diff --git a/.github/workflows/ms.dataprotection.backupvaults.yml b/.github/workflows/ms.dataprotection.backupvaults.yml index 759adf323e..31a039b956 100644 --- a/.github/workflows/ms.dataprotection.backupvaults.yml +++ b/.github/workflows/ms.dataprotection.backupvaults.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.DataProtection/backupVaults/.test/common/dependencies.bicep b/modules/Microsoft.DataProtection/backupVaults/.test/common/dependencies.bicep new file mode 100644 index 0000000000..0f0755a6f4 --- /dev/null +++ b/modules/Microsoft.DataProtection/backupVaults/.test/common/dependencies.bicep @@ -0,0 +1,16 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id diff --git a/modules/Microsoft.DataProtection/backupVaults/.test/common/deploy.test.bicep b/modules/Microsoft.DataProtection/backupVaults/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..fce5e9870d --- /dev/null +++ b/modules/Microsoft.DataProtection/backupVaults/.test/common/deploy.test.bicep @@ -0,0 +1,117 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.dataprotection.backupvaults-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'dpbvcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + systemAssignedIdentity: true + backupPolicies: [ + { + name: 'DefaultPolicy' + properties: { + datasourceTypes: [ + 'Microsoft.Compute/disks' + ] + objectType: 'BackupPolicy' + policyRules: [ + { + backupParameters: { + backupType: 'Incremental' + objectType: 'AzureBackupParams' + } + dataStore: { + dataStoreType: 'OperationalStore' + objectType: 'DataStoreInfoBase' + } + name: 'BackupDaily' + objectType: 'AzureBackupRule' + trigger: { + objectType: 'ScheduleBasedTriggerContext' + schedule: { + repeatingTimeIntervals: [ + 'R/2022-05-31T23:30:00+01:00/P1D' + ] + timeZone: 'W. Europe Standard Time' + } + taggingCriteria: [ + { + isDefault: true + taggingPriority: 99 + tagInfo: { + id: 'Default_' + tagName: 'Default' + } + } + ] + } + } + { + isDefault: true + lifecycles: [ + { + deleteAfter: { + duration: 'P7D' + objectType: 'AbsoluteDeleteOption' + } + sourceDataStore: { + dataStoreType: 'OperationalStore' + objectType: 'DataStoreInfoBase' + } + targetDataStoreCopySettings: [] + } + ] + name: 'Default' + objectType: 'AzureRetentionRule' + } + ] + } + } + ] + lock: 'CanNotDelete' + } +} diff --git a/modules/Microsoft.DataProtection/backupVaults/.test/min.parameters.json b/modules/Microsoft.DataProtection/backupVaults/.test/min.parameters.json deleted file mode 100644 index 6b44ecfa38..0000000000 --- a/modules/Microsoft.DataProtection/backupVaults/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bv-min-001" - } - } -} diff --git a/modules/Microsoft.DataProtection/backupVaults/.test/min/deploy.test.bicep b/modules/Microsoft.DataProtection/backupVaults/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..de4dcec137 --- /dev/null +++ b/modules/Microsoft.DataProtection/backupVaults/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.dataprotection.backupvaults-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'dpbvmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + } +} diff --git a/modules/Microsoft.DataProtection/backupVaults/.test/parameters.json b/modules/Microsoft.DataProtection/backupVaults/.test/parameters.json deleted file mode 100644 index bad76a8a40..0000000000 --- a/modules/Microsoft.DataProtection/backupVaults/.test/parameters.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bv-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "backupPolicies": { - "value": [ - { - "name": "DefaultPolicy", - "properties": { - "policyRules": [ - { - "backupParameters": { - "backupType": "Incremental", - "objectType": "AzureBackupParams" - }, - "trigger": { - "schedule": { - "repeatingTimeIntervals": [ - "R/2022-05-31T23:30:00+01:00/P1D" - ], - "timeZone": "W. Europe Standard Time" - }, - "taggingCriteria": [ - { - "tagInfo": { - "tagName": "Default", - "id": "Default_" - }, - "taggingPriority": 99, - "isDefault": true - } - ], - "objectType": "ScheduleBasedTriggerContext" - }, - "dataStore": { - "dataStoreType": "OperationalStore", - "objectType": "DataStoreInfoBase" - }, - "name": "BackupDaily", - "objectType": "AzureBackupRule" - }, - { - "lifecycles": [ - { - "deleteAfter": { - "objectType": "AbsoluteDeleteOption", - "duration": "P7D" - }, - "targetDataStoreCopySettings": [], - "sourceDataStore": { - "dataStoreType": "OperationalStore", - "objectType": "DataStoreInfoBase" - } - } - ], - "isDefault": true, - "name": "Default", - "objectType": "AzureRetentionRule" - } - ], - "datasourceTypes": [ - "Microsoft.Compute/disks" - ], - "objectType": "BackupPolicy" - } - } - ] - } - } -} diff --git a/modules/Microsoft.DataProtection/backupVaults/deploy.bicep b/modules/Microsoft.DataProtection/backupVaults/deploy.bicep index e940b43e9b..83142c5e46 100644 --- a/modules/Microsoft.DataProtection/backupVaults/deploy.bicep +++ b/modules/Microsoft.DataProtection/backupVaults/deploy.bicep @@ -21,9 +21,6 @@ param lock string = '' @description('Optional. Enables system assigned managed identity on the resource.') param systemAssignedIdentity bool = false -@description('Optional. The ID(s) to assign to the resource.') -param userAssignedIdentities object = {} - @description('Optional. Tags of the Recovery Service Vault resource.') param tags object = {} @@ -45,11 +42,10 @@ param type string = 'LocallyRedundant' @description('Optional. List of all backup policies.') param backupPolicies array = [] -var identityType = systemAssignedIdentity ? (!empty(userAssignedIdentities) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(userAssignedIdentities) ? 'UserAssigned' : 'None') +var identityType = systemAssignedIdentity ? 'SystemAssigned' : 'None' var identity = identityType != 'None' ? { type: identityType - userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : null } : null var enableReferencedModulesTelemetry = false diff --git a/modules/Microsoft.DataProtection/backupVaults/readme.md b/modules/Microsoft.DataProtection/backupVaults/readme.md index 7d562e8ff0..fe92a49343 100644 --- a/modules/Microsoft.DataProtection/backupVaults/readme.md +++ b/modules/Microsoft.DataProtection/backupVaults/readme.md @@ -38,7 +38,6 @@ This module deploys DataProtection BackupVaults. | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | | `type` | string | `'LocallyRedundant'` | `[GeoRedundant, LocallyRedundant]` | The vault redundancy level to use. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | ### Parameter Usage: `backupPolicies` @@ -342,7 +341,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -350,47 +349,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BackupVaults' - params: { - name: '<>-az-bv-min-001' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-bv-min-001" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-BackupVaults' + name: '${uniqueString(deployment().name)}-test-dpbvcom' params: { // Required parameters - name: '<>-az-bv-x-001' + name: '<>dpbvcom001' // Non-required parameters backupPolicies: [ { @@ -455,6 +417,15 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { } ] lock: 'CanNotDelete' + roleAssignments: [ + { + principalIds: [ + '' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + systemAssignedIdentity: true } } ``` @@ -473,7 +444,7 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>-az-bv-x-001" + "value": "<>dpbvcom001" }, // Non-required parameters "backupPolicies": { @@ -542,6 +513,56 @@ module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { }, "lock": { "value": "CanNotDelete" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "systemAssignedIdentity": { + "value": true + } + } +} +``` + +
+

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module backupVaults './Microsoft.DataProtection/backupVaults/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-dpbvmin' + params: { + name: '<>dpbvmin001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>dpbvmin001" } } }