From 770344262ab4ed60df5207938c13a72018737100 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Tue, 30 Aug 2022 21:28:19 +0200 Subject: [PATCH 01/12] [Modules] Updated Batch/BatchAccounts to new dependency approach --- .github/workflows/ms.batch.batchaccounts.yml | 3 +- .../.test/default/dependencies.bicep | 84 ++++++++ .../.test/default/deploy.test.bicep | 79 ++++++++ .../batchAccounts/.test/encr.parameters.json | 40 ---- .../.test/encr/dependencies.bicep | 106 ++++++++++ .../.test/encr/deploy.test.bicep | 67 +++++++ .../batchAccounts/.test/min.parameters.json | 12 -- .../.test/min/dependencies.bicep | 17 ++ .../batchAccounts/.test/min/deploy.test.bicep | 46 +++++ .../batchAccounts/.test/parameters.json | 50 ----- .../Microsoft.Batch/batchAccounts/readme.md | 188 +++++++++--------- utilities/tools/Set-ModuleReadMe.ps1 | 6 +- 12 files changed, 497 insertions(+), 201 deletions(-) create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep delete mode 100644 modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep delete mode 100644 modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep create mode 100644 modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep delete mode 100644 modules/Microsoft.Batch/batchAccounts/.test/parameters.json diff --git a/.github/workflows/ms.batch.batchaccounts.yml b/.github/workflows/ms.batch.batchaccounts.yml index 65c3811250..00b9db211e 100644 --- a/.github/workflows/ms.batch.batchaccounts.yml +++ b/.github/workflows/ms.batch.batchaccounts.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep new file mode 100644 index 0000000000..7af2d81f74 --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep @@ -0,0 +1,84 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Key Vault to create.') +param keyVaultName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Storage Account to create.') +param storageAccountName string + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { + name: storageAccountName + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { + name: keyVaultName + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enablePurgeProtection: null + enabledForTemplateDeployment: true + enabledForDiskEncryption: true + enabledForDeployment: true + enableRbacAuthorization: true + accessPolicies: [] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Key Vault.') +output keyVaultResourceId string = keyVault.id + +@description('The URL of the created Key Vault.') +output keyVaultUrl string = keyVault.properties.vaultUri + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Virtual Network Subnet.') +output storageAccountResourceId string = storageAccount.id diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep new file mode 100644 index 0000000000..e82b500ff7 --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep @@ -0,0 +1,79 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'bbadef' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + storageAccountName: 'dep<>st${serviceShort}' + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + keyVaultName: 'dep-<>-kv-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + storageAccountId: resourceGroupResources.outputs.storageAccountResourceId + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + lock: 'CanNotDelete' + poolAllocationMode: 'BatchService' + privateEndpoints: [ + { + service: 'batchAccount' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId + storageAuthenticationMode: 'BatchAccountManagedIdentity' + systemAssignedIdentity: true + } +} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json deleted file mode 100644 index 35cb8e8234..0000000000 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azbaweuencr001" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "cMKKeyName": { - "value": "keyEncryptionKey" - }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "batchAccount" - } - ] - } - } -} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep new file mode 100644 index 0000000000..5bcdc03689 --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep @@ -0,0 +1,106 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Key Vault to create.') +param keyVaultName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Storage Account to create.') +param storageAccountName string + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { + name: storageAccountName + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { + name: keyVaultName + location: location + properties: { + sku: { + family: 'A' + name: 'standard' + } + tenantId: tenant().tenantId + enablePurgeProtection: true // Required by batch account + softDeleteRetentionInDays: 7 + enabledForTemplateDeployment: true + enabledForDiskEncryption: true + enabledForDeployment: true + enableRbacAuthorization: true + accessPolicies: [] + } + + resource key 'keys@2022-07-01' = { + name: 'keyEncryptionKey' + properties: { + kty: 'RSA' + } + } +} + +resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid('msi-${managedIdentity.name}-KeyVault-${keyVault.name}-Key-${keyVault::key.name}-Read-RoleAssignment') + scope: keyVault::key + properties: { + principalId: managedIdentity.properties.principalId + // Key Vault Crypto User + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') + principalType: 'ServicePrincipal' + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Key Vault.') +output keyVaultResourceId string = keyVault.id + +@description('The URL of the created Key Vault.') +output keyVaultUrl string = keyVault.properties.vaultUri + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Virtual Network Subnet.') +output storageAccountResourceId string = storageAccount.id + +@description('The name of the Key Vault Encryption Key.') +output keyVaultEncryptionKeyName string = keyVault::key.name diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep new file mode 100644 index 0000000000..13ee909c6e --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep @@ -0,0 +1,67 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'bbaencr' + +@description('Generated. Used as a basis for unique resource names.') +param baseTime string = utcNow('u') + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + storageAccountName: 'dep<>st${serviceShort}' + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + // Adding base time to make the name unique as purge protection must be enabled (but may not be longer than 24 characters total) + keyVaultName: 'dep-<>-kv-${serviceShort}-${substring(uniqueString(baseTime), 0, 3)}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + storageAccountId: resourceGroupResources.outputs.storageAccountResourceId + cMKKeyName: resourceGroupResources.outputs.keyVaultEncryptionKeyName + cMKKeyVaultResourceId: resourceGroupResources.outputs.keyVaultResourceId + poolAllocationMode: 'BatchService' + privateEndpoints: [ + { + service: 'batchAccount' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId + storageAuthenticationMode: 'BatchAccountManagedIdentity' + userAssignedIdentities: { + '${resourceGroupResources.outputs.managedIdentityResourceId}': {} + } + } +} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json deleted file mode 100644 index 5528a0d14c..0000000000 --- a/modules/Microsoft.Batch/batchAccounts/.test/min.parameters.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azbaweumin001" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - } - } -} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep new file mode 100644 index 0000000000..f069fcdbd9 --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/min/dependencies.bicep @@ -0,0 +1,17 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Storage Account to create.') +param storageAccountName string + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { + name: storageAccountName + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' +} + +@description('The resource ID of the created Virtual Network Subnet.') +output storageAccountResourceId string = storageAccount.id diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..2998f4879e --- /dev/null +++ b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep @@ -0,0 +1,46 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'bbamin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + storageAccountName: 'dep<>st${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + storageAccountId: resourceGroupResources.outputs.storageAccountResourceId + } +} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/parameters.json deleted file mode 100644 index 7e1d7111bd..0000000000 --- a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azbaweux001" - }, - "lock": { - "value": "CanNotDelete" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "batchAccount" - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "systemAssignedIdentity": { - "value": true - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - } - } -} diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index ac5d491fd8..a69ebcd2cd 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -238,34 +238,36 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Encr

+

Example 1: Default

via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-batchAccounts' +module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbadef' params: { // Required parameters - name: '<>azbaweuencr001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' + name: '<>bbadef001' + storageAccountId: '' // Non-required parameters - cMKKeyName: 'keyEncryptionKey' - cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + lock: 'CanNotDelete' poolAllocationMode: 'BatchService' privateEndpoints: [ { service: 'batchAccount' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + subnetResourceId: '' } ] - storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' + storageAccessIdentity: '' storageAuthenticationMode: 'BatchAccountManagedIdentity' - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } + systemAssignedIdentity: true } } ``` @@ -284,17 +286,29 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>azbaweuencr001" + "value": "<>bbadef001" }, "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, // Non-required parameters - "cMKKeyName": { - "value": "keyEncryptionKey" + "diagnosticEventHubAuthorizationRuleId": { + "value": "" }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" }, "poolAllocationMode": { "value": "BatchService" @@ -303,20 +317,18 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "value": [ { "service": "batchAccount", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + "subnetResourceId": "" } ] }, "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" + "value": "" }, "storageAuthenticationMode": { "value": "BatchAccountManagedIdentity" }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } + "systemAssignedIdentity": { + "value": true } } } @@ -325,19 +337,34 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {

-

Example 2: Min

+

Example 2: Encr

via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-batchAccounts' +module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbaencr' params: { // Required parameters - name: '<>azbaweumin001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' + name: '<>bbaencr001' + storageAccountId: '' + // Non-required parameters + cMKKeyName: '' + cMKKeyVaultResourceId: '' + poolAllocationMode: 'BatchService' + privateEndpoints: [ + { + service: 'batchAccount' + subnetResourceId: '' + } + ] + storageAccessIdentity: '' + storageAuthenticationMode: 'BatchAccountManagedIdentity' + userAssignedIdentities: { + '': {} + } } } ``` @@ -356,10 +383,39 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>azbaweumin001" + "value": "<>bbaencr001" }, "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" + }, + // Non-required parameters + "cMKKeyName": { + "value": "" + }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "poolAllocationMode": { + "value": "BatchService" + }, + "privateEndpoints": { + "value": [ + { + "service": "batchAccount", + "subnetResourceId": "" + } + ] + }, + "storageAccessIdentity": { + "value": "" + }, + "storageAuthenticationMode": { + "value": "BatchAccountManagedIdentity" + }, + "userAssignedIdentities": { + "value": { + "": {} + } } } } @@ -368,36 +424,19 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {

-

Example 3: Parameters

+

Example 3: Min

via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-batchAccounts' +module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbamin' params: { // Required parameters - name: '<>azbaweux001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - // Non-required parameters - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - lock: 'CanNotDelete' - poolAllocationMode: 'BatchService' - privateEndpoints: [ - { - service: 'batchAccount' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } - ] - storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - storageAuthenticationMode: 'BatchAccountManagedIdentity' - systemAssignedIdentity: true + name: '<>bbamin001' + storageAccountId: '' } } ``` @@ -416,49 +455,10 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>azbaweux001" + "value": "<>bbamin001" }, "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - // Non-required parameters - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "privateEndpoints": { - "value": [ - { - "service": "batchAccount", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - } - ] - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "systemAssignedIdentity": { - "value": true + "value": "" } } } diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index a1074fed21..6b922d65e8 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -883,9 +883,10 @@ function Set-DeploymentExamplesSection { '' ) + $TextInfo = (Get-Culture -Name 'en-US').TextInfo $moduleRoot = Split-Path $TemplateFilePath -Parent - $resourceTypeIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') - $resourceType = $resourceTypeIdentifier.Split('/')[1] + $resourceTypeIdentifier = $TextInfo.ToTitleCase($moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/')) + $resourceType = $TextInfo.ToTitleCase($resourceTypeIdentifier.Split('/')[1]) $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object @@ -906,7 +907,6 @@ function Set-DeploymentExamplesSection { } else { $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', '' } - $TextInfo = (Get-Culture -Name 'en-US').TextInfo $exampleTitle = $TextInfo.ToTitleCase($exampleTitle) $SectionContent += @( '

Example {0}: {1}

' -f $pathIndex, $exampleTitle From 09a8814fe795c33ee2d7683173e7be0657cd96f5 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 1 Sep 2022 10:15:37 +0200 Subject: [PATCH 02/12] Update to latest --- .../Microsoft.Batch/batchAccounts/readme.md | 6 ++--- utilities/tools/Set-ModuleReadMe.ps1 | 23 ++++++++++++------- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index a69ebcd2cd..3f3feb4ca5 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -245,7 +245,7 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbadef' params: { // Required parameters @@ -344,7 +344,7 @@ module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { via Bicep module ```bicep -module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbaencr' params: { // Required parameters @@ -431,7 +431,7 @@ module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { via Bicep module ```bicep -module Batchaccounts './Microsoft.Batch/Batchaccounts/deploy.bicep' = { +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbamin' params: { // Required parameters diff --git a/utilities/tools/Set-ModuleReadMe.ps1 b/utilities/tools/Set-ModuleReadMe.ps1 index 6b922d65e8..25d22f3fff 100644 --- a/utilities/tools/Set-ModuleReadMe.ps1 +++ b/utilities/tools/Set-ModuleReadMe.ps1 @@ -51,7 +51,7 @@ function Set-ResourceTypesSection { $RelevantResourceTypeObjects = Get-NestedResourceList $TemplateFileContent | Where-Object { $_.type -notin $ResourceTypesToExclude -and $_ - } | Select-Object 'Type', 'ApiVersion' -Unique | Sort-Object Type -Culture en-US + } | Select-Object 'Type', 'ApiVersion' -Unique | Sort-Object Type -Culture 'en-US' foreach ($resourceTypeObject in $RelevantResourceTypeObjects) { $ProviderNamespace, $ResourceType = $resourceTypeObject.Type -split '/', 2 @@ -280,7 +280,7 @@ function Set-OutputsSection { '| Output Name | Type | Description |', '| :-- | :-- | :-- |' ) - foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture en-US)) { + foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture 'en-US')) { $output = $TemplateFileContent.outputs[$outputName] $description = $output.metadata.description.Replace("`r`n", '

').Replace("`n", '

') $SectionContent += ("| ``{0}`` | {1} | {2} |" -f $outputName, $output.type, $description) @@ -290,7 +290,7 @@ function Set-OutputsSection { '| Output Name | Type |', '| :-- | :-- |' ) - foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture en-US)) { + foreach ($outputName in ($templateFileContent.outputs.Keys | Sort-Object -Culture 'en-US')) { $output = $TemplateFileContent.outputs[$outputName] $SectionContent += ("| ``{0}`` | {1} |" -f $outputName, $output.type) } @@ -883,10 +883,16 @@ function Set-DeploymentExamplesSection { '' ) - $TextInfo = (Get-Culture -Name 'en-US').TextInfo $moduleRoot = Split-Path $TemplateFilePath -Parent - $resourceTypeIdentifier = $TextInfo.ToTitleCase($moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/')) - $resourceType = $TextInfo.ToTitleCase($resourceTypeIdentifier.Split('/')[1]) + $fullIdentifier = $moduleRoot.Replace('\', '/').Split('/modules/')[1].TrimStart('/') + + # Get resource type and make first letter upper case. Requires manual handling as ToTitleCase lowercases everything but the first letter + $providerNamespace = ($fullIdentifier.Split('/')[0] -split '\.' | ForEach-Object { $_.Substring(0, 1).ToUpper() + $_.Substring(1) }) -join '.' + $resourceType = $fullIdentifier.Split('/')[1] + $resourceTypeUpper = $resourceType.Substring(0, 1).ToUpper() + $resourceType.Substring(1) + + $resourceTypeIdentifier = "$providerNamespace/$resourceType" + $testFilePaths = Get-ModuleTestFileList -ModulePath $moduleRoot | ForEach-Object { Join-Path $moduleRoot $_ } $RequiredParametersList = $TemplateFileContent.parameters.Keys | Where-Object { $TemplateFileContent.parameters[$_].Keys -notcontains 'defaultValue' } | Sort-Object @@ -907,7 +913,8 @@ function Set-DeploymentExamplesSection { } else { $exampleTitle = ((Split-Path $testFilePath -LeafBase) -replace '\.', ' ') -replace ' parameters', '' } - $exampleTitle = $TextInfo.ToTitleCase($exampleTitle) + $textInfo = (Get-Culture -Name 'en-US').TextInfo + $exampleTitle = $textInfo.ToTitleCase($exampleTitle) $SectionContent += @( '

Example {0}: {1}

' -f $pathIndex, $exampleTitle ) @@ -1138,7 +1145,7 @@ function Set-DeploymentExamplesSection { '```bicep', $extendedKeyVaultReferences, "module $resourceType './$resourceTypeIdentifier/deploy.bicep' = {" - " name: '`${uniqueString(deployment().name)}-$resourceType'" + " name: '`${uniqueString(deployment().name)}-$resourceTypeUpper'" ' params: {' $bicepExample.TrimEnd(), ' }' From e2c9c7ad1121b14e7965470775725938aef10d2e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 1 Sep 2022 11:32:27 +0200 Subject: [PATCH 03/12] Update to latest --- modules/Microsoft.Batch/batchAccounts/readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index 020e01c750..3f3feb4ca5 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -245,8 +245,8 @@ The following module usage examples are retrieved from the content of the files via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BatchAccounts' +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbadef' params: { // Required parameters name: '<>bbadef001' @@ -344,8 +344,8 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BatchAccounts' +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbaencr' params: { // Required parameters name: '<>bbaencr001' @@ -431,8 +431,8 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { via Bicep module ```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BatchAccounts' +module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-bbamin' params: { // Required parameters name: '<>bbamin001' From 415be69f2504ecb6a514bd1762bc08e2e9bb1077 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sat, 3 Sep 2022 12:35:45 +0200 Subject: [PATCH 04/12] Update to latest --- .../batchAccounts/.test/encr/dependencies.bicep | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep index 5bcdc03689..8f785964a8 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep @@ -74,12 +74,11 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { } resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${managedIdentity.name}-KeyVault-${keyVault.name}-Key-${keyVault::key.name}-Read-RoleAssignment') + name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment') scope: keyVault::key properties: { principalId: managedIdentity.properties.principalId - // Key Vault Crypto User - roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User principalType: 'ServicePrincipal' } } From 1f6fecbbadd1f2ae374bcd1bf3c156fa7ebd5ae1 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 8 Sep 2022 18:54:23 +0200 Subject: [PATCH 05/12] Updated folder default to common. --- .../.test/{default => common}/dependencies.bicep | 0 .../.test/{default => common}/deploy.test.bicep | 0 modules/Microsoft.Batch/batchAccounts/readme.md | 8 ++++---- 3 files changed, 4 insertions(+), 4 deletions(-) rename modules/Microsoft.Batch/batchAccounts/.test/{default => common}/dependencies.bicep (100%) rename modules/Microsoft.Batch/batchAccounts/.test/{default => common}/deploy.test.bicep (100%) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.test/default/dependencies.bicep rename to modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep diff --git a/modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep similarity index 100% rename from modules/Microsoft.Batch/batchAccounts/.test/default/deploy.test.bicep rename to modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index 3f3feb4ca5..2ac8c46dae 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -238,14 +238,14 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Default

+

Example 1: Common

via Bicep module ```bicep -module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { +module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbadef' params: { // Required parameters @@ -344,7 +344,7 @@ module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { via Bicep module ```bicep -module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { +module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbaencr' params: { // Required parameters @@ -431,7 +431,7 @@ module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { via Bicep module ```bicep -module BatchAccounts './Microsoft.Batch/BatchAccounts/deploy.bicep' = { +module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbamin' params: { // Required parameters From 8c926dd9eae95df400ea89f083673fbb2e7aae94 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 12:49:45 +0200 Subject: [PATCH 06/12] Update to latest --- .../batchAccounts/.test/common/deploy.test.bicep | 4 ++-- .../batchAccounts/.test/encr/deploy.test.bicep | 2 +- .../Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index e82b500ff7..c807de3ff7 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -10,8 +10,8 @@ param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') -param serviceShort string = 'bbadef' +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'bbacom' // =========== // // Deployments // diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep index 13ee909c6e..f7d6de12df 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'bbaencr' @description('Generated. Used as a basis for unique resource names.') diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep index 2998f4879e..21ebc2728e 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep @@ -10,7 +10,7 @@ param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' @description('Optional. The location to deploy resources to') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment .Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') param serviceShort string = 'bbamin' // =========== // From 620958a897ca8b7b4d9186675cd5aa33f50c3b87 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:02:39 +0200 Subject: [PATCH 07/12] Update to latest --- .../batchAccounts/.test/common/deploy.test.bicep | 6 +++--- .../batchAccounts/.test/encr/deploy.test.bicep | 6 +++--- .../batchAccounts/.test/min/deploy.test.bicep | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index c807de3ff7..e23565a357 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'bbacom' // =========== // diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep index f7d6de12df..d29341d597 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'bbaencr' @description('Generated. Used as a basis for unique resource names.') diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep index 21ebc2728e..d2b2488610 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep @@ -3,14 +3,14 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes') +@description('Optional. The name of the resource group to deploy for a testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' -@description('Optional. The location to deploy resources to') +@description('Optional. The location to deploy resources to.') param location string = deployment().location -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'bbamin' // =========== // From a479cc67361a594bd75c6185eb4208372e160bee Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 13:25:50 +0200 Subject: [PATCH 08/12] Update to latest --- .../Microsoft.Batch/batchAccounts/readme.md | 163 +++++++++++++++--- 1 file changed, 142 insertions(+), 21 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index 6ecd2f3d1b..07bf235baa 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -249,10 +249,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-bbadef' + name: '${uniqueString(deployment().name)}-test-bbacom' params: { // Required parameters - name: '<>bbadef001' + name: '<>bbacom001' storageAccountId: '' // Non-required parameters diagnosticEventHubAuthorizationRuleId: '' @@ -264,11 +264,6 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { poolAllocationMode: 'BatchService' privateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com' - ] - } service: 'batchAccount' subnetResourceId: '' } @@ -294,7 +289,7 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>bbadef001" + "value": "<>bbacom001" }, "storageAccountId": { "value": "" @@ -324,11 +319,6 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "privateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" - ] - }, "service": "batchAccount", "subnetResourceId": "" } @@ -448,10 +438,146 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { name: '${uniqueString(deployment().name)}-test-bbamin' params: { // Required parameters -<<<<<<< HEAD name: '<>bbamin001' storageAccountId: '' -======= + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>bbamin001" + }, + "storageAccountId": { + "value": "" + } + } +} +``` + +
+

+ +

Example 4: Encr

+ +
+ +via Bicep module + +```bicep +module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-BatchAccounts' + params: { + // Required parameters + name: '<>azbaweuencr001' + storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' + // Non-required parameters + cMKKeyName: 'keyEncryptionKey' + cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002' + poolAllocationMode: 'BatchService' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com' + ] + } + service: 'batchAccount' + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + } + ] + storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' + storageAuthenticationMode: 'BatchAccountManagedIdentity' + userAssignedIdentities: { + '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>azbaweuencr001" + }, + "storageAccountId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + }, + // Non-required parameters + "cMKKeyName": { + "value": "keyEncryptionKey" + }, + "cMKKeyVaultResourceId": { + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" + }, + "poolAllocationMode": { + "value": "BatchService" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" + ] + }, + "service": "batchAccount", + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + } + ] + }, + "storageAccessIdentity": { + "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" + }, + "storageAuthenticationMode": { + "value": "BatchAccountManagedIdentity" + }, + "userAssignedIdentities": { + "value": { + "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} + } + } + } +} +``` + +
+

+ +

Example 5: Parameters

+ +
+ +via Bicep module + +```bicep +module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-BatchAccounts' + params: { + // Required parameters name: '<>azbaweux001' storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' // Non-required parameters @@ -479,7 +605,6 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' storageAuthenticationMode: 'BatchAccountManagedIdentity' systemAssignedIdentity: true ->>>>>>> main } } ``` @@ -498,12 +623,9 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>bbamin001" + "value": "<>azbaweux001" }, "storageAccountId": { -<<<<<<< HEAD - "value": "" -======= "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" }, // Non-required parameters @@ -554,7 +676,6 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { }, "systemAssignedIdentity": { "value": true ->>>>>>> main } } } From 176f286c85299633e61a866b1618140367a42af2 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 18 Sep 2022 23:20:03 +0200 Subject: [PATCH 09/12] Update to latest --- .../batchAccounts/.test/common/deploy.test.bicep | 2 +- .../Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep | 2 +- .../Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index e23565a357..5d9b2401a1 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep index d29341d597..44b7cb1bab 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' diff --git a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep index d2b2488610..1c097c1c4c 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/min/deploy.test.bicep @@ -3,7 +3,7 @@ targetScope = 'subscription' // ========== // // Parameters // // ========== // -@description('Optional. The name of the resource group to deploy for a testing purposes.') +@description('Optional. The name of the resource group to deploy for testing purposes.') @maxLength(90) param resourceGroupName string = 'ms.batch.batchaccounts-${serviceShort}-rg' From 9f1ea14db49df827657525d65d1d7675a1598fa9 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Sun, 18 Sep 2022 23:36:55 +0200 Subject: [PATCH 10/12] Updated DNS Zone dependency --- .../.test/common/dependencies.bicep | 19 ++ .../.test/common/deploy.test.bicep | 5 + .../batchAccounts/.test/encr.parameters.json | 45 ---- .../.test/encr/dependencies.bicep | 19 ++ .../.test/encr/deploy.test.bicep | 5 + .../batchAccounts/.test/parameters.json | 60 ----- .../Microsoft.Batch/batchAccounts/readme.md | 234 ++---------------- 7 files changed, 68 insertions(+), 319 deletions(-) delete mode 100644 modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json delete mode 100644 modules/Microsoft.Batch/batchAccounts/.test/parameters.json diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep index 7af2d81f74..1aa499a9c5 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep @@ -42,6 +42,22 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.batch.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { name: keyVaultName location: location @@ -82,3 +98,6 @@ output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Virtual Network Subnet.') output storageAccountResourceId string = storageAccount.id + +@description('The resource ID of the created Virtual Network Subnet.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index 5d9b2401a1..c785e78521 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -70,6 +70,11 @@ module testDeployment '../../deploy.bicep' = { { service: 'batchAccount' subnetResourceId: resourceGroupResources.outputs.subnetResourceId + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSZoneResourceId + ] + } } ] storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json deleted file mode 100644 index b930cafd15..0000000000 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr.parameters.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azbaweuencr001" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "cMKKeyName": { - "value": "keyEncryptionKey" - }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "batchAccount", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" - ] - } - } - ] - } - } -} diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep index 8f785964a8..9486165d32 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep @@ -42,6 +42,22 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { } } +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.batch.azure.com' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { name: managedIdentityName location: location @@ -103,3 +119,6 @@ output storageAccountResourceId string = storageAccount.id @description('The name of the Key Vault Encryption Key.') output keyVaultEncryptionKeyName string = keyVault::key.name + +@description('The resource ID of the created Virtual Network Subnet.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep index 44b7cb1bab..29d179408a 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/deploy.test.bicep @@ -56,6 +56,11 @@ module testDeployment '../../deploy.bicep' = { { service: 'batchAccount' subnetResourceId: resourceGroupResources.outputs.subnetResourceId + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSZoneResourceId + ] + } } ] storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId diff --git a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json b/modules/Microsoft.Batch/batchAccounts/.test/parameters.json deleted file mode 100644 index fa1eb5fe71..0000000000 --- a/modules/Microsoft.Batch/batchAccounts/.test/parameters.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>azbaweux001" - }, - "lock": { - "value": "CanNotDelete" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "batchAccount", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" - ] - } - } - ] - }, - "networkProfileAllowedIpRanges": { - "value": [ - "127.0.0.1" - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "systemAssignedIdentity": { - "value": true - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - } - } -} diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index 07f0efceae..59dd545ea0 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -264,6 +264,11 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { poolAllocationMode: 'BatchService' privateEndpoints: [ { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } service: 'batchAccount' subnetResourceId: '' } @@ -319,6 +324,11 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "privateEndpoints": { "value": [ { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, "service": "batchAccount", "subnetResourceId": "" } @@ -359,6 +369,11 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { poolAllocationMode: 'BatchService' privateEndpoints: [ { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } service: 'batchAccount' subnetResourceId: '' } @@ -404,6 +419,11 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "privateEndpoints": { "value": [ { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, "service": "batchAccount", "subnetResourceId": "" } @@ -469,217 +489,3 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = {

- -

Example 4: Encr

- -
- -via Bicep module - -```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BatchAccounts' - params: { - // Required parameters - name: '<>azbaweuencr001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - // Non-required parameters - cMKKeyName: 'keyEncryptionKey' - cMKKeyVaultResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002' - poolAllocationMode: 'BatchService' - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com' - ] - } - service: 'batchAccount' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } - ] - storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - storageAuthenticationMode: 'BatchAccountManagedIdentity' - userAssignedIdentities: { - '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001': {} - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>azbaweuencr001" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - // Non-required parameters - "cMKKeyName": { - "value": "keyEncryptionKey" - }, - "cMKKeyVaultResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-nopr-002" - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" - ] - }, - "service": "batchAccount", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - } - ] - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "userAssignedIdentities": { - "value": { - "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001": {} - } - } - } -} -``` - -
-

- -

Example 5: Parameters

- -
- -via Bicep module - -```bicep -module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BatchAccounts' - params: { - // Required parameters - name: '<>azbaweux001' - storageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - // Non-required parameters - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - lock: 'CanNotDelete' - networkProfileAllowedIpRanges: [ - '127.0.0.1' - ] - poolAllocationMode: 'BatchService' - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com' - ] - } - service: 'batchAccount' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } - ] - storageAccessIdentity: '/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001' - storageAuthenticationMode: 'BatchAccountManagedIdentity' - systemAssignedIdentity: true - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "<>azbaweux001" - }, - "storageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - // Non-required parameters - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "networkProfileAllowedIpRanges": { - "value": [ - "127.0.0.1" - ] - }, - "poolAllocationMode": { - "value": "BatchService" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.batch.azure.com" - ] - }, - "service": "batchAccount", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - } - ] - }, - "storageAccessIdentity": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/adp-<>-az-msi-x-001" - }, - "storageAuthenticationMode": { - "value": "BatchAccountManagedIdentity" - }, - "systemAssignedIdentity": { - "value": true - } - } -} -``` - -
-

From 81c881b275d08a79711b378e91fb8a302b005880 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 19 Sep 2022 00:02:54 +0200 Subject: [PATCH 11/12] Update to latest --- .../batchAccounts/.test/common/dependencies.bicep | 2 +- .../Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep index 1aa499a9c5..09cc2efb06 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep @@ -99,5 +99,5 @@ output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Virtual Network Subnet.') output storageAccountResourceId string = storageAccount.id -@description('The resource ID of the created Virtual Network Subnet.') +@description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep index 9486165d32..23571d5b65 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep @@ -120,5 +120,5 @@ output storageAccountResourceId string = storageAccount.id @description('The name of the Key Vault Encryption Key.') output keyVaultEncryptionKeyName string = keyVault::key.name -@description('The resource ID of the created Virtual Network Subnet.') +@description('The resource ID of the created Private DNS Zone.') output privateDNSZoneResourceId string = privateDNSZone.id From 0522cfa2ba3e110686ec614a4ac4f97c8a73b31e Mon Sep 17 00:00:00 2001 From: MrMCake Date: Thu, 3 Nov 2022 18:24:35 +0100 Subject: [PATCH 12/12] Addressed comments --- .../.test/common/dependencies.bicep | 27 ------------------- .../.test/common/deploy.test.bicep | 10 ++++++- .../.test/encr/dependencies.bicep | 3 --- .../Microsoft.Batch/batchAccounts/readme.md | 18 +++++++++++++ 4 files changed, 27 insertions(+), 31 deletions(-) diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep index 09cc2efb06..446a125411 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/dependencies.bicep @@ -4,9 +4,6 @@ param location string = resourceGroup().location @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string -@description('Required. The name of the Key Vault to create.') -param keyVaultName string - @description('Required. The name of the Managed Identity to create.') param managedIdentityName string @@ -58,24 +55,6 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { } } -resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { - name: keyVaultName - location: location - properties: { - sku: { - family: 'A' - name: 'standard' - } - tenantId: tenant().tenantId - enablePurgeProtection: null - enabledForTemplateDeployment: true - enabledForDiskEncryption: true - enabledForDeployment: true - enableRbacAuthorization: true - accessPolicies: [] - } -} - resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { name: managedIdentityName location: location @@ -84,12 +63,6 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018- @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id -@description('The resource ID of the created Key Vault.') -output keyVaultResourceId string = keyVault.id - -@description('The URL of the created Key Vault.') -output keyVaultUrl string = keyVault.properties.vaultUri - @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index c785e78521..dd6d2ee3d7 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -30,7 +30,6 @@ module resourceGroupResources 'dependencies.bicep' = { params: { storageAccountName: 'dep<>st${serviceShort}' virtualNetworkName: 'dep-<>-vnet-${serviceShort}' - keyVaultName: 'dep-<>-kv-${serviceShort}' managedIdentityName: 'dep-<>-msi-${serviceShort}' } } @@ -75,6 +74,15 @@ module testDeployment '../../deploy.bicep' = { resourceGroupResources.outputs.privateDNSZoneResourceId ] } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] } ] storageAccessIdentity: resourceGroupResources.outputs.managedIdentityResourceId diff --git a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep index 23571d5b65..576465d4c1 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/encr/dependencies.bicep @@ -108,9 +108,6 @@ output keyVaultResourceId string = keyVault.id @description('The URL of the created Key Vault.') output keyVaultUrl string = keyVault.properties.vaultUri -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId - @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index 59dd545ea0..ff4afeacbf 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -269,6 +269,15 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { '' ] } + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] service: 'batchAccount' subnetResourceId: '' } @@ -329,6 +338,15 @@ module batchAccounts './Microsoft.Batch/batchAccounts/deploy.bicep' = { "" ] }, + "roleAssignments": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ], "service": "batchAccount", "subnetResourceId": "" }