - -// Lock -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -// Private Endpoints -@description('Optional. Configuration details for private endpoints.') -param privateEndpoints array = [] - -// Tags -@description('Optional. Tags of the resource.') -param tags object = {} - -// PID -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -// Role Assignments -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -// Diagnostic Settings -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'AppServiceHTTPLogs' - 'AppServiceConsoleLogs' - 'AppServiceAppLogs' - 'AppServiceAuditLogs' - 'AppServiceIPSecAuditLogs' - 'AppServicePlatformLogs' - 'FunctionAppLogs' -]) -param diagnosticLogCategoriesToEnable array = kind == 'functionapp' ? [ - 'FunctionAppLogs' -] : [ - 'AppServiceHTTPLogs' - 'AppServiceConsoleLogs' - 'AppServiceAppLogs' - 'AppServiceAuditLogs' - 'AppServiceIPSecAuditLogs' - 'AppServicePlatformLogs' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -// =========== // -// Variables // -// =========== // -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -var enableReferencedModulesTelemetry = false - -// =========== // -// Deployments // -// =========== // -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource app 'Microsoft.Web/sites@2021-03-01' = { - name: name - location: location - kind: kind - tags: tags - identity: identity - properties: { - serverFarmId: serverFarmResourceId - clientAffinityEnabled: clientAffinityEnabled - httpsOnly: httpsOnly - hostingEnvironmentProfile: !empty(appServiceEnvironmentId) ? { - id: appServiceEnvironmentId - } : null - storageAccountRequired: storageAccountRequired - virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : any(null) - siteConfig: siteConfig - } -} - -module app_appsettings 'config-appsettings/deploy.bicep' = if (!empty(appSettingsKeyValuePairs)) { - name: '${uniqueString(deployment().name, location)}-Site-Config-AppSettings' - params: { - appName: app.name - kind: kind - storageAccountId: storageAccountId - appInsightId: appInsightId - setAzureWebJobsDashboard: setAzureWebJobsDashboard - appSettingsKeyValuePairs: appSettingsKeyValuePairs - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -module app_authsettingsv2 'config-authsettingsv2/deploy.bicep' = if (!empty(authSettingV2Configuration)) { - name: '${uniqueString(deployment().name, location)}-Site-Config-AuthSettingsV2' - params: { - appName: app.name - kind: kind - authSettingV2Configuration: authSettingV2Configuration - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -} - -resource app_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${app.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: app -} - -resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: app -} - -module app_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-Site-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: app.id - } -}] - -module app_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-Site-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(app.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: app.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -// =========== // -// Outputs // -// =========== // -@description('The name of the site.') -output name string = app.name - -@description('The resource ID of the site.') -output resourceId string = app.id - -@description('The resource group the site was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(app.identity, 'principalId') ? app.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = app.location diff --git a/modules/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md deleted file mode 100644 index 7d0efff160..0000000000 --- a/modules/Microsoft.Web/sites/readme.md +++ /dev/null @@ -1,895 +0,0 @@ -# Web/Function Apps `[Microsoft.Web/sites]` - -This module deploys a web or function app. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Web/sites` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/sites) | -| `Microsoft.Web/sites/config` | [2020-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[functionapp, functionapp,linux, app]` | Type of site to deploy. | -| `name` | string | | Name of the site. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appInsightId` | string | `''` | | Resource ID of the app insight to leverage for this resource. | -| `appServiceEnvironmentId` | string | `''` | | The resource ID of the app service environment to use for this resource. | -| `appSettingsKeyValuePairs` | object | `{object}` | | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| `authSettingV2Configuration` | object | `{object}` | | The auth settings V2 configuration. | -| `clientAffinityEnabled` | bool | `True` | | If client affinity is enabled. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[if(equals(parameters('kind'), 'functionapp'), createArray('FunctionAppLogs'), createArray('AppServiceHTTPLogs', 'AppServiceConsoleLogs', 'AppServiceAppLogs', 'AppServiceAuditLogs', 'AppServiceIPSecAuditLogs', 'AppServicePlatformLogs'))]` | `[AppServiceHTTPLogs, AppServiceConsoleLogs, AppServiceAppLogs, AppServiceAuditLogs, AppServiceIPSecAuditLogs, AppServicePlatformLogs, FunctionAppLogs]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `httpsOnly` | bool | `True` | | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverFarmResourceId` | string | `''` | | The resource ID of the app service plan to use for the site. | -| `setAzureWebJobsDashboard` | bool | `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` | | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| `siteConfig` | object | `{object}` | | The site config object. | -| `storageAccountId` | string | `''` | | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -| `storageAccountRequired` | bool | `False` | | Checks if Customer provided storage account is required. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkSubnetId` | string | `''` | | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | - - -### Parameter Usage: `appSettingsKeyValuePairs` - -AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). -For all other app settings key-value pairs use this object. - -

- -Parameter JSON format - -```json -"appSettingsKeyValuePairs": { - "value": [ - { - "name": "key1", - "value": "val1" - }, - { - "name": "key2", - "value": "val2" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -appSettingsKeyValuePairs: [ - { - name: 'key1' - value: 'val1' - } - { - name: 'key2' - value: 'val2' - } -] -``` - -
-

- -### Parameter Usage: `authSettingV2Configuration` - -The auth settings V2 configuration. - -

- -Parameter JSON format - -```json -"siteConfig": { - "value": [ - // Check out https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties - ] -} -``` - -
- -
- -Bicep format - -```bicep -siteConfig: [ - // Check out https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites/config-authsettingsv2?tabs=bicep#siteauthsettingsv2properties for possible properties -] -``` - -
-

- -### Parameter Usage: `siteConfig` - -The site config. - -

- -Parameter JSON format - -```json -"siteConfig": { - "value": [ - // Check out https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties - ] -} -``` - -
- -
- -Bicep format - -```bicep -siteConfig: [ - // Check out https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/sites?tabs=bicep#siteconfig for possible properties -] -``` - -
-

- -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the site. | -| `resourceGroupName` | string | The resource group the site was deployed into. | -| `resourceId` | string | The resource ID of the site. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fa-min-001" - }, - "kind": { - "value": "functionapp" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "alwaysOn": true - } - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module sites './Microsoft.Web/sites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-sites' - params: { - name: '<>-az-fa-min-001' - kind: 'functionapp' - serverFarmResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001' - siteConfig: { - alwaysOn: true - } - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-fa-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "kind": { - "value": "functionapp" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "alwaysOn": true, - "use32BitWorkerProcess": false - } - }, - "appInsightId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "setAzureWebJobsDashboard": { - "value": true - }, - "appSettingsKeyValuePairs": { - "value": { - "FUNCTIONS_EXTENSION_VERSION": "~4", - "FUNCTIONS_WORKER_RUNTIME": "dotnet", - "AzureFunctionsJobHost__logging__logLevel__default": "Trace", - "EASYAUTH_SECRET": "https://adp-<>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password" - } - }, - "authSettingV2Configuration": { - "value": { - "globalValidation": { - "requireAuthentication": true, - "unauthenticatedClientAction": "Return401" - }, - "httpSettings": { - "forwardProxy": { - "convention": "NoProxy" - }, - "requireHttps": true, - "routes": { - "apiPrefix": "/.auth" - } - }, - "identityProviders": { - "azureActiveDirectory": { - "enabled": true, - "login": { - "disableWWWAuthenticate": false - }, - "registration": { - "openIdIssuer": "https://sts.windows.net/<>/v2.0/", - "clientId": "d874dd2f-2032-4db1-a053-f0ec243685aa", - "clientSecretSettingName": "EASYAUTH_SECRET" - }, - "validation": { - "allowedAudiences": [ - "api://d874dd2f-2032-4db1-a053-f0ec243685aa" - ], - "defaultAuthorizationPolicy": { - "allowedPrincipals": {} - }, - "jwtClaimChecks": {} - } - } - }, - "login": { - "allowedExternalRedirectUrls": [ - "string" - ], - "cookieExpiration": { - "convention": "FixedTime", - "timeToExpiration": "08:00:00" - }, - "nonce": { - "nonceExpirationInterval": "00:05:00", - "validateNonce": true - }, - "preserveUrlFragmentsForLogins": false, - "routes": {}, - "tokenStore": { - "azureBlobStorage": {}, - "enabled": true, - "fileSystem": {}, - "tokenRefreshExtensionHours": 72 - } - }, - "platform": { - "enabled": true, - "runtimeVersion": "~1" - } - } - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sites" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module sites './Microsoft.Web/sites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-sites' - params: { - name: '<>-az-fa-x-001' - lock: 'CanNotDelete' - kind: 'functionapp' - serverFarmResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001' - siteConfig: { - alwaysOn: true - use32BitWorkerProcess: false - } - appInsightId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Insights/components/adp-<>-az-appi-x-001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - setAzureWebJobsDashboard: true - appSettingsKeyValuePairs: { - FUNCTIONS_EXTENSION_VERSION: '~4' - FUNCTIONS_WORKER_RUNTIME: 'dotnet' - AzureFunctionsJobHost__logging__logLevel__default: 'Trace' - EASYAUTH_SECRET: 'https://adp-<>-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password' - } - authSettingV2Configuration: { - globalValidation: { - requireAuthentication: true - unauthenticatedClientAction: 'Return401' - } - httpSettings: { - forwardProxy: { - convention: 'NoProxy' - } - requireHttps: true - routes: { - apiPrefix: '/.auth' - } - } - identityProviders: { - azureActiveDirectory: { - enabled: true - login: { - disableWWWAuthenticate: false - } - registration: { - openIdIssuer: 'https://sts.windows.net/<>/v2.0/' - clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa' - clientSecretSettingName: 'EASYAUTH_SECRET' - } - validation: { - allowedAudiences: [ - 'api://d874dd2f-2032-4db1-a053-f0ec243685aa' - ] - defaultAuthorizationPolicy: { - allowedPrincipals: {} - } - jwtClaimChecks: {} - } - } - } - login: { - allowedExternalRedirectUrls: [ - 'string' - ] - cookieExpiration: { - convention: 'FixedTime' - timeToExpiration: '08:00:00' - } - nonce: { - nonceExpirationInterval: '00:05:00' - validateNonce: true - } - preserveUrlFragmentsForLogins: false - routes: {} - tokenStore: { - azureBlobStorage: {} - enabled: true - fileSystem: {} - tokenRefreshExtensionHours: 72 - } - } - platform: { - enabled: true - runtimeVersion: '~1' - } - } - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'sites' - } - ] - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wa-min-001" - }, - "kind": { - "value": "app" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module sites './Microsoft.Web/sites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-sites' - params: { - name: '<>-az-wa-min-001' - kind: 'app' - serverFarmResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001' - } -} -``` - -
-

- -

Example 4

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wa-x-001" - }, - "kind": { - "value": "app" - }, - "serverFarmResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001" - }, - "siteConfig": { - "value": { - "metadata": [ - { - "name": "CURRENT_STACK", - "value": "dotnetcore" - } - ], - "alwaysOn": true - } - }, - "httpsOnly": { - "value": true - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "sites" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module sites './Microsoft.Web/sites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-sites' - params: { - name: '<>-az-wa-x-001' - kind: 'app' - serverFarmResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Web/serverFarms/adp-<>-az-asp-x-001' - siteConfig: { - metadata: [ - { - name: 'CURRENT_STACK' - value: 'dotnetcore' - } - ] - alwaysOn: true - } - httpsOnly: true - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'sites' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Web/sites/version.json b/modules/Microsoft.Web/sites/version.json deleted file mode 100644 index 56f8d9ca40..0000000000 --- a/modules/Microsoft.Web/sites/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index d8c01ae5d9..0000000000 --- a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,34 +0,0 @@ -param principalIds array -param principalType string = '' -param roleDefinitionIdOrName string -param resourceId string - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') -} - -resource staticSite 'Microsoft.Web/staticSites@2021-02-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(staticSite.id, principalId, roleDefinitionIdOrName) - properties: { - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: staticSite -}] diff --git a/modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json b/modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json deleted file mode 100644 index b5781f46f0..0000000000 --- a/modules/Microsoft.Web/staticSites/.deploymentTests/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-min-001" - } - } -} diff --git a/modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json b/modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json deleted file mode 100644 index 68d8697715..0000000000 --- a/modules/Microsoft.Web/staticSites/.deploymentTests/parameters.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": "Standard" - }, - "stagingEnvironmentPolicy": { - "value": "Enabled" - }, - "allowConfigFileUpdates": { - "value": true - }, - "enterpriseGradeCdnStatus": { - "value": "Disabled" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "staticSites" - } - ] - } - } -} diff --git a/modules/Microsoft.Web/staticSites/deploy.bicep b/modules/Microsoft.Web/staticSites/deploy.bicep deleted file mode 100644 index 6b3a326840..0000000000 --- a/modules/Microsoft.Web/staticSites/deploy.bicep +++ /dev/null @@ -1,174 +0,0 @@ -@description('Required. Name of the static site.') -@minLength(1) -@maxLength(40) -param name string - -@allowed([ - 'Free' - 'Standard' -]) -@description('Optional. Type of static site to deploy.') -param sku string = 'Free' - -@description('Optional. If config file is locked for this static web app.') -param allowConfigFileUpdates bool = true - -@description('Optional. Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2.') -param location string = resourceGroup().location - -@allowed([ - 'Enabled' - 'Disabled' -]) -@description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.') -param stagingEnvironmentPolicy string = 'Enabled' - -@allowed([ - 'Disabled' - 'Disabling' - 'Enabled' - 'Enabling' -]) -@description('Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app.') -param enterpriseGradeCdnStatus string = 'Disabled' - -@description('Optional. Build properties for the static site.') -param buildProperties object = {} - -@description('Optional. Template Options for the static site.') -param templateProperties object = {} - -@description('Optional. The provider that submitted the last deployment to the primary environment of the static site.') -param provider string = 'None' - -@secure() -@description('Optional. The Personal Access Token for accessing the GitHub repo.') -param repositoryToken string = '' - -@description('Optional. The name of the GitHub repo.') -param repositoryUrl string = '' - -@description('Optional. The branch name of the GitHub repo.') -param branch string = '' - -@description('Optional. Enables system assigned managed identity on the resource.') -param systemAssignedIdentity bool = false - -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Configuration details for private endpoints.') -param privateEndpoints array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -var enableReferencedModulesTelemetry = false - -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') - -var identity = identityType != 'None' ? { - type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null -} : null - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { - name: name - location: location - tags: tags - identity: identity - sku: { - name: sku - tier: sku - } - properties: { - allowConfigFileUpdates: allowConfigFileUpdates - stagingEnvironmentPolicy: stagingEnvironmentPolicy - enterpriseGradeCdnStatus: enterpriseGradeCdnStatus - provider: !empty(provider) ? provider : 'None' - branch: !empty(branch) ? branch : null - buildProperties: !empty(buildProperties) ? buildProperties : null - repositoryToken: !empty(repositoryToken) ? repositoryToken : null - repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null - templateProperties: !empty(templateProperties) ? templateProperties : null - } -} - -resource staticSite_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${staticSite.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: staticSite -} - -module staticSite_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-StaticSite-Rbac-${index}' - params: { - principalIds: roleAssignment.principalIds - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: staticSite.id - } -}] - -module staticSite_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-StaticSite-PrivateEndpoint-${index}' - params: { - groupIds: [ - privateEndpoint.service - ] - name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(staticSite.id, '/'))}-${privateEndpoint.service}-${index}' - serviceResourceId: staticSite.id - subnetResourceId: privateEndpoint.subnetResourceId - enableDefaultTelemetry: enableReferencedModulesTelemetry - location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location - lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock - privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] - roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] - tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} - manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] - customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] - } -}] - -@description('The name of the static site.') -output name string = staticSite.name - -@description('The resource ID of the static site.') -output resourceId string = staticSite.id - -@description('The resource group the static site was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The principal ID of the system assigned identity.') -output systemAssignedPrincipalId string = systemAssignedIdentity && contains(staticSite.identity, 'principalId') ? staticSite.identity.principalId : '' - -@description('The location the resource was deployed into.') -output location string = staticSite.location diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md deleted file mode 100644 index 76dee48d1c..0000000000 --- a/modules/Microsoft.Web/staticSites/readme.md +++ /dev/null @@ -1,408 +0,0 @@ -# Static Web Sites `[Microsoft.Web/staticSites]` - -This module deploys a Static Web Site. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Web/staticSites` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the static site. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowConfigFileUpdates` | bool | `True` | | If config file is locked for this static web app. | -| `branch` | string | `''` | | The branch name of the GitHub repo. | -| `buildProperties` | object | `{object}` | | Build properties for the static site. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enterpriseGradeCdnStatus` | string | `'Disabled'` | `[Disabled, Disabling, Enabled, Enabling]` | State indicating the status of the enterprise grade CDN serving traffic to the static web app. | -| `location` | string | `[resourceGroup().location]` | | Location to deploy static site. The following locations are supported: CentralUS, EastUS2, EastAsia, WestEurope, WestUS2. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. | -| `provider` | string | `'None'` | | The provider that submitted the last deployment to the primary environment of the static site. | -| `repositoryToken` | secureString | `''` | | The Personal Access Token for accessing the GitHub repo. | -| `repositoryUrl` | string | `''` | | The name of the GitHub repo. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Free'` | `[Free, Standard]` | Type of static site to deploy. | -| `stagingEnvironmentPolicy` | string | `'Enabled'` | `[Enabled, Disabled]` | State indicating whether staging environments are allowed or not allowed for a static web app. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `templateProperties` | object | `{object}` | | Template Options for the static site. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -### Parameter Usage: `privateEndpoints` - -To use Private Endpoint the following dependencies must be deployed: - -- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. -- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. - -

- -Parameter JSON format - -```json -"privateEndpoints": { - "value": [ - // Example showing all available fields - { - "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. - "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" - ], - "customDnsConfigs": [ // Optional - { - "fqdn": "customname.test.local", - "ipAddresses": [ - "10.10.10.10" - ] - } - ] - }, - // Example showing only mandatory fields - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", - "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -privateEndpoints: [ - // Example showing all available fields - { - name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' - ] - // Optional - customDnsConfigs: [ - { - fqdn: 'customname.test.local' - ipAddresses: [ - '10.10.10.10' - ] - } - ] - } - // Example showing only mandatory fields - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' - service: '<>' // e.g. vault registry file blob queue table etc. - } -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the static site. | -| `resourceGroupName` | string | The resource group the static site was deployed into. | -| `resourceId` | string | The resource ID of the static site. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module staticSites './Microsoft.Web/staticSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-staticSites' - params: { - name: '<>-az-wss-min-001' - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-wss-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "sku": { - "value": "Standard" - }, - "stagingEnvironmentPolicy": { - "value": "Enabled" - }, - "allowConfigFileUpdates": { - "value": true - }, - "enterpriseGradeCdnStatus": { - "value": "Disabled" - }, - "systemAssignedIdentity": { - "value": true - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "staticSites" - } - ] - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module staticSites './Microsoft.Web/staticSites/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-staticSites' - params: { - name: '<>-az-wss-x-001' - lock: 'CanNotDelete' - sku: 'Standard' - stagingEnvironmentPolicy: 'Enabled' - allowConfigFileUpdates: true - enterpriseGradeCdnStatus: 'Disabled' - systemAssignedIdentity: true - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'staticSites' - } - ] - } -} -``` - -
-

diff --git a/modules/Microsoft.Web/staticSites/version.json b/modules/Microsoft.Web/staticSites/version.json deleted file mode 100644 index 41f66cc990..0000000000 --- a/modules/Microsoft.Web/staticSites/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.1" -} diff --git a/modules/README.md b/modules/README.md deleted file mode 100644 index 23e4b05592..0000000000 --- a/modules/README.md +++ /dev/null @@ -1,107 +0,0 @@ -In this section you can find useful information regarding the Modules that are contained in this repository. - -## Available Resource Modules - -| Name | Provider namespace | Resource Type | -| - | - | - | -| [Azure Active Directory Domain Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | `MS.AAD` | [DomainServices](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AAD/DomainServices) | -| [Analysis Services Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | `MS.AnalysisServices` | [servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AnalysisServices/servers) | -| [API Management Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | `MS.ApiManagement` | [service](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ApiManagement/service) | -| [App Configuration](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | `MS.AppConfiguration` | [configurationStores](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.AppConfiguration/configurationStores) | -| [Authorization Locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | `MS.Authorization` | [locks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/locks) | -| [Policy Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | | [policyAssignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyAssignments) | -| [Policy Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | | [policyDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyDefinitions) | -| [Policy Exemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | | [policyExemptions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policyExemptions) | -| [Policy Set Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | | [policySetDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/policySetDefinitions) | -| [Role Assignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | | [roleAssignments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleAssignments) | -| [Role Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | | [roleDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Authorization/roleDefinitions) | -| [Automation Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | `MS.Automation` | [automationAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Automation/automationAccounts) | -| [Batch Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | `MS.Batch` | [batchAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts) | -| [Cognitive Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | `MS.CognitiveServices` | [accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.CognitiveServices/accounts) | -| [Availability Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | `MS.Compute` | [availabilitySets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/availabilitySets) | -| [Disk Encryption Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | | [diskEncryptionSets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/diskEncryptionSets) | -| [Compute Disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | | [disks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/disks) | -| [Azure Compute Galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | | [galleries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/galleries) | -| [Images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | | [images](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/images) | -| [Proximity Placement Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | | [proximityPlacementGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/proximityPlacementGroups) | -| [Virtual Machines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | | [virtualMachines](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachines) | -| [Virtual Machine Scale Sets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | | [virtualMachineScaleSets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Compute/virtualMachineScaleSets) | -| [Budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | `MS.Consumption` | [budgets](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Consumption/budgets) | -| [Container Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | `MS.ContainerInstance` | [containerGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerInstance/containerGroups) | -| [Container Registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | `MS.ContainerRegistry` | [registries](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerRegistry/registries) | -| [Azure Kubernetes Services](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | `MS.ContainerService` | [managedClusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ContainerService/managedClusters) | -| [Azure Databricks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | `MS.Databricks` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Databricks/workspaces) | -| [Data Factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | `MS.DataFactory` | [factories](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataFactory/factories) | -| [DataProtection BackupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | `MS.DataProtection` | [backupVaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DataProtection/backupVaults) | -| [AVD Application Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | `MS.DesktopVirtualization` | [applicationgroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/applicationgroups) | -| [AVD Host Pools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | | [hostpools](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/hostpools) | -| [AVD Scaling Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | | [scalingplans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/scalingplans) | -| [AVD Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DesktopVirtualization/workspaces) | -| [DocumentDB Database Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | `MS.DocumentDB` | [databaseAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.DocumentDB/databaseAccounts) | -| [Event Grid System Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | `MS.EventGrid` | [systemTopics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/systemTopics) | -| [Event Grid Topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | | [topics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventGrid/topics) | -| [Event Hub Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | `MS.EventHub` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.EventHub/namespaces) | -| [Azure Health Bots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | `MS.HealthBot` | [healthBots](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.HealthBot/healthBots) | -| [Action Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | `MS.Insights` | [actionGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/actionGroups) | -| [Activity Log Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | | [activityLogAlerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/activityLogAlerts) | -| [Application Insights](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | | [components](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/components) | -| [Activity Logs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | | [diagnosticSettings](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/diagnosticSettings) | -| [Metric Alerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | | [metricAlerts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/metricAlerts) | -| [Azure Monitor Private Link Scopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | | [privateLinkScopes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/privateLinkScopes) | -| [Scheduled Query Rules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | | [scheduledQueryRules](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Insights/scheduledQueryRules) | -| [Key Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | `MS.KeyVault` | [vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KeyVault/vaults) | -| [Kubernetes Configuration Extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | `MS.KubernetesConfiguration` | [extensions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/extensions) | -| [Kubernetes Configuration Flux Configurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | | [fluxConfigurations](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.KubernetesConfiguration/fluxConfigurations) | -| [Logic Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | `MS.Logic` | [workflows](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Logic/workflows) | -| [Machine Learning Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | `MS.achineLearningServices` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.MachineLearningServices/workspaces) | -| [User Assigned Identities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | `MS.anagedIdentity` | [userAssignedIdentities](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedIdentity/userAssignedIdentities) | -| [Registration Definitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | `MS.anagedServices` | [registrationDefinitions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ManagedServices/registrationDefinitions) | -| [Management Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | `MS.anagement` | [managementGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Management/managementGroups) | -| [Azure NetApp Files](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | `MS.NetApp` | [netAppAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.NetApp/netAppAccounts) | -| [Network Application Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | `MS.Network` | [applicationGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationGateways) | -| [Application Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | | [applicationSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/applicationSecurityGroups) | -| [Azure Firewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | | [azureFirewalls](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/azureFirewalls) | -| [Bastion Hosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | | [bastionHosts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/bastionHosts) | -| [Virtual Network Gateway Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | | [connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/connections) | -| [DDoS Protection Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | | [ddosProtectionPlans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ddosProtectionPlans) | -| [ExpressRoute Circuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | | [expressRouteCircuits](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/expressRouteCircuits) | -| [Firewall Policies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | | [firewallPolicies](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/firewallPolicies) | -| [Front Doors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | | [frontDoors](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/frontDoors) | -| [IP Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | | [ipGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/ipGroups) | -| [Load Balancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | | [loadBalancers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/loadBalancers) | -| [Local Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | | [localNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/localNetworkGateways) | -| [NAT Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | | [natGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/natGateways) | -| [Network Interface](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | | [networkInterfaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkInterfaces) | -| [Network Security Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | | [networkSecurityGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkSecurityGroups) | -| [Network Watchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | | [networkWatchers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/networkWatchers) | -| [Private DNS Zones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | | [privateDnsZones](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateDnsZones) | -| [Private Endpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | | [privateEndpoints](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/privateEndpoints) | -| [Public IP Addresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | | [publicIPAddresses](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPAddresses) | -| [Public IP Prefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | | [publicIPPrefixes](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/publicIPPrefixes) | -| [Route Tables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | | [routeTables](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/routeTables) | -| [Traffic Manager Profiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | | [trafficmanagerprofiles](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/trafficmanagerprofiles) | -| [Virtual Hubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | | [virtualHubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualHubs) | -| [Virtual Network Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | | [virtualNetworkGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworkGateways) | -| [Virtual Networks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | | [virtualNetworks](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualNetworks) | -| [Virtual WANs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | | [virtualWans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/virtualWans) | -| [VPN Gateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | | [vpnGateways](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnGateways) | -| [VPN Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | | [vpnSites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Network/vpnSites) | -| [Log Analytics Workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | `MS.OperationalInsights` | [workspaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationalInsights/workspaces) | -| [OperationsManagement Solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | `MS.OperationsManagement` | [solutions](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.OperationsManagement/solutions) | -| [Recovery Services Vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | `MS.RecoveryServices` | [vaults](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.RecoveryServices/vaults) | -| [Deployment Scripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | `MS.Resources` | [deploymentScripts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/deploymentScripts) | -| [Resource Groups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | | [resourceGroups](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/resourceGroups) | -| [Resources Tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | | [tags](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Resources/tags) | -| [Azure Security Center](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | `MS.Security` | [azureSecurityCenter](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Security/azureSecurityCenter) | -| [Service Bus Namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | `MS.ServiceBus` | [namespaces](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceBus/namespaces) | -| [Service Fabric Clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | `MS.ServiceFabric` | [clusters](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.ServiceFabric/clusters) | -| [SQL Managed Instances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | `MS.Sql` | [managedInstances](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/managedInstances) | -| [SQL Servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | | [servers](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Sql/servers) | -| [Storage Accounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | `MS.Storage` | [storageAccounts](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Storage/storageAccounts) | -| [Azure Synapse Analytics](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | `MS.Synapse` | [privateLinkHubs](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Synapse/privateLinkHubs) | -| [Image Templates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | `MS.VirtualMachineImages` | [imageTemplates](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.VirtualMachineImages/imageTemplates) | -| [API Connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | `MS.Web` | [connections](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/connections) | -| [App Service Environments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | | [hostingEnvironments](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/hostingEnvironments) | -| [App Service Plans](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | | [serverfarms](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/serverfarms) | -| [Web/Function Apps](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | | [sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/sites) | -| [Static Web Sites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | | [staticSites](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Web/staticSites) | diff --git a/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 b/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 deleted file mode 100644 index 426d5efd81..0000000000 --- a/utilities/pipelines/sharedScripts/Get-DeploymentTestFileList.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -<# -.SYNOPSIS -Get the relative file paths of all parameter files in the given module. - -.DESCRIPTION -Get the relative file paths of all parameter files in the given module. -The relative path is returned instead of the full one to make paths easier to read in the pipeline. - -.PARAMETER ModulePath -Mandatory. The module path to search in. - -.EXAMPLE -Get-DeploymentTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' - -Returns the relative file paths of all parameter files of the virtual machines module. -#> -function Get-DeploymentTestFileList { - - [CmdletBinding()] - param ( - [Parameter(Mandatory)] - [string] $ModulePath - ) - - $deploymentTests = @() - if (Test-Path (Join-Path $ModulePath '.deploymentTests')) { - $deploymentTests += (Get-ChildItem -Path (Join-Path $ModulePath '.deploymentTests') -Depth 0 -Include ('*.json', '*.bicep') -File).FullName - } - - if (-not $deploymentTests) { - throw "No deployment test files found for module [$ModulePath]" - } - - $deploymentTests = $deploymentTests | ForEach-Object { - $_.Replace($ModulePath, '').Trim('\').Trim('/') - } - - Write-Verbose 'Found parameter files' - $deploymentTests | ForEach-Object { Write-Verbose "- $_" } - - return $deploymentTests -} From 6f1c94089d1f5d55d0f56e158532a744294faa23 Mon Sep 17 00:00:00 2001 From: Jan-Henrik Damaschke Date: Mon, 4 Jul 2022 14:55:38 +0200 Subject: [PATCH 22/42] [Modules] Redis cache module (#1582) * feat(webpubsub): Added Web PubSub module * feat(webpubsub): Updated folders, added tests, updated readme * feat(webpubsub): Added nested rbac * feat(redis-cache): Added Redis cache module * feat(redis-cache): Cleaned up branch history * fix(redis): Updated diagnostics name Co-authored-by: Alexander Sehr * feat(redis): :sparkles: Added tests, pipelines and secure defaults * refactor(test): Changed .parameters to .test Co-authored-by: Alexander Sehr --- .../modulePipelines/ms.cache.redis.yml | 55 ++++ .github/workflows/ms.cache.redis.yml | 142 ++++++++++ .../redis/.bicep/nested_rbac.bicep | 61 +++++ .../redis/.test/full.parameters.json | 61 +++++ .../redis/.test/min.parameters.json | 9 + arm/Microsoft.Cache/redis/deploy.bicep | 259 ++++++++++++++++++ arm/Microsoft.Cache/redis/readme.md | 236 ++++++++++++++++ arm/Microsoft.Cache/redis/version.json | 4 + 8 files changed, 827 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.cache.redis.yml create mode 100644 .github/workflows/ms.cache.redis.yml create mode 100644 arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep create mode 100644 arm/Microsoft.Cache/redis/.test/full.parameters.json create mode 100644 arm/Microsoft.Cache/redis/.test/min.parameters.json create mode 100644 arm/Microsoft.Cache/redis/deploy.bicep create mode 100644 arm/Microsoft.Cache/redis/readme.md create mode 100644 arm/Microsoft.Cache/redis/version.json diff --git a/.azuredevops/modulePipelines/ms.cache.redis.yml b/.azuredevops/modulePipelines/ms.cache.redis.yml new file mode 100644 index 0000000000..c6b1bb208d --- /dev/null +++ b/.azuredevops/modulePipelines/ms.cache.redis.yml @@ -0,0 +1,55 @@ +name: 'Cache - Redis' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +pr: none + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.cache.redis.yml' + - '/.azuredevops/pipelineTemplates/*.yml' + - '/Microsoft.Cache/redis/*' + - '/arm/.global/global.module.tests.ps1' + exclude: + - '/**/*.md' + +variables: + - template: '../../global.variables.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/arm/Microsoft.Cache/redis' + +stages: + - stage: Validation + displayName: Static validation + jobs: + - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml + + - stage: Deployment + displayName: Deployment validation + jobs: + - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + deploymentBlocks: + - path: $(modulePath)/.parameters/min.parameters.json + - path: $(modulePath)/.parameters/full.parameters.json + + - stage: Publishing + displayName: Publishing + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/main'), eq(variables['Build.SourceBranch'], 'refs/heads/master'), eq('${{ parameters.prerelease }}', 'true'))) + jobs: + - template: /.azuredevops/pipelineTemplates/jobs.publishModule.yml diff --git a/.github/workflows/ms.cache.redis.yml b/.github/workflows/ms.cache.redis.yml new file mode 100644 index 0000000000..08ec9c47bc --- /dev/null +++ b/.github/workflows/ms.cache.redis.yml @@ -0,0 +1,142 @@ +name: 'Cache: Redis' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: true + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: false + push: + branches: + - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.cache.redis.yml' + - 'arm/Microsoft.Cache/redis/**' + - 'arm/.global/global.module.tests.ps1' + - '!*/**/readme.md' + - 'utilities/pipelines/**' + - '!utilities/pipelines/dependencies/**' + +env: + variablesPath: 'global.variables.yml' + modulePath: 'arm/Microsoft.Cache/redis' + workflowPath: '.github/workflows/ms.cache.redis.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}' + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: 'Initialize pipeline' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Set input parameters to output variables' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' + id: get-parameter-file-paths + uses: ./.github/actions/templates/getParameterFiles + with: + modulePath: '${{ env.modulePath }}' + outputs: + removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }} + parameterFilePaths: ${{ steps.get-parameter-file-paths.outputs.parameterFilePaths }} + + ######################### + # Static validation # + ######################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Static validation' + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + parameterFilePaths: ${{ fromJSON(needs.job_initialize_pipeline.outputs.parameterFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + parameterFilePath: '${{ env.modulePath }}/${{ matrix.parameterFilePaths }}' + location: '${{ env.location }}' + resourceGroupName: '${{ env.resourceGroupName }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ needs.job_initialize_pipeline.outputs.removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' diff --git a/arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep new file mode 100644 index 0000000000..edfbb04b7e --- /dev/null +++ b/arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -0,0 +1,61 @@ +@sys.description('Required. The IDs of the principals to assign the role to.') +param principalIds array + +@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') +param roleDefinitionIdOrName string + +@sys.description('Required. The resource ID of the resource to apply the role assignment to.') +param resourceId string + +@sys.description('Optional. The principal type of the assigned principal ID.') +@allowed([ + 'ServicePrincipal' + 'Group' + 'User' + 'ForeignGroup' + 'Device' + '' +]) +param principalType string = '' + +@sys.description('Optional. The description of the role assignment.') +param description string = '' + +var builtInRoleNames = { + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') + 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') + 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') + 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') + 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') + masterreader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') + 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') +} + +resource redisCache 'Microsoft.Cache/redis@2021-06-01' existing = { + name: last(split(resourceId, '/')) +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { + name: guid(redisCache.id, principalId, roleDefinitionIdOrName) + properties: { + description: description + roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName + principalId: principalId + principalType: !empty(principalType) ? any(principalType) : null + } + scope: redisCache +}] diff --git a/arm/Microsoft.Cache/redis/.test/full.parameters.json b/arm/Microsoft.Cache/redis/.test/full.parameters.json new file mode 100644 index 0000000000..fc6dfe8a3c --- /dev/null +++ b/arm/Microsoft.Cache/redis/.test/full.parameters.json @@ -0,0 +1,61 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-redis-full-001" + }, + "capacity": { + "value": 2 + }, + "diagnosticLogCategoriesToEnable": { + "value": [ + "ApplicationGatewayAccessLog", + "ApplicationGatewayFirewallLog" + ] + }, + "diagnosticMetricsToEnable": { + "value": [ + "AllMetrics" + ] + }, + "enableNonSslPort": { + "value": true + }, + "family": { + "value": "P" + }, + "lock": { + "value": "CanNotDelete" + }, + "minimumTlsVersion": { + "value": "1.2" + }, + "diagnosticSettingsName": { + "value": "redisdiagnostics" + }, + "publicNetworkAccess": { + "value": "Enabled" + }, + "redisVersion": { + "value": "6" + }, + "skuName": { + "value": "Premium" + }, + "systemAssignedIdentity": { + "value": true + }, + "shardCount": { + "value": 1 + }, + "tags": { + "value": { + "resourceType": "Redis Cache" + } + }, + "enableDefaultTelemetry": { + "value": false + } + } +} diff --git a/arm/Microsoft.Cache/redis/.test/min.parameters.json b/arm/Microsoft.Cache/redis/.test/min.parameters.json new file mode 100644 index 0000000000..273328d0a9 --- /dev/null +++ b/arm/Microsoft.Cache/redis/.test/min.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-redis-min-001" + } + } +} diff --git a/arm/Microsoft.Cache/redis/deploy.bicep b/arm/Microsoft.Cache/redis/deploy.bicep new file mode 100644 index 0000000000..1c241e2c90 --- /dev/null +++ b/arm/Microsoft.Cache/redis/deploy.bicep @@ -0,0 +1,259 @@ +@description('Optional. The location to deploy the Redis cache service.') +param location string = resourceGroup().location + +@description('Required. The name of the Redis cache resource.') +param name string + +@allowed([ + '' + 'CanNotDelete' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = '' + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments array = [] + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Enables system assigned managed identity on the resource.') +param systemAssignedIdentity bool = false + +@description('Optional. The ID(s) to assign to the resource.') +param userAssignedIdentities object = {} + +@description('Optional. Specifies whether the non-ssl Redis server port (6379) is enabled.') +param enableNonSslPort bool = false + +@allowed([ + '1.0' + '1.1' + '1.2' +]) +@description('Optional. Specify the type of lock.') +param minimumTlsVersion string = '1.2' + +@allowed([ + 'Disabled' + 'Enabled' +]) +@description('Optional. Control permission for data plane traffic coming from public networks while private endpoint is enabled.') +param publicNetworkAccess string = 'Enabled' + +@description('Optional. All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc.') +param redisConfiguration object = {} + +@allowed([ + '4' + '6' +]) +@description('Optional. Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6)') +param redisVersion string = '6' + +@minValue(1) +@description('Optional. The number of replicas to be created per primary.') +param replicasPerMaster int = 1 + +@minValue(1) +@description('Optional. The number of replicas to be created per primary.') +param replicasPerPrimary int = 1 + +@minValue(1) +@description('Optional. The number of shards to be created on a Premium Cluster Cache.') +param shardCount int = 1 + +@allowed([ + 0 + 1 + 2 + 3 + 4 + 5 + 6 +]) +@description('Optional. The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4).') +param capacity int = 0 + +@allowed([ + 'C' + 'P' +]) +@description('Optional. The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium).') +param family string = 'P' + +@allowed([ + 'Basic' + 'Premium' + 'Standard' +]) +@description('Optional. The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium)') +param skuName string = 'Premium' + +@description('Optional. Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default.') +param staticIP string = '' + +@description('Optional. The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1') +param subnetId string = '' + +@description('Optional. A dictionary of tenant settings.') +param tenantSettings object = {} + +@description('Optional. The name of the diagnostic setting, if deployed.') +param diagnosticSettingsName string = '${name}-diagnosticSettings' + +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') +param diagnosticWorkspaceId string = '' + +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') +param diagnosticEventHubName string = '' + +@description('Optional. The name of logs that will be streamed.') +@allowed([ + 'ApplicationGatewayAccessLog' + 'ApplicationGatewayPerformanceLog' + 'ApplicationGatewayFirewallLog' +]) +param diagnosticLogCategoriesToEnable array = [ + 'ApplicationGatewayAccessLog' + 'ApplicationGatewayPerformanceLog' + 'ApplicationGatewayFirewallLog' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'AllMetrics' +]) +param diagnosticMetricsToEnable array = [ + 'AllMetrics' +] + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { + category: category + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var identityType = systemAssignedIdentity ? 'SystemAssigned' : !empty(userAssignedIdentities) ? 'UserAssigned' : 'None' + +var identity = { + type: identityType + userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource redisCache 'Microsoft.Cache/redis@2021-06-01' = { + name: name + location: location + tags: tags + identity: identity + properties: { + enableNonSslPort: enableNonSslPort + minimumTlsVersion: minimumTlsVersion + publicNetworkAccess: publicNetworkAccess + redisConfiguration: !empty(redisConfiguration) ? redisConfiguration : null + redisVersion: redisVersion + replicasPerMaster: skuName == 'Premium' ? replicasPerMaster : null + replicasPerPrimary: skuName == 'Premium' ? replicasPerPrimary : null + shardCount: family == 'P' ? shardCount : null // Not supported in free tier + sku: { + capacity: capacity + family: family + name: skuName + } + staticIP: !empty(staticIP) ? staticIP : null + subnetId: !empty(subnetId) ? subnetId : null + tenantSettings: tenantSettings + } + zones: skuName == 'Premium' ? pickZones('Microsoft.Cache', 'redis', location, 1) : null +} + +resource redisCache_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { + name: '${redisCache.name}-${lock}-lock' + properties: { + level: any(lock) + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: redisCache +} + +resource redisCache_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { + name: diagnosticSettingsName + properties: { + storageAccountId: empty(diagnosticStorageAccountId) ? null : diagnosticStorageAccountId + workspaceId: empty(diagnosticWorkspaceId) ? null : diagnosticWorkspaceId + eventHubAuthorizationRuleId: empty(diagnosticEventHubAuthorizationRuleId) ? null : diagnosticEventHubAuthorizationRuleId + eventHubName: empty(diagnosticEventHubName) ? null : diagnosticEventHubName + metrics: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsMetrics + logs: empty(diagnosticStorageAccountId) && empty(diagnosticWorkspaceId) && empty(diagnosticEventHubAuthorizationRuleId) && empty(diagnosticEventHubName) ? null : diagnosticsLogs + } + scope: redisCache +} + +module redisCache_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) in roleAssignments: { + name: '${uniqueString(deployment().name, location)}-AppGateway-Rbac-${index}' + params: { + description: contains(roleAssignment, 'description') ? roleAssignment.description : '' + principalIds: roleAssignment.principalIds + principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' + roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + resourceId: redisCache.id + } +}] + +@description('The resource name') +output name string = redisCache.name + +@description('The resource id') +output resourceId string = redisCache.id + +@description('The name of the resource group the Redis cache was created in.') +output resourceGroupName string = resourceGroup().name + +@description('Redis host name.') +output hostName string = redisCache.properties.hostName + +@description('Redis SSL port.') +output sslPort int = redisCache.properties.sslPort + +@description('The full resource ID of a subnet in a virtual network where the Redis cache was deployed in.') +output subnetId int = redisCache.properties.subnetId diff --git a/arm/Microsoft.Cache/redis/readme.md b/arm/Microsoft.Cache/redis/readme.md new file mode 100644 index 0000000000..aa45d2990b --- /dev/null +++ b/arm/Microsoft.Cache/redis/readme.md @@ -0,0 +1,236 @@ +# Cache Redis `[Microsoft.Cache/redis]` + +This module deploys a Redis Cache service. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Cache/redis` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Cache/2021-06-01/redis) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the Redis cache resource. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Allowed Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `capacity` | int | `0` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | The name of logs that will be streamed. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | +| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | +| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | +| `family` | string | `'C'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | +| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | +| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | +| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | +| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6) | +| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | +| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | +| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | +| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | +| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | +| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1 | +| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | +| `tags` | object | `{object}` | | Tags of the resource. | +| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | +| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | + + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +

+ +Parameter JSON format + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +} +``` + +
+ +
+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

+ +### Parameter Usage: `redisConfiguration` + +All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc.. + +Name | Description | Value +---------|----------|--------- +aof-storage-connection-string-0 | First storage account connection string | string +aof-storage-connection-string-1 | Second storage account connection string | string +maxfragmentationmemory-reserved | Value in megabytes reserved for fragmentation per shard | string +maxmemory-delta | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string +maxmemory-policy | The eviction strategy used when your data won't fit within its memory limit. | string +maxmemory-reserved | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string +rdb-backup-enabled | Specifies whether the rdb backup is enabled | string +rdb-backup-frequency | Specifies the frequency for creating rdb backup | string +rdb-backup-max-snapshot-count | Specifies the maximum number of snapshots for rdb backup | string +rdb-storage-connection-string | The storage account connection string for storing rdb file | string + +For more details visit [Microsoft.Cache redis reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.cache/redis?tabs=bicep) + +

+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

+ +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis host name. | +| `name` | string | The name of the graph. | +| `resourceGroupName` | string | The name of the resource group the graph was created in. | +| `resourceId` | string | The resource ID of the graph. | +| `sslPort` | int | Redis SSL port. | +| `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | diff --git a/arm/Microsoft.Cache/redis/version.json b/arm/Microsoft.Cache/redis/version.json new file mode 100644 index 0000000000..badc0a2285 --- /dev/null +++ b/arm/Microsoft.Cache/redis/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.5" +} From 809b34cb7743459545065862d79ab13891042d3f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 14:58:48 +0200 Subject: [PATCH 23/42] Moved folder --- .../redis/.bicep/nested_rbac.bicep | 0 .../redis/.test/full.parameters.json | 0 .../redis/.test/min.parameters.json | 0 .../Microsoft.Cache/redis/deploy.bicep | 0 .../Microsoft.Cache/redis/readme.md | 472 +++++++++--------- .../Microsoft.Cache/redis/version.json | 0 6 files changed, 236 insertions(+), 236 deletions(-) rename {arm => modules}/Microsoft.Cache/redis/.bicep/nested_rbac.bicep (100%) rename {arm => modules}/Microsoft.Cache/redis/.test/full.parameters.json (100%) rename {arm => modules}/Microsoft.Cache/redis/.test/min.parameters.json (100%) rename {arm => modules}/Microsoft.Cache/redis/deploy.bicep (100%) rename {arm => modules}/Microsoft.Cache/redis/readme.md (98%) rename {arm => modules}/Microsoft.Cache/redis/version.json (100%) diff --git a/arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep similarity index 100% rename from arm/Microsoft.Cache/redis/.bicep/nested_rbac.bicep rename to modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep diff --git a/arm/Microsoft.Cache/redis/.test/full.parameters.json b/modules/Microsoft.Cache/redis/.test/full.parameters.json similarity index 100% rename from arm/Microsoft.Cache/redis/.test/full.parameters.json rename to modules/Microsoft.Cache/redis/.test/full.parameters.json diff --git a/arm/Microsoft.Cache/redis/.test/min.parameters.json b/modules/Microsoft.Cache/redis/.test/min.parameters.json similarity index 100% rename from arm/Microsoft.Cache/redis/.test/min.parameters.json rename to modules/Microsoft.Cache/redis/.test/min.parameters.json diff --git a/arm/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep similarity index 100% rename from arm/Microsoft.Cache/redis/deploy.bicep rename to modules/Microsoft.Cache/redis/deploy.bicep diff --git a/arm/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md similarity index 98% rename from arm/Microsoft.Cache/redis/readme.md rename to modules/Microsoft.Cache/redis/readme.md index aa45d2990b..68fada256d 100644 --- a/arm/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -1,236 +1,236 @@ -# Cache Redis `[Microsoft.Cache/redis]` - -This module deploys a Redis Cache service. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Cache/redis` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Cache/2021-06-01/redis) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis cache resource. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `0` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `family` | string | `'C'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | -| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6) | -| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | -| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | -| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | -| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1 | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -### Parameter Usage: `userAssignedIdentities` - -You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: - -

- -Parameter JSON format - -```json -"userAssignedIdentities": { - "value": { - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, - "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} - } -} -``` - -
- -
- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -### Parameter Usage: `redisConfiguration` - -All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc.. - -Name | Description | Value ----------|----------|--------- -aof-storage-connection-string-0 | First storage account connection string | string -aof-storage-connection-string-1 | Second storage account connection string | string -maxfragmentationmemory-reserved | Value in megabytes reserved for fragmentation per shard | string -maxmemory-delta | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string -maxmemory-policy | The eviction strategy used when your data won't fit within its memory limit. | string -maxmemory-reserved | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string -rdb-backup-enabled | Specifies whether the rdb backup is enabled | string -rdb-backup-frequency | Specifies the frequency for creating rdb backup | string -rdb-backup-max-snapshot-count | Specifies the maximum number of snapshots for rdb backup | string -rdb-storage-connection-string | The storage account connection string for storing rdb file | string - -For more details visit [Microsoft.Cache redis reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.cache/redis?tabs=bicep) - -

- -Bicep format - -```bicep -userAssignedIdentities: { - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} - '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} -} -``` - -
-

- -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis host name. | -| `name` | string | The name of the graph. | -| `resourceGroupName` | string | The name of the resource group the graph was created in. | -| `resourceId` | string | The resource ID of the graph. | -| `sslPort` | int | Redis SSL port. | -| `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | +# Cache Redis `[Microsoft.Cache/redis]` + +This module deploys a Redis Cache service. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Cache/redis` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Cache/2021-06-01/redis) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the Redis cache resource. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Allowed Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `capacity` | int | `0` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | The name of logs that will be streamed. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | +| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | +| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | +| `family` | string | `'C'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | +| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | +| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | +| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | +| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6) | +| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | +| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | +| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | +| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | +| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | +| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1 | +| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | +| `tags` | object | `{object}` | | Tags of the resource. | +| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | +| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | + + +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +### Parameter Usage: `userAssignedIdentities` + +You can specify multiple user assigned identities to a resource by providing additional resource IDs using the following format: + +

+ +Parameter JSON format + +```json +"userAssignedIdentities": { + "value": { + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001": {}, + "/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002": {} + } +} +``` + +
+ +
+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

+ +### Parameter Usage: `redisConfiguration` + +All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc.. + +Name | Description | Value +---------|----------|--------- +aof-storage-connection-string-0 | First storage account connection string | string +aof-storage-connection-string-1 | Second storage account connection string | string +maxfragmentationmemory-reserved | Value in megabytes reserved for fragmentation per shard | string +maxmemory-delta | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string +maxmemory-policy | The eviction strategy used when your data won't fit within its memory limit. | string +maxmemory-reserved | Value in megabytes reserved for non-cache usage per shard e.g. failover. | string +rdb-backup-enabled | Specifies whether the rdb backup is enabled | string +rdb-backup-frequency | Specifies the frequency for creating rdb backup | string +rdb-backup-max-snapshot-count | Specifies the maximum number of snapshots for rdb backup | string +rdb-storage-connection-string | The storage account connection string for storing rdb file | string + +For more details visit [Microsoft.Cache redis reference](https://docs.microsoft.com/en-us/azure/templates/microsoft.cache/redis?tabs=bicep) + +

+ +Bicep format + +```bicep +userAssignedIdentities: { + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-001': {} + '/subscriptions/12345678-1234-1234-1234-123456789012/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-sxx-az-msi-x-002': {} +} +``` + +
+

+ +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis host name. | +| `name` | string | The name of the graph. | +| `resourceGroupName` | string | The name of the resource group the graph was created in. | +| `resourceId` | string | The resource ID of the graph. | +| `sslPort` | int | Redis SSL port. | +| `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | diff --git a/arm/Microsoft.Cache/redis/version.json b/modules/Microsoft.Cache/redis/version.json similarity index 100% rename from arm/Microsoft.Cache/redis/version.json rename to modules/Microsoft.Cache/redis/version.json From deb469ac7b34ec1f8b76f8f92e3b82101300993c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:12:23 +0200 Subject: [PATCH 24/42] Updated pipeline --- .azuredevops/modulePipelines/ms.cache.redis.yml | 4 ++-- .github/workflows/ms.cache.redis.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.cache.redis.yml b/.azuredevops/modulePipelines/ms.cache.redis.yml index c6b1bb208d..bc4a484187 100644 --- a/.azuredevops/modulePipelines/ms.cache.redis.yml +++ b/.azuredevops/modulePipelines/ms.cache.redis.yml @@ -22,7 +22,7 @@ trigger: - '/.azuredevops/modulePipelines/ms.cache.redis.yml' - '/.azuredevops/pipelineTemplates/*.yml' - '/Microsoft.Cache/redis/*' - - '/arm/.global/global.module.tests.ps1' + - '/modules/.global/global.module.tests.ps1' exclude: - '/**/*.md' @@ -30,7 +30,7 @@ variables: - template: '../../global.variables.yml' - group: 'PLATFORM_VARIABLES' - name: modulePath - value: '/arm/Microsoft.Cache/redis' + value: '/modules/Microsoft.Cache/redis' stages: - stage: Validation diff --git a/.github/workflows/ms.cache.redis.yml b/.github/workflows/ms.cache.redis.yml index 08ec9c47bc..c9abe3950e 100644 --- a/.github/workflows/ms.cache.redis.yml +++ b/.github/workflows/ms.cache.redis.yml @@ -19,15 +19,15 @@ on: paths: - '.github/actions/templates/**' - '.github/workflows/ms.cache.redis.yml' - - 'arm/Microsoft.Cache/redis/**' - - 'arm/.global/global.module.tests.ps1' + - 'modules/Microsoft.Cache/redis/**' + - 'modules/.global/global.module.tests.ps1' - '!*/**/readme.md' - 'utilities/pipelines/**' - '!utilities/pipelines/dependencies/**' env: variablesPath: 'global.variables.yml' - modulePath: 'arm/Microsoft.Cache/redis' + modulePath: 'modules/Microsoft.Cache/redis' workflowPath: '.github/workflows/ms.cache.redis.yml' AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' From 435b0dbf7727fe07ad3717e3bbbebefc445fd20e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:14:03 +0200 Subject: [PATCH 25/42] Update to latest --- .azuredevops/modulePipelines/ms.cache.redis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.azuredevops/modulePipelines/ms.cache.redis.yml b/.azuredevops/modulePipelines/ms.cache.redis.yml index bc4a484187..6fee816793 100644 --- a/.azuredevops/modulePipelines/ms.cache.redis.yml +++ b/.azuredevops/modulePipelines/ms.cache.redis.yml @@ -21,9 +21,11 @@ trigger: include: - '/.azuredevops/modulePipelines/ms.cache.redis.yml' - '/.azuredevops/pipelineTemplates/*.yml' - - '/Microsoft.Cache/redis/*' + - '/modules/Microsoft.Cache/Redis/*' - '/modules/.global/global.module.tests.ps1' + - '/utilities/pipelines/*' exclude: + - '/utilities/pipelines/dependencies/*' - '/**/*.md' variables: From e58de3e86b87946c9a0285116c36096f7bab0c41 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:15:47 +0200 Subject: [PATCH 26/42] Updated readm --- modules/Microsoft.Cache/redis/readme.md | 159 +++++++++++++++++++++++- 1 file changed, 154 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 68fada256d..291fe3d483 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -7,6 +7,7 @@ This module deploys a Redis Cache service. - [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) +- [Deployment examples](#Deployment-examples) ## Resource Types @@ -38,7 +39,7 @@ This module deploys a Redis Cache service. | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `family` | string | `'C'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | +| `family` | string | `'P'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | @@ -49,7 +50,7 @@ This module deploys a Redis Cache service. | `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | +| `skuName` | string | `'Premium'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | | `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | | `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1 | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | @@ -229,8 +230,156 @@ userAssignedIdentities: { | Output Name | Type | Description | | :-- | :-- | :-- | | `hostName` | string | Redis host name. | -| `name` | string | The name of the graph. | -| `resourceGroupName` | string | The name of the resource group the graph was created in. | -| `resourceId` | string | The resource ID of the graph. | +| `name` | string | The resource name | +| `resourceGroupName` | string | The name of the resource group the Redis cache was created in. | +| `resourceId` | string | The resource id | | `sslPort` | int | Redis SSL port. | | `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | + +## Deployment examples + +

Example 1

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-redis-full-001" + }, + "capacity": { + "value": 2 + }, + "diagnosticLogCategoriesToEnable": { + "value": [ + "ApplicationGatewayAccessLog", + "ApplicationGatewayFirewallLog" + ] + }, + "diagnosticMetricsToEnable": { + "value": [ + "AllMetrics" + ] + }, + "enableNonSslPort": { + "value": true + }, + "family": { + "value": "P" + }, + "lock": { + "value": "CanNotDelete" + }, + "minimumTlsVersion": { + "value": "1.2" + }, + "diagnosticSettingsName": { + "value": "redisdiagnostics" + }, + "publicNetworkAccess": { + "value": "Enabled" + }, + "redisVersion": { + "value": "6" + }, + "skuName": { + "value": "Premium" + }, + "systemAssignedIdentity": { + "value": true + }, + "shardCount": { + "value": 1 + }, + "tags": { + "value": { + "resourceType": "Redis Cache" + } + }, + "enableDefaultTelemetry": { + "value": false + } + } +} +``` + +
+ +
+ +via Bicep module + +```bicep +module redis './Microsoft.Cache/redis/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-redis' + params: { + name: '<>-az-redis-full-001' + capacity: 2 + diagnosticLogCategoriesToEnable: [ + 'ApplicationGatewayAccessLog' + 'ApplicationGatewayFirewallLog' + ] + diagnosticMetricsToEnable: [ + 'AllMetrics' + ] + enableNonSslPort: true + family: 'P' + lock: 'CanNotDelete' + minimumTlsVersion: '1.2' + diagnosticSettingsName: 'redisdiagnostics' + publicNetworkAccess: 'Enabled' + redisVersion: '6' + skuName: 'Premium' + systemAssignedIdentity: true + shardCount: 1 + tags: { + resourceType: 'Redis Cache' + } + enableDefaultTelemetry: false + } +} +``` + +
+

+ +

Example 2

+ +
+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-redis-min-001" + } + } +} +``` + +
+ +
+ +via Bicep module + +```bicep +module redis './Microsoft.Cache/redis/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-redis' + params: { + name: '<>-az-redis-min-001' + } +} +``` + +
+

From a6fc76eb56ed7e2a19df4a9345670fec4f188f81 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:19:56 +0200 Subject: [PATCH 27/42] Updated template --- .azuredevops/modulePipelines/ms.cache.redis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.azuredevops/modulePipelines/ms.cache.redis.yml b/.azuredevops/modulePipelines/ms.cache.redis.yml index 6fee816793..2b2eacf3bd 100644 --- a/.azuredevops/modulePipelines/ms.cache.redis.yml +++ b/.azuredevops/modulePipelines/ms.cache.redis.yml @@ -38,17 +38,17 @@ stages: - stage: Validation displayName: Static validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModulePester.yml - stage: Deployment displayName: Deployment validation jobs: - - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml + - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml parameters: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - - path: $(modulePath)/.parameters/min.parameters.json - - path: $(modulePath)/.parameters/full.parameters.json + - path: $(modulePath)/.test/min.parameters.json + - path: $(modulePath)/.test/full.parameters.json - stage: Publishing displayName: Publishing From ed03fa3803d1332eec785c05e81603fdeef0947a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:25:55 +0200 Subject: [PATCH 28/42] Updated readme --- modules/Microsoft.Cache/redis/deploy.bicep | 15 +++++++++------ modules/Microsoft.Cache/redis/readme.md | 13 +++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 1c241e2c90..b2b4b17005 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -49,7 +49,7 @@ param redisConfiguration object = {} '4' '6' ]) -@description('Optional. Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6)') +@description('Optional. Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6).') param redisVersion string = '6' @minValue(1) @@ -80,7 +80,7 @@ param capacity int = 0 'C' 'P' ]) -@description('Optional. The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium).') +@description('Optional. The SKU family to use. (C = Basic/Standard, P = Premium).') param family string = 'P' @allowed([ @@ -88,13 +88,13 @@ param family string = 'P' 'Premium' 'Standard' ]) -@description('Optional. The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium)') +@description('Optional. The type of Redis cache to deploy.') param skuName string = 'Premium' @description('Optional. Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default.') param staticIP string = '' -@description('Optional. The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1') +@description('Optional. The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1.') param subnetId string = '' @description('Optional. A dictionary of tenant settings.') @@ -240,10 +240,10 @@ module redisCache_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) } }] -@description('The resource name') +@description('The resource name.') output name string = redisCache.name -@description('The resource id') +@description('The resource id.') output resourceId string = redisCache.id @description('The name of the resource group the Redis cache was created in.') @@ -257,3 +257,6 @@ output sslPort int = redisCache.properties.sslPort @description('The full resource ID of a subnet in a virtual network where the Redis cache was deployed in.') output subnetId int = redisCache.properties.subnetId + +@description('The location the resource was deployed into.') +output location string = redisCache.location diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 291fe3d483..5c0c76cf78 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -39,20 +39,20 @@ This module deploys a Redis Cache service. | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `family` | string | `'P'` | `[C, P]` | The SKU family to use. Valid values: (C, P). (C = Basic/Standard, P = Premium). | +| `family` | string | `'P'` | `[C, P]` | The SKU family to use. (C = Basic/Standard, P = Premium). | | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | | `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | -| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6) | +| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | | `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | | `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Premium'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. Valid values: (Basic, Standard, Premium) | +| `skuName` | string | `'Premium'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | | `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | -| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1 | +| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | @@ -230,9 +230,10 @@ userAssignedIdentities: { | Output Name | Type | Description | | :-- | :-- | :-- | | `hostName` | string | Redis host name. | -| `name` | string | The resource name | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The resource name. | | `resourceGroupName` | string | The name of the resource group the Redis cache was created in. | -| `resourceId` | string | The resource id | +| `resourceId` | string | The resource id. | | `sslPort` | int | Redis SSL port. | | `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | From a8c7d7a51aba551940710b93ca970908d17dbccf Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 15:39:38 +0200 Subject: [PATCH 29/42] pdated default --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- modules/Microsoft.Cache/redis/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index b2b4b17005..4818e1546a 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -74,7 +74,7 @@ param shardCount int = 1 6 ]) @description('Optional. The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4).') -param capacity int = 0 +param capacity int = 1 @allowed([ 'C' diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 5c0c76cf78..5351d73614 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -28,7 +28,7 @@ This module deploys a Redis Cache service. **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `0` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| `capacity` | int | `1` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | | `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | `diagnosticLogCategoriesToEnable` | array | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | `[ApplicationGatewayAccessLog, ApplicationGatewayPerformanceLog, ApplicationGatewayFirewallLog]` | The name of logs that will be streamed. | From 5157f353e2df4de68ce808ac7e68fae864b03df5 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 4 Jul 2022 16:41:59 +0200 Subject: [PATCH 30/42] Updated output --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- modules/Microsoft.Cache/redis/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 4818e1546a..9cfeb0582e 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -256,7 +256,7 @@ output hostName string = redisCache.properties.hostName output sslPort int = redisCache.properties.sslPort @description('The full resource ID of a subnet in a virtual network where the Redis cache was deployed in.') -output subnetId int = redisCache.properties.subnetId +output subnetId string = !empty(subnetId) ? redisCache.properties.subnetId : '' @description('The location the resource was deployed into.') output location string = redisCache.location diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 5351d73614..71d614bc41 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -235,7 +235,7 @@ userAssignedIdentities: { | `resourceGroupName` | string | The name of the resource group the Redis cache was created in. | | `resourceId` | string | The resource id. | | `sslPort` | int | Redis SSL port. | -| `subnetId` | int | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | +| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis cache was deployed in. | ## Deployment examples From fcf159e4601825be7356389dca161e2bfea12948 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 11:40:09 +0200 Subject: [PATCH 31/42] Formatted roles --- modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep index edfbb04b7e..96d8d307df 100644 --- a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -22,9 +22,9 @@ param principalType string = '' param description string = '' var builtInRoleNames = { - Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') @@ -35,7 +35,7 @@ var builtInRoleNames = { 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - masterreader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') + 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') From aa84adaa020060ffa6f02396f1875fcb7fcf09a8 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 11 Jul 2022 11:40:44 +0200 Subject: [PATCH 32/42] Update modules/Microsoft.Cache/redis/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- modules/Microsoft.Cache/redis/deploy.bicep | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 9cfeb0582e..15f59d4bd2 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -35,12 +35,13 @@ param enableNonSslPort bool = false @description('Optional. Specify the type of lock.') param minimumTlsVersion string = '1.2' +@description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') @allowed([ - 'Disabled' + '' 'Enabled' + 'Disabled' ]) -@description('Optional. Control permission for data plane traffic coming from public networks while private endpoint is enabled.') -param publicNetworkAccess string = 'Enabled' +param publicNetworkAccess string = '' @description('Optional. All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc.') param redisConfiguration object = {} From 853a25e133dde2e3893b167f99d53c493b67eb2b Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 11 Jul 2022 11:40:52 +0200 Subject: [PATCH 33/42] Update modules/Microsoft.Cache/redis/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 15f59d4bd2..dbacfad9be 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -190,7 +190,7 @@ resource redisCache 'Microsoft.Cache/redis@2021-06-01' = { properties: { enableNonSslPort: enableNonSslPort minimumTlsVersion: minimumTlsVersion - publicNetworkAccess: publicNetworkAccess + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) redisConfiguration: !empty(redisConfiguration) ? redisConfiguration : null redisVersion: redisVersion replicasPerMaster: skuName == 'Premium' ? replicasPerMaster : null From 7a8de2ec5057028a18975132860cf26c40139acb Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 11:41:37 +0200 Subject: [PATCH 34/42] Renamed param --- .azuredevops/modulePipelines/ms.cache.redis.yml | 2 +- .../redis/.test/{full.parameters.json => parameters.json} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename modules/Microsoft.Cache/redis/.test/{full.parameters.json => parameters.json} (100%) diff --git a/.azuredevops/modulePipelines/ms.cache.redis.yml b/.azuredevops/modulePipelines/ms.cache.redis.yml index 2b2eacf3bd..c0901821d4 100644 --- a/.azuredevops/modulePipelines/ms.cache.redis.yml +++ b/.azuredevops/modulePipelines/ms.cache.redis.yml @@ -48,7 +48,7 @@ stages: removeDeployment: '${{ parameters.removeDeployment }}' deploymentBlocks: - path: $(modulePath)/.test/min.parameters.json - - path: $(modulePath)/.test/full.parameters.json + - path: $(modulePath)/.test/parameters.json - stage: Publishing displayName: Publishing diff --git a/modules/Microsoft.Cache/redis/.test/full.parameters.json b/modules/Microsoft.Cache/redis/.test/parameters.json similarity index 100% rename from modules/Microsoft.Cache/redis/.test/full.parameters.json rename to modules/Microsoft.Cache/redis/.test/parameters.json From 42a8cfa124fb6ea0796df999e26b69b95a3b90dc Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 11:46:04 +0200 Subject: [PATCH 35/42] Added private endpoints --- .../redis/.test/parameters.json | 9 +- modules/Microsoft.Cache/redis/deploy.bicep | 25 +++ modules/Microsoft.Cache/redis/readme.md | 170 +++++++++++++----- 3 files changed, 162 insertions(+), 42 deletions(-) diff --git a/modules/Microsoft.Cache/redis/.test/parameters.json b/modules/Microsoft.Cache/redis/.test/parameters.json index fc6dfe8a3c..361efa35e5 100644 --- a/modules/Microsoft.Cache/redis/.test/parameters.json +++ b/modules/Microsoft.Cache/redis/.test/parameters.json @@ -54,8 +54,13 @@ "resourceType": "Redis Cache" } }, - "enableDefaultTelemetry": { - "value": false + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "redisCache" + } + ] } } } diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index dbacfad9be..6f5b3cc237 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -101,6 +101,9 @@ param subnetId string = '' @description('Optional. A dictionary of tenant settings.') param tenantSettings object = {} +@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints array = [] + @description('Optional. The name of the diagnostic setting, if deployed.') param diagnosticSettingsName string = '${name}-diagnosticSettings' @@ -170,6 +173,8 @@ var identity = { userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null } +var enableReferencedModulesTelemetry = false + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' properties: { @@ -241,6 +246,26 @@ module redisCache_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) } }] +module redisCache_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { + name: '${uniqueString(deployment().name, location)}-redisCache-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.service + ] + name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(redisCache.id, '/'))}-${privateEndpoint.service}-${index}' + serviceResourceId: redisCache.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: enableReferencedModulesTelemetry + location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock + privateDnsZoneGroups: contains(privateEndpoint, 'privateDnsZoneGroups') ? privateEndpoint.privateDnsZoneGroups : [] + roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] + tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} + manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] + customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] + } +}] + @description('The resource name.') output name string = redisCache.name diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 71d614bc41..dd6cc8edea 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -17,6 +17,8 @@ This module deploys a Redis Cache service. | `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | | `Microsoft.Cache/redis` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Cache/2021-06-01/redis) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints/privateDnsZoneGroups) | ## Parameters @@ -43,7 +45,8 @@ This module deploys a Redis Cache service. | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | | `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | | `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | @@ -225,6 +228,83 @@ userAssignedIdentities: {

+### Parameter Usage: `privateEndpoints` + +To use Private Endpoint the following dependencies must be deployed: + +- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. +- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. + +

+ +Parameter JSON format + +```json +"privateEndpoints": { + "value": [ + // Example showing all available fields + { + "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "<>", // e.g. vault, registry, file, blob, queue, table etc. + "privateDnsZoneResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net" + ], + "customDnsConfigs": [ // Optional + { + "fqdn": "customname.test.local", + "ipAddresses": [ + "10.10.10.10" + ] + } + ] + }, + // Example showing only mandatory fields + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "<>" // e.g. vault, registry, file, blob, queue, table etc. + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +privateEndpoints: [ + // Example showing all available fields + { + name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '<>' // e.g. vault registry file blob queue table etc. + privateDnsZoneResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net' + ] + // Optional + customDnsConfigs: [ + { + fqdn: 'customname.test.local' + ipAddresses: [ + '10.10.10.10' + ] + } + ] + } + // Example showing only mandatory fields + { + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '<>' // e.g. vault registry file blob queue table etc. + } +] +``` + +
+

+ ## Outputs | Output Name | Type | Description | @@ -245,6 +325,42 @@ userAssignedIdentities: {

via JSON Parameter file +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-az-redis-min-001" + } + } +} +``` + + + +
+ +via Bicep module + +```bicep +module redis './Microsoft.Cache/redis/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-redis' + params: { + name: '<>-az-redis-min-001' + } +} +``` + +
+

+ +

Example 2

+ +
+ +via JSON Parameter file + ```json { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", @@ -302,8 +418,13 @@ userAssignedIdentities: { "resourceType": "Redis Cache" } }, - "enableDefaultTelemetry": { - "value": false + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "redisCache" + } + ] } } } @@ -341,43 +462,12 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { tags: { resourceType: 'Redis Cache' } - enableDefaultTelemetry: false - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-redis-min-001" - } - } -} -``` - -
- -
- -via Bicep module - -```bicep -module redis './Microsoft.Cache/redis/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-redis' - params: { - name: '<>-az-redis-min-001' + privateEndpoints: [ + { + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + service: 'redisCache' + } + ] } } ``` From 8ec4eb1bc6bcb42e623b588bc3de0af0e4275e51 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 11:48:10 +0200 Subject: [PATCH 36/42] Switched to basic sku --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- modules/Microsoft.Cache/redis/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 6f5b3cc237..38dcb0e217 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -90,7 +90,7 @@ param family string = 'P' 'Standard' ]) @description('Optional. The type of Redis cache to deploy.') -param skuName string = 'Premium' +param skuName string = 'Basic' @description('Optional. Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default.') param staticIP string = '' diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index dd6cc8edea..88f7223ff7 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -53,7 +53,7 @@ This module deploys a Redis Cache service. | `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Premium'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | +| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | | `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | | `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | From 8545482d8ae4cee3a140d758a741f531b21ccf13 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 12:13:48 +0200 Subject: [PATCH 37/42] Adjusted family property --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 38dcb0e217..990511c0a6 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -203,7 +203,7 @@ resource redisCache 'Microsoft.Cache/redis@2021-06-01' = { shardCount: family == 'P' ? shardCount : null // Not supported in free tier sku: { capacity: capacity - family: family + family: skuName == 'Premium' ? family : any(null) name: skuName } staticIP: !empty(staticIP) ? staticIP : null From 5f8bf4903637ebf66a0a683722bd8ae1ba096bd7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 12:36:42 +0200 Subject: [PATCH 38/42] Refactored family parameter --- modules/Microsoft.Cache/redis/.test/parameters.json | 3 --- modules/Microsoft.Cache/redis/deploy.bicep | 11 ++--------- modules/Microsoft.Cache/redis/readme.md | 5 ----- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/modules/Microsoft.Cache/redis/.test/parameters.json b/modules/Microsoft.Cache/redis/.test/parameters.json index 361efa35e5..4910c49871 100644 --- a/modules/Microsoft.Cache/redis/.test/parameters.json +++ b/modules/Microsoft.Cache/redis/.test/parameters.json @@ -22,9 +22,6 @@ "enableNonSslPort": { "value": true }, - "family": { - "value": "P" - }, "lock": { "value": "CanNotDelete" }, diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 990511c0a6..3a357fd229 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -77,13 +77,6 @@ param shardCount int = 1 @description('Optional. The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4).') param capacity int = 1 -@allowed([ - 'C' - 'P' -]) -@description('Optional. The SKU family to use. (C = Basic/Standard, P = Premium).') -param family string = 'P' - @allowed([ 'Basic' 'Premium' @@ -200,10 +193,10 @@ resource redisCache 'Microsoft.Cache/redis@2021-06-01' = { redisVersion: redisVersion replicasPerMaster: skuName == 'Premium' ? replicasPerMaster : null replicasPerPrimary: skuName == 'Premium' ? replicasPerPrimary : null - shardCount: family == 'P' ? shardCount : null // Not supported in free tier + shardCount: skuName == 'Premium' ? shardCount : null // Not supported in free tier sku: { capacity: capacity - family: skuName == 'Premium' ? family : any(null) + family: skuName == 'Premium' ? 'P' : 'C' name: skuName } staticIP: !empty(staticIP) ? staticIP : null diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 88f7223ff7..7e27e07e12 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -41,7 +41,6 @@ This module deploys a Redis Cache service. | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | | `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `family` | string | `'P'` | `[C, P]` | The SKU family to use. (C = Basic/Standard, P = Premium). | | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | @@ -386,9 +385,6 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { "enableNonSslPort": { "value": true }, - "family": { - "value": "P" - }, "lock": { "value": "CanNotDelete" }, @@ -450,7 +446,6 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { 'AllMetrics' ] enableNonSslPort: true - family: 'P' lock: 'CanNotDelete' minimumTlsVersion: '1.2' diagnosticSettingsName: 'redisdiagnostics' From 6e5557cc14685c989b8c50d2098d7e02b57354a0 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 11 Jul 2022 15:27:02 +0200 Subject: [PATCH 39/42] Update modules/Microsoft.Cache/redis/deploy.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 3a357fd229..58a36fe4c8 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -94,7 +94,7 @@ param subnetId string = '' @description('Optional. A dictionary of tenant settings.') param tenantSettings object = {} -@description('Optional. Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints array = [] @description('Optional. The name of the diagnostic setting, if deployed.') From be76c104f0bab9f8476893b777e09a90c72a914a Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 15:32:01 +0200 Subject: [PATCH 40/42] Updated desc --- modules/Microsoft.Cache/redis/deploy.bicep | 2 +- modules/Microsoft.Cache/redis/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index 3a357fd229..5844ead615 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -32,7 +32,7 @@ param enableNonSslPort bool = false '1.1' '1.2' ]) -@description('Optional. Specify the type of lock.') +@description('Optional. Requires clients to use a specified TLS version (or higher) to connect.') param minimumTlsVersion string = '1.2' @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 7e27e07e12..579a5adbd4 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -43,7 +43,7 @@ This module deploys a Redis Cache service. | `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Specify the type of lock. | +| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | From cab439b0bd6706d6d1ea56a3575044be3caae13c Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 15:32:34 +0200 Subject: [PATCH 41/42] Updated docs --- modules/Microsoft.Cache/redis/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 579a5adbd4..36d14ec9ed 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -44,7 +44,7 @@ This module deploys a Redis Cache service. | `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | | `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | | `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `''` | `[, Enabled, Disabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | | `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | From 80490082421c08c893dbdd03dd3e50a1e7ba98e0 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 11 Jul 2022 15:48:20 +0200 Subject: [PATCH 42/42] Updated rbac roles --- modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep index 96d8d307df..097cde9265 100644 --- a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -25,24 +25,17 @@ var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Cluster Create': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a7b1b19a-0e83-4fe5-935c-faaefbfd18c3') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Azure Service Deploy Release Management Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '21d96096-b162-414a-8302-d8354f9d91b2') - 'CAL-Custom-Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b266cd7-0bba-4ae2-8423-90ede5e1e898') - 'ExpressRoute Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7896-14b4-4889-afef-fbb65a96e5a2') 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'masterreader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a48d7796-14b4-4889-afef-fbb65a93e5a2') 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') + 'Redis Cache Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e0f68234-74aa-48ed-b826-c38b57376e17') 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') } resource redisCache 'Microsoft.Cache/redis@2021-06-01' existing = {