From 74757a6e865e3e1ba4cf43a65f82919045ac7579 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 17:59:49 +0200 Subject: [PATCH 1/4] Updated KeyVault vaults to new dependencies approach --- .github/workflows/ms.keyvault.vaults.yml | 3 +- .../vaults/.test/common/dependencies.bicep | 58 +++++++ .../vaults/.test/common/deploy.test.bicep | 161 ++++++++++++++++++ .../vaults/.test/min.parameters.json | 9 - .../vaults/.test/min/deploy.test.bicep | 37 ++++ .../vaults/.test/parameters.json | 138 --------------- modules/Microsoft.KeyVault/vaults/readme.md | 134 +++++++-------- 7 files changed, 324 insertions(+), 216 deletions(-) create mode 100644 modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep create mode 100644 modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/.test/min.parameters.json create mode 100644 modules/Microsoft.KeyVault/vaults/.test/min/deploy.test.bicep delete mode 100644 modules/Microsoft.KeyVault/vaults/.test/parameters.json diff --git a/.github/workflows/ms.keyvault.vaults.yml b/.github/workflows/ms.keyvault.vaults.yml index e040d8aafd..248035cc5b 100644 --- a/.github/workflows/ms.keyvault.vaults.yml +++ b/.github/workflows/ms.keyvault.vaults.yml @@ -106,8 +106,7 @@ jobs: - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' uses: ./.github/actions/templates/validateModuleDeployment with: - templateFilePath: '${{ env.modulePath }}/deploy.bicep' - parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' location: '${{ env.location }}' resourceGroupName: '${{ env.resourceGroupName }}' subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep new file mode 100644 index 0000000000..231c714cad --- /dev/null +++ b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep @@ -0,0 +1,58 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.vaultcore.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Virtual Network Subnet.') +output privateDNSResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..a63d588e7d --- /dev/null +++ b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep @@ -0,0 +1,161 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.keyvault.vaults-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'kvvcom' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + accessPolicies: [ + { + objectId: resourceGroupResources.outputs.managedIdentityPrincipalId + permissions: { + keys: [ + 'get' + 'list' + 'update' + ] + secrets: [ + 'all' + ] + } + tenantId: tenant().tenantId + } + { + objectId: resourceGroupResources.outputs.managedIdentityPrincipalId + permissions: { + certificates: [ + 'backup' + 'create' + 'delete' + ] + secrets: [ + 'all' + ] + } + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + enableRbacAuthorization: false + keys: [ + { + attributesExp: 1702648632 + attributesNbf: 10000 + name: 'keyName' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + } + ] + lock: 'CanNotDelete' + networkAcls: { + bypass: 'AzureServices' + defaultAction: 'Deny' + ipRules: [] + virtualNetworkRules: [ + { + action: 'Allow' + id: resourceGroupResources.outputs.subnetResourceId + } + ] + } + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSResourceId + ] + } + service: 'vault' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + secrets: { + secureList: [ + { + attributesExp: 1702648632 + attributesNbf: 10000 + contentType: 'Something' + name: 'secretName' + roleAssignments: [ + { + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + roleDefinitionIdOrName: 'Reader' + } + ] + value: 'secretValue' + } + ] + } + softDeleteRetentionInDays: 7 + } +} diff --git a/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json b/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json deleted file mode 100644 index 6aef9589c0..0000000000 --- a/modules/Microsoft.KeyVault/vaults/.test/min.parameters.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-kv-min-002" - } - } -} diff --git a/modules/Microsoft.KeyVault/vaults/.test/min/deploy.test.bicep b/modules/Microsoft.KeyVault/vaults/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..cbff5012e9 --- /dev/null +++ b/modules/Microsoft.KeyVault/vaults/.test/min/deploy.test.bicep @@ -0,0 +1,37 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for a testing purposes') +@maxLength(90) +param resourceGroupName string = 'ms.keyvault.vaults-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints') +param serviceShort string = 'kvvmin' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + name: '<>${serviceShort}001' + } +} diff --git a/modules/Microsoft.KeyVault/vaults/.test/parameters.json b/modules/Microsoft.KeyVault/vaults/.test/parameters.json deleted file mode 100644 index 6e61cadf54..0000000000 --- a/modules/Microsoft.KeyVault/vaults/.test/parameters.json +++ /dev/null @@ -1,138 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-kv-x-002" - }, - "lock": { - "value": "CanNotDelete" - }, - "softDeleteRetentionInDays": { - "value": 7 - }, - "enableRbacAuthorization": { - "value": false - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "vault", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" - ] - } - } - ] - }, - "networkAcls": { - "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001", - "action": "Allow" - } - ], - "ipRules": [] - } - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "secrets": { - "value": { - "secureList": [ - { - "name": "secretName", - "value": "secretValue", - "contentType": "Something", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - } - }, - "keys": { - "value": [ - { - "name": "keyName", - "attributesExp": 1702648632, - "attributesNbf": 10000, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, - "accessPolicies": { - "value": [ - { - "objectId": "<>", - "permissions": { - "keys": [ - "get", - "list", - "update" - ], - "secrets": [ - "all" - ] - }, - "tenantId": "<>" - }, - { - "objectId": "<>", - "permissions": { - "certificates": [ - "backup", - "create", - "delete" - ], - "secrets": [ - "all" - ] - } - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md index 6436f35e9a..e0e651ceee 100644 --- a/modules/Microsoft.KeyVault/vaults/readme.md +++ b/modules/Microsoft.KeyVault/vaults/readme.md @@ -397,7 +397,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Min

+

Example 1: Common

@@ -405,49 +405,12 @@ The following module usage examples are retrieved from the content of the files ```bicep module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-Vaults' + name: '${uniqueString(deployment().name)}-test-kvvcom' params: { - name: '<>-az-kv-min-002' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-kv-min-002" - } - } -} -``` - -
-

- -

Example 2: Parameters

- -
- -via Bicep module - -```bicep -module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-Vaults' - params: { - name: '<>-az-kv-x-002' + name: '<>kvvcom001' accessPolicies: [ { - objectId: '<>' + objectId: '' permissions: { keys: [ 'get' @@ -458,10 +421,10 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { 'all' ] } - tenantId: '<>' + tenantId: '' } { - objectId: '<>' + objectId: '' permissions: { certificates: [ 'backup' @@ -474,11 +437,11 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { } } ] - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' enableRbacAuthorization: false keys: [ { @@ -488,7 +451,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -503,7 +466,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { virtualNetworkRules: [ { action: 'Allow' - id: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001' + id: '' } ] } @@ -511,17 +474,17 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { { privateDnsZoneGroup: { privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net' + '' ] } service: 'vault' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + subnetResourceId: '' } ] roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -536,7 +499,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { roleAssignments: [ { principalIds: [ - '<>' + '' ] roleDefinitionIdOrName: 'Reader' } @@ -563,12 +526,12 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-kv-x-002" + "value": "<>kvvcom001" }, "accessPolicies": { "value": [ { - "objectId": "<>", + "objectId": "", "permissions": { "keys": [ "get", @@ -579,10 +542,10 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "all" ] }, - "tenantId": "<>" + "tenantId": "" }, { - "objectId": "<>", + "objectId": "", "permissions": { "certificates": [ "backup", @@ -597,19 +560,19 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { ] }, "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" + "value": "" }, "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + "value": "" }, "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" + "value": "" }, "enableRbacAuthorization": { "value": false @@ -623,7 +586,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -642,7 +605,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "virtualNetworkRules": [ { "action": "Allow", - "id": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-001" + "id": "" } ] } @@ -652,11 +615,11 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { { "privateDnsZoneGroup": { "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net" + "" ] }, "service": "vault", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + "subnetResourceId": "" } ] }, @@ -664,7 +627,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "value": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -681,7 +644,7 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { "roleAssignments": [ { "principalIds": [ - "<>" + "" ], "roleDefinitionIdOrName": "Reader" } @@ -700,3 +663,40 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = {

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-kvvmin' + params: { + name: '<>kvvmin001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>kvvmin001" + } + } +} +``` + +
+

From a6793954acdf384640970baa32059b4a6f1230f7 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 18:14:20 +0200 Subject: [PATCH 2/4] Weird test fix --- utilities/pipelines/staticValidation/module.tests.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1 index c8c9f7b134..5148281387 100644 --- a/utilities/pipelines/staticValidation/module.tests.ps1 +++ b/utilities/pipelines/staticValidation/module.tests.ps1 @@ -725,7 +725,7 @@ Describe 'Deployment template tests' -Tag Template { $deploymentTestFile_AllParameterNames = $rawContentHashtable.parameters.Keys | Sort-Object } else { $deploymentFileContent = az bicep build --file $moduleTestFilePath --stdout | ConvertFrom-Json -AsHashtable - $deploymentTestFile_AllParameterNames = $deploymentFileContent.resources[-1].properties.parameters.keys | Sort-Object # The last resource should be the test + $deploymentTestFile_AllParameterNames = $deploymentFileContent.resources[-1].properties.parameters.Keys | Sort-Object # The last resource should be the test } $testFileTestCases += @{ testFile_Path = $moduleTestFilePath From 485da45cfcb902a1fe66bf05b1d342a428bed574 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Fri, 9 Sep 2022 19:21:15 +0200 Subject: [PATCH 3/4] Added service endpoint for kvlt --- .../vaults/.test/common/dependencies.bicep | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep index 231c714cad..d5e1e20b39 100644 --- a/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep +++ b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep @@ -21,6 +21,11 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { name: 'defaultSubnet' properties: { addressPrefix: '10.0.0.0/24' + serviceEndpoints: [ + { + service: 'Microsoft.KeyVault' + } + ] } } ] From 3061cc528f565dde7ece1c720391fc1a715ddc73 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Fri, 16 Sep 2022 10:01:37 +0200 Subject: [PATCH 4/4] Update modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com> --- .../Microsoft.KeyVault/vaults/.test/common/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep index d5e1e20b39..5119944dd2 100644 --- a/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep +++ b/modules/Microsoft.KeyVault/vaults/.test/common/dependencies.bicep @@ -59,5 +59,5 @@ output subnetResourceId string = virtualNetwork.properties.subnets[0].id @description('The principal ID of the created Managed Identity.') output managedIdentityPrincipalId string = managedIdentity.properties.principalId -@description('The resource ID of the created Virtual Network Subnet.') +@description('The resource ID of the created Private DNS Zone.') output privateDNSResourceId string = privateDNSZone.id