From 54dd924d452f33ca44fbcc0f278430e462bd5362 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 09:20:22 +0200 Subject: [PATCH 01/19] Diverse updates --- .../resourceDeployment/New-TemplateDeployment.ps1 | 12 ++++++++++++ .../resourceDeployment/Test-TemplateDeployment.ps1 | 2 +- .../resourceRemoval/Initialize-DeploymentRemoval.ps1 | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 b/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 index ea77202a1c..c882866976 100644 --- a/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 +++ b/utilities/pipelines/resourceDeployment/New-TemplateDeployment.ps1 @@ -252,6 +252,18 @@ function New-DeploymentWithParameterFile { $Stoploop = $true } } + if ($res.ProvisioningState -eq 'Failed') { + # Deployment failed but no exception was thrown. Hence we must do it for the command. + + $errorInputObject = @{ + DeploymentScope = $deploymentScope + DeploymentName = $deploymentName + ResourceGroupName = $resourceGroupName + } + $exceptionMessage = Get-ErrorMessageForScope @errorInputObject + + throw "Deployed failed with provisioning state [Failed]. Error Message: [$exceptionMessage]. Please review the Azure logs of deployment [$deploymentName] in scope [$deploymentScope] for further details." + } $Stoploop = $true } catch { if ($retryCount -ge $retryLimit) { diff --git a/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 b/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 index 0601075f47..168d8ccb2d 100644 --- a/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 +++ b/utilities/pipelines/resourceDeployment/Test-TemplateDeployment.ps1 @@ -121,7 +121,7 @@ function Test-TemplateDeployment { } if (-not (Get-AzResourceGroup -Name $resourceGroupName -ErrorAction 'SilentlyContinue')) { if ($PSCmdlet.ShouldProcess("Resource group [$resourceGroupName] in location [$location]", 'Create')) { - New-AzResourceGroup -Name $resourceGroupName -Location $location + $null = New-AzResourceGroup -Name $resourceGroupName -Location $location } } if ($PSCmdlet.ShouldProcess('Resource group level deployment', 'Test')) { diff --git a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 index af78109452..5aeca89f0a 100644 --- a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 +++ b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 @@ -66,6 +66,7 @@ function Initialize-DeploymentRemoval { 'Microsoft.Network/privateEndpoints', 'Microsoft.OperationsManagement/solutions', 'Microsoft.OperationalInsights/workspaces/linkedServices', + 'Microsoft.OperationalInsights/workspaces' 'Microsoft.Resources/resourceGroups', 'Microsoft.Compute/virtualMachines' ) From eef25d74f1da61a64dffe6a27805140770621dc2 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 09:24:05 +0200 Subject: [PATCH 02/19] Added parameter folder search param --- .../sharedScripts/Get-ModuleTestFileList.ps1 | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 index c219156f83..af1ddc40e2 100644 --- a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 +++ b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 @@ -9,22 +9,33 @@ The relative path is returned instead of the full one to make paths easier to re .PARAMETER ModulePath Mandatory. The module path to search in. +.PARAMETER SearchFolder +Optional. The folder to search for files in + .EXAMPLE Get-ModuleTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' -Returns the relative file paths of all parameter files of the virtual machines module. +Returns the relative file paths of all parameter files of the virtual machines module in folder '.test'. + +.EXAMPLE +Get-ModuleTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' -SearchFolder 'parameters' + +Returns the relative file paths of all parameter files of the virtual machines module in folder 'parameters'. #> function Get-ModuleTestFileList { [CmdletBinding()] param ( [Parameter(Mandatory)] - [string] $ModulePath + [string] $ModulePath, + + [Parameter(Mandatory = $false)] + [string] $SearchFolder = '.test' ) $deploymentTests = @() - if (Test-Path (Join-Path $ModulePath '.test')) { - $deploymentTests += (Get-ChildItem -Path (Join-Path $ModulePath '.test') -Depth 0 -Include ('*.json', '*.bicep') -File).FullName + if (Test-Path (Join-Path $ModulePath $SearchFolder)) { + $deploymentTests += (Get-ChildItem -Path (Join-Path $ModulePath $SearchFolder) -Depth 0 -Include ('*.json', '*.bicep') -File).FullName } if (-not $deploymentTests) { From 3a7153eb7364735737113c295b017627234ed5a4 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 09:28:43 +0200 Subject: [PATCH 03/19] Updated naming --- utilities/tools/Test-ModuleLocally.ps1 | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index b21a2ff944..00c6a93d81 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -74,7 +74,7 @@ $TestModuleLocallyInput = @{ } Test-ModuleLocally @TestModuleLocallyInput -Verbose -Run all Pesters test for a given template and a Test-Az*Deployment using each parameter file in the module's parameter folder in combination with the template and the provided tokens +Run all Pesters test for a given template and a Test-Az*Deployment using each test file in the module's .test folder in combination with the template and the provided tokens .EXAMPLE @@ -171,7 +171,7 @@ function Test-ModuleLocally { Invoke-Pester -Configuration @{ Run = @{ Container = New-PesterContainer -Path (Join-Path $repoRootPath $moduleTestFilePath) -Data @{ - repoRootPath = $repoRootPath + repoRootPath = $repoRootPath moduleFolderPaths = Split-Path $TemplateFilePath -Parent enforcedTokenList = $enforcedTokenList } @@ -193,9 +193,9 @@ function Test-ModuleLocally { # Find Test Parameter Files # ------------------------- if ((Get-Item -Path $testFilePath) -is [System.IO.DirectoryInfo]) { - $ModuleParameterFiles = (Get-ChildItem -Path $testFilePath).FullName + $moduleTestFiles = (Get-ChildItem -Path $testFilePath).FullName } else { - $ModuleParameterFiles = @($testFilePath) + $moduleTestFiles = @($testFilePath) } # Replace parameter file tokens @@ -234,7 +234,7 @@ function Test-ModuleLocally { } # Invoke Token Replacement Functionality and Convert Tokens in Parameter Files - $ModuleParameterFiles | ForEach-Object { $null = Convert-TokensInFile @ConvertTokensInputs -FilePath $_ } + $moduleTestFiles | ForEach-Object { $null = Convert-TokensInFile @ConvertTokensInputs -FilePath $_ } # Deployment & Validation Testing # ------------------------------- @@ -251,9 +251,9 @@ function Test-ModuleLocally { # ----------------- if ($ValidationTest) { # Loop through test parameter files - foreach ($paramFilePath in $moduleParameterFiles) { - Write-Verbose ('Validating module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $paramFilePath -Leaf)) -Verbose - Test-TemplateDeployment @functionInput -ParameterFilePath $paramFilePath + foreach ($moduleTestFile in $moduleTestFiles) { + Write-Verbose ('Validating module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + Test-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } @@ -263,10 +263,10 @@ function Test-ModuleLocally { if ($DeploymentTest) { $functionInput['retryLimit'] = 1 # Overwrite default of 3 # Loop through test parameter files - foreach ($paramFilePath in $moduleParameterFiles) { - Write-Verbose ('Deploy module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $paramFilePath -Leaf)) -Verbose - if ($PSCmdlet.ShouldProcess(('Module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $paramFilePath -Leaf)), 'Deploy')) { - New-TemplateDeployment @functionInput -ParameterFilePath $paramFilePath + foreach ($moduleTestFile in $moduleTestFiles) { + Write-Verbose ('Deploy module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + if ($PSCmdlet.ShouldProcess(('Module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { + New-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } } @@ -278,7 +278,7 @@ function Test-ModuleLocally { if (($ValidationTest -or $DeploymentTest) -and $ValidateOrDeployParameters) { # Replace Values with Tokens For Repo Updates Write-Verbose 'Restoring Tokens' - $ModuleParameterFiles | ForEach-Object { $null = Convert-TokensInFile @ConvertTokensInputs -FilePath $_ -SwapValueWithName $true } + $moduleTestFiles | ForEach-Object { $null = Convert-TokensInFile @ConvertTokensInputs -FilePath $_ -SwapValueWithName $true } } } } From 72c14a3e49ad968af84b671e6a4fcddf83f95c7f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 12:58:08 +0200 Subject: [PATCH 04/19] Switched dependency disk encry key vault --- .../diskEncryptionSets/parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json index 9e9aa46c42..cd103ce27a 100644 --- a/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json @@ -6,7 +6,7 @@ "value": "adp-<>-az-des-x-001" }, "keyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" }, "keyName": { "value": "keyEncryptionKey" From e1bcd3b0944955a14e56829628d1f77ab389032f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 13:06:46 +0200 Subject: [PATCH 05/19] Update to latest --- .../diskEncryptionSets/parameters/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json b/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json index cd103ce27a..9e9aa46c42 100644 --- a/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json +++ b/utilities/pipelines/dependencies/Microsoft.Compute/diskEncryptionSets/parameters/parameters.json @@ -6,7 +6,7 @@ "value": "adp-<>-az-des-x-001" }, "keyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" }, "keyName": { "value": "keyEncryptionKey" From 82f8a8a2ec440e795fd9a89bc2df2bdbbe6f4e7d Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 16 Jul 2022 20:46:57 +0200 Subject: [PATCH 06/19] Update to latest --- docs/wiki/The CI environment - Pipeline design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/The CI environment - Pipeline design.md b/docs/wiki/The CI environment - Pipeline design.md index d431aa45a6..5387874d78 100644 --- a/docs/wiki/The CI environment - Pipeline design.md +++ b/docs/wiki/The CI environment - Pipeline design.md @@ -118,7 +118,7 @@ In addition to module pipelines, the repository includes several platform pipeli ## Dependencies pipeline -In order to successfully run module pipelines to validate and publish CARML modules to the target environment, certain Azure resources need to be deployed beforehand. +In order to successfully run module pipelines to validate and publish CARML modules to the target environment, certain Azure resources may need to be deployed beforehand. For example, any instance of the \[Virtual Machine] module needs an existing virtual network to be connected to and a Key Vault hosting its required local admin credentials to be referenced. From 49ffa65e0e26b8e057e5aec647a380f9b9a1f14f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 08:50:56 +0200 Subject: [PATCH 07/19] Updated authorization namespace readme --- .../policyAssignments/managementGroup/readme.md | 2 +- .../policyAssignments/resourceGroup/readme.md | 2 +- .../policyAssignments/subscription/readme.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md index ce314b3a1a..2f54ac5035 100644 --- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md @@ -22,7 +22,6 @@ With this module you can perform policy assignments on a management group level. | :-- | :-- | :-- | | `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | | `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | -| `roleDefinitionIds` | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | @@ -38,6 +37,7 @@ With this module you can perform policy assignments on a management group level. | `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | +| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | | `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md index a96aa580cc..8e9573d5e2 100644 --- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md @@ -22,7 +22,6 @@ With this module you can perform policy assignments on a resource group level | :-- | :-- | :-- | | `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | | `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | -| `roleDefinitionIds` | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | @@ -38,6 +37,7 @@ With this module you can perform policy assignments on a resource group level | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | | `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | +| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | | `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | | `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md index b2b2ce58a5..15f71c7f10 100644 --- a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md @@ -22,7 +22,6 @@ With this module you can perform policy assignments on a subscription level. | :-- | :-- | :-- | | `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | | `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | -| `roleDefinitionIds` | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | @@ -37,6 +36,7 @@ With this module you can perform policy assignments on a subscription level. | `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | | `notScopes` | array | `[]` | | The policy excluded scopes. | | `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | +| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | | `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | | `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | From b522d0568770fa1c40e150fd3d2b6eb52c6e44bd Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 08:58:17 +0200 Subject: [PATCH 08/19] Updated Cache Readme --- modules/Microsoft.Cache/redis/readme.md | 126 +++++++++++++----------- 1 file changed, 68 insertions(+), 58 deletions(-) diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 36d14ec9ed..dc9e7ee61a 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -318,7 +318,27 @@ privateEndpoints: [ ## Deployment examples -

Example 1

+The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +

Example 1: Min

+ +
+ +via Bicep module + +```bicep +module redis './Microsoft.Cache/redis/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-redis' + params: { + name: '<>-az-redis-min-001' + } +} +``` + +
+

@@ -337,6 +357,9 @@ privateEndpoints: [ ```
+

+ +

Example 2: Parameters

@@ -346,7 +369,35 @@ privateEndpoints: [ module redis './Microsoft.Cache/redis/deploy.bicep' = { name: '${uniqueString(deployment().name)}-redis' params: { - name: '<>-az-redis-min-001' + // Required parameters + name: '<>-az-redis-full-001' + // Non-required parameters + capacity: 2 + diagnosticLogCategoriesToEnable: [ + 'ApplicationGatewayAccessLog' + 'ApplicationGatewayFirewallLog' + ] + diagnosticMetricsToEnable: [ + 'AllMetrics' + ] + diagnosticSettingsName: 'redisdiagnostics' + enableNonSslPort: true + lock: 'CanNotDelete' + minimumTlsVersion: '1.2' + privateEndpoints: [ + { + service: 'redisCache' + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + } + ] + publicNetworkAccess: 'Enabled' + redisVersion: '6' + shardCount: 1 + skuName: 'Premium' + systemAssignedIdentity: true + tags: { + resourceType: 'Redis Cache' + } } } ``` @@ -354,8 +405,6 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = {

-

Example 2

-
via JSON Parameter file @@ -365,9 +414,11 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { + // Required parameters "name": { "value": "<>-az-redis-full-001" }, + // Non-required parameters "capacity": { "value": 2 }, @@ -382,6 +433,9 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { "AllMetrics" ] }, + "diagnosticSettingsName": { + "value": "redisdiagnostics" + }, "enableNonSslPort": { "value": true }, @@ -391,8 +445,13 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { "minimumTlsVersion": { "value": "1.2" }, - "diagnosticSettingsName": { - "value": "redisdiagnostics" + "privateEndpoints": { + "value": [ + { + "service": "redisCache", + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + } + ] }, "publicNetworkAccess": { "value": "Enabled" @@ -400,72 +459,23 @@ module redis './Microsoft.Cache/redis/deploy.bicep' = { "redisVersion": { "value": "6" }, + "shardCount": { + "value": 1 + }, "skuName": { "value": "Premium" }, "systemAssignedIdentity": { "value": true }, - "shardCount": { - "value": 1 - }, "tags": { "value": { "resourceType": "Redis Cache" } - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "redisCache" - } - ] } } } ``` -
- -
- -via Bicep module - -```bicep -module redis './Microsoft.Cache/redis/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-redis' - params: { - name: '<>-az-redis-full-001' - capacity: 2 - diagnosticLogCategoriesToEnable: [ - 'ApplicationGatewayAccessLog' - 'ApplicationGatewayFirewallLog' - ] - diagnosticMetricsToEnable: [ - 'AllMetrics' - ] - enableNonSslPort: true - lock: 'CanNotDelete' - minimumTlsVersion: '1.2' - diagnosticSettingsName: 'redisdiagnostics' - publicNetworkAccess: 'Enabled' - redisVersion: '6' - skuName: 'Premium' - systemAssignedIdentity: true - shardCount: 1 - tags: { - resourceType: 'Redis Cache' - } - privateEndpoints: [ - { - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - service: 'redisCache' - } - ] - } -} -``` -

From cfff8dbff7aa53b62faf5fcf0c80bca0243a8124 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 09:03:24 +0200 Subject: [PATCH 09/19] Updated VM readme --- modules/Microsoft.Compute/virtualMachines/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md index 2577539230..cb958231cd 100644 --- a/modules/Microsoft.Compute/virtualMachines/readme.md +++ b/modules/Microsoft.Compute/virtualMachines/readme.md @@ -22,7 +22,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/networkInterfaces` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/networkInterfaces) | | `Microsoft.Network/publicIPAddresses` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/publicIPAddresses) | -| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2021-06-01/vaults/backupFabrics/protectionContainers/protectedItems) | +| `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2022-02-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-02-01/vaults/backupFabrics/protectionContainers/protectedItems) | ## Parameters From 48ec067f1f846b46df68e0bae11655f4c6732250 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 09:04:48 +0200 Subject: [PATCH 10/19] Updated AKS readme --- .../managedClusters/agentPools/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md index 2029231f50..146ac90b85 100644 --- a/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/agentPools/readme.md @@ -29,7 +29,7 @@ This module deploys an Agent Pool for a Container Service Managed Cluster **Optional parameters** | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | -| `availabilityZones` | array | `[]` | | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets".. | +| `availabilityZones` | array | `[]` | | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". | | `count` | int | `1` | | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | | `enableAutoScaling` | bool | `False` | `[True, False]` | Whether to enable auto-scaler. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | From b7d92f839e4fee865503fa8f5ad150303cee81f6 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 09:27:21 +0200 Subject: [PATCH 11/19] Updated readme --- modules/Microsoft.SignalRService/webPubSub/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.SignalRService/webPubSub/readme.md b/modules/Microsoft.SignalRService/webPubSub/readme.md index 1b7bf13e22..3342c6ba66 100644 --- a/modules/Microsoft.SignalRService/webPubSub/readme.md +++ b/modules/Microsoft.SignalRService/webPubSub/readme.md @@ -396,7 +396,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { params: { // Required parameters name: '<>-az-pubsub-x-001' - // Additional parameters + // Non-required parameters capacity: 2 clientCertEnabled: false disableAadAuth: false @@ -465,7 +465,7 @@ module webPubSub './Microsoft.SignalRService/webPubSub/deploy.bicep' = { "name": { "value": "<>-az-pubsub-x-001" }, - // Additional parameters + // Non-required parameters "capacity": { "value": 2 }, From 238da5ff5ad90ffb76fc8476500a15f608f714b1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 17 Jul 2022 09:30:06 +0200 Subject: [PATCH 12/19] Updated docs --- modules/Microsoft.Sql/servers/readme.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index a97a414d5d..78623cef94 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -397,7 +397,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = { // Required parameters name: '<>-az-sqlsrv-x-001' // Non-required parameters - administratorLogin: kv1.getSecret('administratorLogin') + administratorLogin: 'adminUserName' administratorLoginPassword: kv1.getSecret('administratorLoginPassword') databases: [ { @@ -483,12 +483,7 @@ module servers './Microsoft.Sql/servers/deploy.bicep' = { }, // Non-required parameters "administratorLogin": { - "reference": { - "keyVault": { - "id": "/subscriptions/<>/resourceGroups/<>/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-001" - }, - "secretName": "administratorLogin" - } + "value": "adminUserName" }, "administratorLoginPassword": { "reference": { From 4fdf432d584946b85547cf6781c694166d3e28a3 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 19 Jul 2022 10:54:49 +0200 Subject: [PATCH 13/19] Update utilities/tools/Test-ModuleLocally.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/tools/Test-ModuleLocally.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index 00c6a93d81..5ac3d9dcea 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -252,7 +252,7 @@ function Test-ModuleLocally { if ($ValidationTest) { # Loop through test parameter files foreach ($moduleTestFile in $moduleTestFiles) { - Write-Verbose ('Validating module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + Write-Verbose ('Validating module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose Test-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } From 0110f3db6328c924475498282972c9e88f42221e Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 19 Jul 2022 10:55:02 +0200 Subject: [PATCH 14/19] Update utilities/tools/Test-ModuleLocally.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/tools/Test-ModuleLocally.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index 5ac3d9dcea..a92c1e86b3 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -264,7 +264,7 @@ function Test-ModuleLocally { $functionInput['retryLimit'] = 1 # Overwrite default of 3 # Loop through test parameter files foreach ($moduleTestFile in $moduleTestFiles) { - Write-Verbose ('Deploy module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + Write-Verbose ('Deploy module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose if ($PSCmdlet.ShouldProcess(('Module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { New-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } From b3049ec870f7ca4b788a4d231869c49a96200777 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 19 Jul 2022 10:55:07 +0200 Subject: [PATCH 15/19] Update utilities/tools/Test-ModuleLocally.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/tools/Test-ModuleLocally.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index a92c1e86b3..cb9d11bf42 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -265,7 +265,7 @@ function Test-ModuleLocally { # Loop through test parameter files foreach ($moduleTestFile in $moduleTestFiles) { Write-Verbose ('Deploy module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose - if ($PSCmdlet.ShouldProcess(('Module [{0}] with parameter file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { + if ($PSCmdlet.ShouldProcess(('Module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { New-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } From 2ad059e639cd9d8c72f0d0fd5b4f765dcda9c5d1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Tue, 19 Jul 2022 10:56:19 +0200 Subject: [PATCH 16/19] Minor change --- utilities/tools/Test-ModuleLocally.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index cb9d11bf42..b24e6bdfc3 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -252,7 +252,7 @@ function Test-ModuleLocally { if ($ValidationTest) { # Loop through test parameter files foreach ($moduleTestFile in $moduleTestFiles) { - Write-Verbose ('Validating module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + Write-Verbose ('Validating Module [{0}] with test file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose Test-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } @@ -264,8 +264,8 @@ function Test-ModuleLocally { $functionInput['retryLimit'] = 1 # Overwrite default of 3 # Loop through test parameter files foreach ($moduleTestFile in $moduleTestFiles) { - Write-Verbose ('Deploy module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose - if ($PSCmdlet.ShouldProcess(('Module [{0}] with test [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { + Write-Verbose ('Deploy Module [{0}] with test file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)) -Verbose + if ($PSCmdlet.ShouldProcess(('Module [{0}] with test file [{1}]' -f $ModuleName, (Split-Path $moduleTestFile -Leaf)), 'Deploy')) { New-TemplateDeployment @functionInput -ParameterFilePath $moduleTestFile } } From f2d251e7ba6660084831c0c2ceee91268e6e8d51 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 21 Jul 2022 18:24:20 +0200 Subject: [PATCH 17/19] Update utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 index af1ddc40e2..1091b0f000 100644 --- a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 +++ b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 @@ -20,7 +20,7 @@ Returns the relative file paths of all parameter files of the virtual machines m .EXAMPLE Get-ModuleTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' -SearchFolder 'parameters' -Returns the relative file paths of all parameter files of the virtual machines module in folder 'parameters'. +Returns the relative file paths of all test files of the virtual machines module in folder 'parameters'. #> function Get-ModuleTestFileList { From 48cd6e9ef527f94052233d88cc0ed04a35540647 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 21 Jul 2022 18:24:26 +0200 Subject: [PATCH 18/19] Update utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 index 1091b0f000..f2769cca1e 100644 --- a/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 +++ b/utilities/pipelines/sharedScripts/Get-ModuleTestFileList.ps1 @@ -15,7 +15,7 @@ Optional. The folder to search for files in .EXAMPLE Get-ModuleTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' -Returns the relative file paths of all parameter files of the virtual machines module in folder '.test'. +Returns the relative file paths of all test files of the virtual machines module in the default test folder ('.test'). .EXAMPLE Get-ModuleTestFileList -ModulePath 'C:\ResourceModules\arm\Microsoft.Compute\virtualMachines' -SearchFolder 'parameters' From 1ad1f422642e6a0b2fab4c3084f7e41d57319d34 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 21 Jul 2022 18:24:32 +0200 Subject: [PATCH 19/19] Update utilities/tools/Test-ModuleLocally.ps1 Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- utilities/tools/Test-ModuleLocally.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index b24e6bdfc3..d3946801eb 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -74,7 +74,7 @@ $TestModuleLocallyInput = @{ } Test-ModuleLocally @TestModuleLocallyInput -Verbose -Run all Pesters test for a given template and a Test-Az*Deployment using each test file in the module's .test folder in combination with the template and the provided tokens +Run all Pester tests for a given template and a Test-Az*Deployment using each test file in the module's default test folder ('.test') in combination with the template and the provided tokens .EXAMPLE