From 247de51bd169777fa80420f57f9cb8f9e04490c8 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 12 Sep 2022 19:31:44 +0200
Subject: [PATCH 01/45] update workflow

---
 .github/workflows/ms.compute.images.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml
index 93b6897198..82ff8ca90a 100644
--- a/.github/workflows/ms.compute.images.yml
+++ b/.github/workflows/ms.compute.images.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'

From 777c913acf33dc685a6ec275bfa148f28b3c8a44 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 12 Sep 2022 20:25:18 +0200
Subject: [PATCH 02/45] test draft dep

---
 .../.scripts/Copy-VhdToStorageAccount.ps1     | 122 ++++++++++++++++++
 .../images/.scripts/Start-ImageTemplate.ps1   |  79 ++++++++++++
 .../images/.test/common/dependencies.bicep    |  21 +++
 .../images/.test/common/deploy.test.bicep     |  75 +++++++++++
 .../images/.test/parameters.json              |  37 ------
 5 files changed, 297 insertions(+), 37 deletions(-)
 create mode 100644 modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1
 create mode 100644 modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1
 create mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies.bicep
 create mode 100644 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
 delete mode 100644 modules/Microsoft.Compute/images/.test/parameters.json

diff --git a/modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1
new file mode 100644
index 0000000000..7fb311cf31
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1
@@ -0,0 +1,122 @@
+<#
+    .SYNOPSIS
+    Copy a VHD baked from a given image template to a given destination storage account blob container
+
+    .DESCRIPTION
+    Copy a VHD baked from a given image template to a given destination storage account blob container
+
+    .PARAMETER ImageTemplateName
+    Mandatory. The name of the image template
+
+    .PARAMETER ImageTemplateResourceGroup
+    Mandatory. The resource group name of the image template
+
+    .PARAMETER DestinationStorageAccountName
+    Mandatory. The name of the destination storage account
+
+    .PARAMETER DestinationContainerName
+    Optional. The name of the existing destination blob container
+
+    .PARAMETER VhdName
+    Optional. Specify a different name for the destination VHD file
+
+    .PARAMETER WaitForComplete
+    Optional. Run the command synchronously. Wait for the completion of the copy.
+
+    .EXAMPLE
+    Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001'
+
+    Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'.
+
+    .EXAMPLE
+    Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete
+
+    Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'.
+#>
+
+[CmdletBinding(SupportsShouldProcess)]
+param (
+    [Parameter(Mandatory = $true)]
+    [string] $ImageTemplateName,
+
+    [Parameter(Mandatory = $true)]
+    [string] $ImageTemplateResourceGroup,
+
+    [Parameter(Mandatory = $true)]
+    [string] $DestinationStorageAccountName,
+
+    [Parameter(Mandatory = $false)]
+    [string] $DestinationContainerName = 'vhds',
+
+    [Parameter(Mandatory = $false)]
+    [string] $VhdName = $ImageTemplateName,
+
+    [Parameter(Mandatory = $false)]
+    [switch] $WaitForComplete
+)
+
+begin {
+    Write-Debug ('{0} entered' -f $MyInvocation.MyCommand)
+
+    # Install required modules
+    $currentVerbosePreference = $VerbosePreference
+    $VerbosePreference = 'SilentlyContinue'
+    $requiredModules = @(
+        'Az.ImageBuilder',
+        'Az.Storage'
+    )
+    foreach ($moduleName in $requiredModules) {
+        if (-not ($installedModule = Get-Module $moduleName -ListAvailable)) {
+            Install-Module $moduleName -Repository 'PSGallery' -Force -Scope 'CurrentUser'
+            if ($installed = Get-Module -Name $moduleName -ListAvailable) {
+                Write-Verbose ('Installed module [{0}] with version [{1}]' -f $installed.Name, $installed.Version) -Verbose
+            }
+        } else {
+            Write-Verbose ('Module [{0}] already installed in version [{1}]' -f $installedModule[0].Name, $installedModule[0].Version) -Verbose
+        }
+    }
+    $VerbosePreference = $currentVerbosePreference
+}
+
+process {
+    # Retrieving and initializing parameters before the blob copy
+    Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose
+    $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
+    $sourceUri = $imgtRunOutput.ArtifactUri
+    $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0]
+    $storageAccountList = Get-AzStorageAccount
+    $sourceStorageAccount = $storageAccountList | Where-Object StorageAccountName -EQ $sourceStorageAccountName
+    $sourceStorageAccountContext = $sourceStorageAccount.Context
+    $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName
+    Write-Verbose ('Retrieving artifact uri [{0}] stored in resource group [{1}]' -f $sourceUri, $sourceStorageAccountRGName) -Verbose
+
+    Write-Verbose 'Initializing destination storage account parameters before the blob copy' -Verbose
+    $destinationStorageAccount = $storageAccountList | Where-Object StorageAccountName -EQ $destinationStorageAccountName
+    $destinationStorageAccountContext = $destinationStorageAccount.Context
+    $destinationBlobName = "$vhdName.vhd"
+    Write-Verbose ('Planning for destination blob name [{0}] in container [{1}] and storage account [{2}]' -f $destinationBlobName, $destinationContainerName, $destinationStorageAccountName) -Verbose
+
+    # Copying the VHD to a destination blob container
+    $resourceActionInputObject = @{
+        AbsoluteUri   = $sourceUri
+        Context       = $sourceStorageAccountContext
+        DestContext   = $destinationStorageAccountContext
+        DestBlob      = $destinationBlobName
+        DestContainer = $destinationContainerName
+        Force         = $true
+    }
+
+    if ($PSCmdlet.ShouldProcess('Storage blob copy of VHD [{0}]' -f $destinationBlobName, 'Start')) {
+        $destBlob = Start-AzStorageBlobCopy @resourceActionInputObject
+        Write-Verbose ('Copied/initialized copy of VHD from URI [{0}] to container [{1}] in storage account [{2}]' -f $sourceUri, $destinationContainerName, $destinationStorageAccountName) -Verbose
+    }
+
+    if ($WaitForComplete){
+        $destBlob | Get-AzStorageBlobCopyState -WaitForComplete
+    }
+}
+
+end {
+    Write-Debug ('{0} exited' -f $MyInvocation.MyCommand)
+}
+
diff --git a/modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1 b/modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1
new file mode 100644
index 0000000000..9118832ea3
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1
@@ -0,0 +1,79 @@
+<#
+    .SYNOPSIS
+    Create image artifacts from a given image template
+
+    .DESCRIPTION
+    Create image artifacts from a given image template
+
+    .PARAMETER ImageTemplateName
+    Mandatory. The name of the image template
+
+    .PARAMETER ImageTemplateResourceGroup
+    Mandatory. The resource group name of the image template
+
+    .PARAMETER NoWait
+    Optional. Run the command asynchronously
+
+    .EXAMPLE
+    Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg'
+
+    Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion
+
+    .EXAMPLE
+    Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait
+
+    Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion
+#>
+
+[CmdletBinding(SupportsShouldProcess)]
+param (
+    [Parameter(Mandatory = $true)]
+    [string] $ImageTemplateName,
+
+    [Parameter(Mandatory = $true)]
+    [string] $ImageTemplateResourceGroup,
+
+    [Parameter(Mandatory = $false)]
+    [switch] $NoWait
+)
+
+begin {
+    Write-Debug ('{0} entered' -f $MyInvocation.MyCommand)
+
+    # Install required modules
+    $currentVerbosePreference = $VerbosePreference
+    $VerbosePreference = 'SilentlyContinue'
+    $requiredModules = @(
+        'Az.ImageBuilder'
+    )
+    foreach ($moduleName in $requiredModules) {
+        if (-not ($installedModule = Get-Module $moduleName -ListAvailable)) {
+            Install-Module $moduleName -Repository 'PSGallery' -Force -Scope 'CurrentUser'
+            if ($installed = Get-Module -Name $moduleName -ListAvailable) {
+                Write-Verbose ('Installed module [{0}] with version [{1}]' -f $installed.Name, $installed.Version) -Verbose
+            }
+        } else {
+            Write-Verbose ('Module [{0}] already installed in version [{1}]' -f $installedModule[0].Name, $installedModule[0].Version) -Verbose
+        }
+    }
+    $VerbosePreference = $currentVerbosePreference
+}
+
+process {
+    # Create image artifacts from existing image template
+    $resourceActionInputObject = @{
+        ImageTemplateName   = $imageTemplateName
+        ResourceGroupName   = $imageTemplateResourceGroup
+    }
+    if ($NoWait) {
+        $resourceActionInputObject['NoWait'] = $true
+    }
+    if ($PSCmdlet.ShouldProcess('Image template [{0}]' -f $imageTemplateName, 'Start')) {
+        $null = Start-AzImageBuilderTemplate @resourceActionInputObject
+        Write-Verbose ('Created/initialized creation of image artifacts from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose
+    }
+}
+
+end {
+    Write-Debug ('{0} exited' -f $MyInvocation.MyCommand)
+}
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
new file mode 100644
index 0000000000..037e1f22e7
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -0,0 +1,21 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(managedIdentityName)
+  properties: {
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    principalId: managedIdentity.properties.principalId
+  }
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
new file mode 100644
index 0000000000..29b9e34b33
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -0,0 +1,75 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for a testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.compute.images-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'imgcom'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+// module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+//   scope: resourceGroup
+//   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+//   params: {
+//     storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+//     logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+//     eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+//     eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+//     location: location
+//   }
+// }
+
+// ============== //
+// Test Execution //
+// ============== //
+
+// module testDeployment '../../deploy.bicep' = {
+//   scope: resourceGroup
+//   name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+//   params: {
+//     // Required parameters
+//     name: '<<namePrefix>>${serviceShort}001'
+//     osAccountType: 'Premium_LRS'
+//     osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
+//     osDiskCaching: 'ReadWrite'
+//     osType: 'Windows'
+//     // Non-required parameters
+//     hyperVGeneration: 'V1'
+//     roleAssignments: [
+//       {
+//         principalIds: [
+//           resourceGroupResources.outputs.managedIdentityPrincipalId
+//         ]
+//         roleDefinitionIdOrName: 'Reader'
+//       }
+//     ]
+//     zoneResilient: true
+//   }
+// }
diff --git a/modules/Microsoft.Compute/images/.test/parameters.json b/modules/Microsoft.Compute/images/.test/parameters.json
deleted file mode 100644
index fed467631c..0000000000
--- a/modules/Microsoft.Compute/images/.test/parameters.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-img-x-001"
-        },
-        "osAccountType": {
-            "value": "Premium_LRS"
-        },
-        "osType": {
-            "value": "Windows"
-        },
-        "osDiskBlobUri": {
-            "value": "https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd"
-        },
-        "osDiskCaching": {
-            "value": "ReadWrite"
-        },
-        "zoneResilient": {
-            "value": true
-        },
-        "hyperVGeneration": {
-            "value": "V1"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        }
-    }
-}

From 6d76d1bb752778ca68fef00a16d97a2497626b0e Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 12 Sep 2022 20:28:09 +0200
Subject: [PATCH 03/45] test draft dep sa

---
 .../images/.test/common/dependencies.bicep    | 26 ++++++++++++++++---
 .../images/.test/common/deploy.test.bicep     |  1 +
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
index 037e1f22e7..39c53238f5 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -4,18 +4,36 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+@description('Required. The name of the storage account to create.')
+param storageAccountName string
+
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
   name: managedIdentityName
   location: location
 }
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(managedIdentityName)
+// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//   name: guid(managedIdentityName)
+//   properties: {
+//     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+//     principalId: managedIdentity.properties.principalId
+//   }
+// }
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
+  name: storageAccountName
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_LRS'
+  }
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
-    principalId: managedIdentity.properties.principalId
+    allowBlobPublicAccess: false
   }
 }
 
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Storage Account.')
+output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 29b9e34b33..60ad1904fe 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -29,6 +29,7 @@ module resourceGroupResources 'dependencies.bicep' = {
   name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
   }
 }
 

From 47128854d85c1d32961671e31f04f8c689850510 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 12 Sep 2022 20:34:15 +0200
Subject: [PATCH 04/45] readme

---
 .../images/.test/common/dependencies.bicep    |  8 ---
 .../images/.test/common/deploy.test.bicep     | 60 +++++++------------
 modules/Microsoft.Compute/images/readme.md    | 12 ++--
 modules/Microsoft.Compute/images/version.json |  2 +-
 4 files changed, 30 insertions(+), 52 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
index 39c53238f5..b9bc76b819 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -12,14 +12,6 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
   location: location
 }
 
-// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-//   name: guid(managedIdentityName)
-//   properties: {
-//     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
-//     principalId: managedIdentity.properties.principalId
-//   }
-// }
-
 resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
   name: storageAccountName
   location: location
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 60ad1904fe..c2fb003d2b 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -33,44 +33,30 @@ module resourceGroupResources 'dependencies.bicep' = {
   }
 }
 
-// Diagnostics
-// ===========
-// module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
-//   scope: resourceGroup
-//   name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
-//   params: {
-//     storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
-//     logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
-//     eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
-//     eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
-//     location: location
-//   }
-// }
-
 // ============== //
 // Test Execution //
 // ============== //
 
-// module testDeployment '../../deploy.bicep' = {
-//   scope: resourceGroup
-//   name: '${uniqueString(deployment().name)}-test-${serviceShort}'
-//   params: {
-//     // Required parameters
-//     name: '<<namePrefix>>${serviceShort}001'
-//     osAccountType: 'Premium_LRS'
-//     osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
-//     osDiskCaching: 'ReadWrite'
-//     osType: 'Windows'
-//     // Non-required parameters
-//     hyperVGeneration: 'V1'
-//     roleAssignments: [
-//       {
-//         principalIds: [
-//           resourceGroupResources.outputs.managedIdentityPrincipalId
-//         ]
-//         roleDefinitionIdOrName: 'Reader'
-//       }
-//     ]
-//     zoneResilient: true
-//   }
-// }
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>${serviceShort}001'
+    osAccountType: 'Premium_LRS'
+    osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
+    osDiskCaching: 'ReadWrite'
+    osType: 'Windows'
+    // Non-required parameters
+    hyperVGeneration: 'V1'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    zoneResilient: true
+  }
+}
diff --git a/modules/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md
index c2af93ba73..3a6b5f6df3 100644
--- a/modules/Microsoft.Compute/images/readme.md
+++ b/modules/Microsoft.Compute/images/readme.md
@@ -159,7 +159,7 @@ The following module usage examples are retrieved from the content of the files
 
    >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
 
-<h3>Example 1: Parameters</h3>
+<h3>Example 1: Common</h3>
 
 <details>
 
@@ -167,10 +167,10 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module images './Microsoft.Compute/images/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-Images'
+  name: '${uniqueString(deployment().name)}-test-imgcom'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-img-x-001'
+    name: '<<namePrefix>>imgcom001'
     osAccountType: 'Premium_LRS'
     osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
     osDiskCaching: 'ReadWrite'
@@ -180,7 +180,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -204,7 +204,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-img-x-001"
+      "value": "<<namePrefix>>imgcom001"
     },
     "osAccountType": {
       "value": "Premium_LRS"
@@ -226,7 +226,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
diff --git a/modules/Microsoft.Compute/images/version.json b/modules/Microsoft.Compute/images/version.json
index 56f8d9ca40..badc0a2285 100644
--- a/modules/Microsoft.Compute/images/version.json
+++ b/modules/Microsoft.Compute/images/version.json
@@ -1,4 +1,4 @@
 {
     "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-    "version": "0.4"
+    "version": "0.5"
 }

From 7b7eae6f34bb81c6637287ed7f60547080bd4892 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 12 Sep 2022 21:05:38 +0200
Subject: [PATCH 05/45] role assignment

---
 .../images/.test/common/deploy.test.bicep                 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index c2fb003d2b..1931b560d2 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -33,6 +33,14 @@ module resourceGroupResources 'dependencies.bicep' = {
   }
 }
 
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(deployment().name, location, serviceShort)
+  properties: {
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+  }
+}
+
 // ============== //
 // Test Execution //
 // ============== //

From dd0957a9f6072a1891307c49b81ea7242e2fb4ff Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 14:44:28 +0200
Subject: [PATCH 06/45] 2 dep

---
 .../.scripts/Copy-VhdToStorageAccount.ps1     |   0
 .../.scripts/Start-ImageTemplate.ps1          |   0
 ...ependencies.bicep => dependencies01.bicep} |   3 +
 .../images/.test/common/dependencies02.bicep  | 125 ++++++++++++++++++
 .../images/.test/common/deploy.test.bicep     |  18 ++-
 5 files changed, 142 insertions(+), 4 deletions(-)
 rename modules/Microsoft.Compute/images/{ => .test}/.scripts/Copy-VhdToStorageAccount.ps1 (100%)
 rename modules/Microsoft.Compute/images/{ => .test}/.scripts/Start-ImageTemplate.ps1 (100%)
 rename modules/Microsoft.Compute/images/.test/common/{dependencies.bicep => dependencies01.bicep} (88%)
 create mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies02.bicep

diff --git a/modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
similarity index 100%
rename from modules/Microsoft.Compute/images/.scripts/Copy-VhdToStorageAccount.ps1
rename to modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
diff --git a/modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1
similarity index 100%
rename from modules/Microsoft.Compute/images/.scripts/Start-ImageTemplate.ps1
rename to modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
similarity index 88%
rename from modules/Microsoft.Compute/images/.test/common/dependencies.bicep
rename to modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
index b9bc76b819..13239207bf 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
@@ -27,5 +27,8 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
 @description('The resource ID of the created Storage Account.')
 output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
new file mode 100644
index 0000000000..c151cb9068
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -0,0 +1,125 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The resource ID of the Managed Identity.')
+param managedIdentityResourceId string
+
+@description('Required. The name of the image template.')
+param imageTemplateName string
+
+@description('Required. The name of the Deployment Script to create for triggering the image creation.')
+param triggerImageDeploymentScriptName string
+
+resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14' = {
+  name: imageTemplateName
+  location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      managedIdentityResourceId: {}
+    }
+  }
+  properties: {
+    buildTimeoutInMinutes: 0
+    vmProfile: {
+      vmSize: 'Standard_D2s_v3'
+      osDiskSizeGB: 127
+    }
+    source: {
+      type: 'PlatformImage'
+      publisher: 'MicrosoftWindowsDesktop'
+      offer: 'Windows-10'
+      sku: '19h2-evd'
+      version: 'latest'
+    }
+    distribute: []
+  }
+}
+
+// name: '${name}-${baseTime}'
+// location: location
+// tags: tags
+// identity: {
+// type: 'UserAssigned'
+// userAssignedIdentities: {
+// '${az.resourceId(userMsiResourceGroup, 'Microsoft.ManagedIdentity/userAssignedIdentities', userMsiName)}': {}
+// }
+// }
+//
+// properties: {
+// buildTimeoutInMinutes: buildTimeoutInMinutes
+// vmProfile: {
+// vmSize: vmSize
+// osDiskSizeGB: osDiskSizeGB
+// vnetConfig: !empty(subnetId) ? vnetConfig : null
+// }
+// source: imageSource
+// customize: customizationSteps
+// distribute: distribute
+// }
+// customization: [
+//       {
+//         restartTimeout: '30m'
+//         type: 'WindowsRestart'
+//       }
+//     ]
+
+// resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+//   name: triggerImageDeploymentScriptName
+//   location: location
+//   kind: 'AzurePowerShell'
+//   identity: {
+//     type: 'UserAssigned'
+//     userAssignedIdentities: {
+//       '${managedIdentityResourceId}': {}
+//     }
+//   }
+//   properties: {
+//     azPowerShellVersion: '6.2.1'
+//     retentionInterval: 'P1D'
+//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\"'
+//     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
+//   }
+// }
+
+// // Trigger VHD creation
+// module triggerImageDeploymentScript '../../../../../modules/Microsoft.Resources/deploymentScripts/deploy.bicep' = {
+//   name: '${uniqueString(deployment().name)}-triggerImageDeploymentScript'
+//   scope: resourceGroup(resourceGroupName)
+//   params: {
+//     name: 'adp-<<namePrefix>>-az-ds-vhd-triggerImageTemplate'
+//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\"'
+//     azPowerShellVersion: '6.4'
+//     cleanupPreference: 'OnSuccess'
+//     kind: 'AzurePowerShell'
+//     retentionInterval: 'P1D'
+//     runOnce: false
+//     scriptContent: loadTextContent('deploymentScripts/Start-ImageTemplate.ps1')
+//     timeout: 'PT30M'
+//     userAssignedIdentities: {
+//       '${userMsi.outputs.resourceId}': {}
+//     }
+//   }
+//   dependsOn: [ roleAssignment ]
+// }
+//
+// // Copy VHD to destination storage account
+// module copyVhdDeploymentScript '../../../../../modules/Microsoft.Resources/deploymentScripts/deploy.bicep' = {
+//   name: '${uniqueString(deployment().name)}-copyVhdDeploymentScript'
+//   scope: resourceGroup(resourceGroupName)
+//   params: {
+//     name: 'adp-<<namePrefix>>-az-ds-vhd-copyVhdToStorage'
+//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\" -DestinationStorageAccountName \\"${destinationStorageAccount.outputs.name}\\" -VhdName \\"${imageTemplate.outputs.namePrefix}\\" -WaitForComplete'
+//     azPowerShellVersion: '6.4'
+//     cleanupPreference: 'OnSuccess'
+//     kind: 'AzurePowerShell'
+//     retentionInterval: 'P1D'
+//     runOnce: false
+//     scriptContent: loadTextContent('deploymentScripts/Copy-VhdToStorageAccount.ps1')
+//     timeout: 'PT30M'
+//     userAssignedIdentities: {
+//       '${userMsi.outputs.resourceId}': {}
+//     }
+//   }
+//   dependsOn: [ triggerImageDeploymentScript ]
+// }
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 1931b560d2..9618ba8ff5 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -24,9 +24,9 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
   location: location
 }
 
-module resourceGroupResources 'dependencies.bicep' = {
+module resourceGroupResources01 'dependencies01.bicep' = {
   scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-paramNested'
+  name: '${uniqueString(deployment().name, location)}-paramNested01'
   params: {
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
     storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
@@ -37,7 +37,17 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(deployment().name, location, serviceShort)
   properties: {
     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
-    principalId: resourceGroupResources.outputs.managedIdentityPrincipalId
+    principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
+  }
+}
+
+module resourceGroupResources02 'dependencies02.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested02'
+  params: {
+    managedIdentityResourceId: resourceGroupResources01.outputs.managedIdentityResourceId
+    triggerImageDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
+    imageTemplateName: 'dep-<<namePrefix>>-imgt-${serviceShort}'
   }
 }
 
@@ -60,7 +70,7 @@ module testDeployment '../../deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          resourceGroupResources.outputs.managedIdentityPrincipalId
+          resourceGroupResources01.outputs.managedIdentityPrincipalId
         ]
         roleDefinitionIdOrName: 'Reader'
       }

From ee9ed8c364b595e7aa1036b6abfdd8241c5ff55b Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 14:47:56 +0200
Subject: [PATCH 07/45] disable pester

---
 .github/workflows/ms.compute.images.yml | 36 ++++++++++++-------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml
index 82ff8ca90a..ec44b997e9 100644
--- a/.github/workflows/ms.compute.images.yml
+++ b/.github/workflows/ms.compute.images.yml
@@ -63,23 +63,23 @@ jobs:
   #########################
   #   Static validation   #
   #########################
-  job_module_pester_validation:
-    runs-on: ubuntu-20.04
-    name: 'Static validation'
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Set environment variables
-        uses: ./.github/actions/templates/setEnvironmentVariables
-        with:
-          variablesPath: ${{ env.variablesPath }}
-      - name: 'Run tests'
-        uses: ./.github/actions/templates/validateModulePester
-        with:
-          modulePath: '${{ env.modulePath }}'
-          moduleTestFilePath: '${{ env.moduleTestFilePath }}'
+  # job_module_pester_validation:
+  #   runs-on: ubuntu-20.04
+  #   name: 'Static validation'
+  #   steps:
+  #     - name: 'Checkout'
+  #       uses: actions/checkout@v2
+  #       with:
+  #         fetch-depth: 0
+  #     - name: Set environment variables
+  #       uses: ./.github/actions/templates/setEnvironmentVariables
+  #       with:
+  #         variablesPath: ${{ env.variablesPath }}
+  #     - name: 'Run tests'
+  #       uses: ./.github/actions/templates/validateModulePester
+  #       with:
+  #         modulePath: '${{ env.modulePath }}'
+  #         moduleTestFilePath: '${{ env.moduleTestFilePath }}'
 
   #############################
   #   Deployment validation   #
@@ -89,7 +89,7 @@ jobs:
     name: 'Deployment validation'
     needs:
       - job_initialize_pipeline
-      - job_module_pester_validation
+      # - job_module_pester_validation
     strategy:
       fail-fast: false
       matrix:

From 51f5cde89ec3da172d958d47904db2b078df46d6 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 14:49:04 +0200
Subject: [PATCH 08/45] managedIdentityResourceId

---
 .../Microsoft.Compute/images/.test/common/dependencies02.bicep  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index c151cb9068..853cf58a01 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -16,7 +16,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
   identity: {
     type: 'UserAssigned'
     userAssignedIdentities: {
-      managedIdentityResourceId: {}
+      '${managedIdentityResourceId}': {}
     }
   }
   properties: {

From 628c42516a548319bc999de70a347961fc1582c5 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 14:58:42 +0200
Subject: [PATCH 09/45] customize

---
 .../Microsoft.Compute/images/.test/common/dependencies02.bicep   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 853cf58a01..152523897c 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -33,6 +33,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
       version: 'latest'
     }
     distribute: []
+    customize: []
   }
 }
 

From 2f621a452c32da2bb73dcbdb835befd95732893e Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 15:10:32 +0200
Subject: [PATCH 10/45] customize restart

---
 .../images/.test/common/dependencies02.bicep       |  7 ++++++-
 .../images/.test/common/deploy.test.bicep          | 14 +++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 152523897c..91501d0084 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -33,7 +33,12 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
       version: 'latest'
     }
     distribute: []
-    customize: []
+    customize: [
+      {
+        restartTimeout: '30m'
+        type: 'WindowsRestart'
+      }
+    ]
   }
 }
 
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 9618ba8ff5..78fcefa8da 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -33,13 +33,13 @@ module resourceGroupResources01 'dependencies01.bicep' = {
   }
 }
 
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(deployment().name, location, serviceShort)
-  properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
-    principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
-  }
-}
+// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+//   name: guid(deployment().name, location, serviceShort)
+//   properties: {
+//     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+//     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
+//   }
+// }
 
 module resourceGroupResources02 'dependencies02.bicep' = {
   scope: resourceGroup

From a5000e9860dd7105dfa1cd9bce950e519ec06fd4 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 15:23:54 +0200
Subject: [PATCH 11/45] distribute

---
 .../images/.test/common/dependencies02.bicep              | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 91501d0084..18974a40fc 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -32,7 +32,13 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
       sku: '19h2-evd'
       version: 'latest'
     }
-    distribute: []
+    distribute: [
+      {
+        type: 'VHD'
+        runOutputName: '${imageTemplateName}-VHD'
+        artifactTags: {}
+      }
+    ]
     customize: [
       {
         restartTimeout: '30m'

From 6196339eddb99150866ed5772076e3b36b7e1bc4 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 15:30:36 +0200
Subject: [PATCH 12/45] rbac

---
 .../images/.test/common/deploy.test.bicep          | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 78fcefa8da..76db8cf5e7 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -33,13 +33,13 @@ module resourceGroupResources01 'dependencies01.bicep' = {
   }
 }
 
-// resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-//   name: guid(deployment().name, location, serviceShort)
-//   properties: {
-//     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
-//     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
-//   }
-// }
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().subscriptionId, 'Contributor', 'dep-<<namePrefix>>-msi-imgcom')
+  properties: {
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
+  }
+}
 
 module resourceGroupResources02 'dependencies02.bicep' = {
   scope: resourceGroup

From a5fd2be9eed6c3cee8b8e83e651d5e3fd40fc4f8 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 15:40:38 +0200
Subject: [PATCH 13/45] basetime

---
 .../images/.test/common/dependencies02.bicep               | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 18974a40fc..186edd9564 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -5,13 +5,16 @@ param location string = resourceGroup().location
 param managedIdentityResourceId string
 
 @description('Required. The name of the image template.')
-param imageTemplateName string
+param imageTemplateNamePrefix string
+
+@description('Generated. Do not provide a value! This date value is used to generate a unique image template name.')
+param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss')
 
 @description('Required. The name of the Deployment Script to create for triggering the image creation.')
 param triggerImageDeploymentScriptName string
 
 resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14' = {
-  name: imageTemplateName
+  name: '${imageTemplateNamePrefix}-${baseTime}'
   location: location
   identity: {
     type: 'UserAssigned'

From 1ddaf22f7710895869986910b57739c9ab8f0f1b Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 15:54:45 +0200
Subject: [PATCH 14/45] imageTemplateNamePrefix

---
 .../Microsoft.Compute/images/.test/common/dependencies02.bicep  | 2 +-
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 186edd9564..4676876bbc 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -38,7 +38,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
     distribute: [
       {
         type: 'VHD'
-        runOutputName: '${imageTemplateName}-VHD'
+        runOutputName: '${imageTemplateNamePrefix}-VHD'
         artifactTags: {}
       }
     ]
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 76db8cf5e7..a443981250 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -47,7 +47,7 @@ module resourceGroupResources02 'dependencies02.bicep' = {
   params: {
     managedIdentityResourceId: resourceGroupResources01.outputs.managedIdentityResourceId
     triggerImageDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
-    imageTemplateName: 'dep-<<namePrefix>>-imgt-${serviceShort}'
+    imageTemplateNamePrefix: 'dep-<<namePrefix>>-imgt-${serviceShort}'
   }
 }
 

From b6f8eb68db9c6def736009f2dc7ac27941524319 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 18:56:41 +0200
Subject: [PATCH 15/45] managedIdentityName var

---
 .../images/.test/common/deploy.test.bicep           | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index a443981250..c22cbbced5 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -13,6 +13,15 @@ param location string = deployment().location
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
 param serviceShort string = 'imgcom'
 
+// TODO: discuss the following challenge: roleassignment must be a globally unique identifier (GUID). The GUID is normally generated with role + scope + identity.
+// Identity in this case is the MSI deployed in the resourceGroupResources01 module. We cannot get that as output since the resource name requires a value that can be calculated at the start of the deployment.
+// Also the name won't work since it's generated using servicesShort
+
+// ========= //
+// Variables //
+// ========= //
+var managedIdentityName = 'dep-<<namePrefix>>-msi-${serviceShort}'
+
 // =========== //
 // Deployments //
 // =========== //
@@ -28,13 +37,13 @@ module resourceGroupResources01 'dependencies01.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-paramNested01'
   params: {
-    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    managedIdentityName: managedIdentityName
     storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
   }
 }
 
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(subscription().subscriptionId, 'Contributor', 'dep-<<namePrefix>>-msi-imgcom')
+  name: guid(subscription().subscriptionId, 'Contributor', managedIdentityName)
   properties: {
     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId

From 9890f83157756d6c828dd9fdccde1a8be753a106 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 19:35:54 +0200
Subject: [PATCH 16/45] triggerImageDeploymentScript

---
 .../images/.test/common/dependencies02.bicep  | 62 +++++--------------
 1 file changed, 17 insertions(+), 45 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 4676876bbc..ec5ed25bde 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -51,51 +51,23 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
   }
 }
 
-// name: '${name}-${baseTime}'
-// location: location
-// tags: tags
-// identity: {
-// type: 'UserAssigned'
-// userAssignedIdentities: {
-// '${az.resourceId(userMsiResourceGroup, 'Microsoft.ManagedIdentity/userAssignedIdentities', userMsiName)}': {}
-// }
-// }
-//
-// properties: {
-// buildTimeoutInMinutes: buildTimeoutInMinutes
-// vmProfile: {
-// vmSize: vmSize
-// osDiskSizeGB: osDiskSizeGB
-// vnetConfig: !empty(subnetId) ? vnetConfig : null
-// }
-// source: imageSource
-// customize: customizationSteps
-// distribute: distribute
-// }
-// customization: [
-//       {
-//         restartTimeout: '30m'
-//         type: 'WindowsRestart'
-//       }
-//     ]
-
-// resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-//   name: triggerImageDeploymentScriptName
-//   location: location
-//   kind: 'AzurePowerShell'
-//   identity: {
-//     type: 'UserAssigned'
-//     userAssignedIdentities: {
-//       '${managedIdentityResourceId}': {}
-//     }
-//   }
-//   properties: {
-//     azPowerShellVersion: '6.2.1'
-//     retentionInterval: 'P1D'
-//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\"'
-//     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
-//   }
-// }
+resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: triggerImageDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityResourceId}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '6.2.1'
+    retentionInterval: 'P1D'
+    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
+    scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
+  }
+}
 
 // // Trigger VHD creation
 // module triggerImageDeploymentScript '../../../../../modules/Microsoft.Resources/deploymentScripts/deploy.bicep' = {

From a89c697c317b2ed6ad76bff1df11662a5947caff Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 20:15:34 +0200
Subject: [PATCH 17/45] copyVhdDeploymentScript

---
 .../images/.test/common/dependencies02.bicep  | 77 +++++++++----------
 .../images/.test/common/deploy.test.bicep     | 19 +++--
 2 files changed, 49 insertions(+), 47 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index ec5ed25bde..41d43e3d82 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -13,6 +13,13 @@ param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss')
 @description('Required. The name of the Deployment Script to create for triggering the image creation.')
 param triggerImageDeploymentScriptName string
 
+@description('Required. The name of the Deployment Script to copy the VHD to a destination storage account.')
+param copyVhdDeploymentScriptName string
+
+@description('Required. The name of the destination storage account.')
+param destinationStorageAccountName string
+
+// Deploy image template
 resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14' = {
   name: '${imageTemplateNamePrefix}-${baseTime}'
   location: location
@@ -51,6 +58,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
   }
 }
 
+// Trigger VHD creation
 resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
   name: triggerImageDeploymentScriptName
   location: location
@@ -62,51 +70,36 @@ resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@202
     }
   }
   properties: {
-    azPowerShellVersion: '6.2.1'
+    azPowerShellVersion: '6.4'
     retentionInterval: 'P1D'
     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
+    cleanupPreference: 'OnSuccess'
+  }
+}
+
+// Copy VHD to destination storage account
+resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: copyVhdDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentityResourceId}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '6.4'
+    retentionInterval: 'P1D'
+    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
+    scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
+    cleanupPreference: 'OnSuccess'
+    // runOnce: false
+    // timeout: 'PT30M'
   }
+  dependsOn: [ triggerImageDeploymentScript ]
 }
 
-// // Trigger VHD creation
-// module triggerImageDeploymentScript '../../../../../modules/Microsoft.Resources/deploymentScripts/deploy.bicep' = {
-//   name: '${uniqueString(deployment().name)}-triggerImageDeploymentScript'
-//   scope: resourceGroup(resourceGroupName)
-//   params: {
-//     name: 'adp-<<namePrefix>>-az-ds-vhd-triggerImageTemplate'
-//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\"'
-//     azPowerShellVersion: '6.4'
-//     cleanupPreference: 'OnSuccess'
-//     kind: 'AzurePowerShell'
-//     retentionInterval: 'P1D'
-//     runOnce: false
-//     scriptContent: loadTextContent('deploymentScripts/Start-ImageTemplate.ps1')
-//     timeout: 'PT30M'
-//     userAssignedIdentities: {
-//       '${userMsi.outputs.resourceId}': {}
-//     }
-//   }
-//   dependsOn: [ roleAssignment ]
-// }
-//
-// // Copy VHD to destination storage account
-// module copyVhdDeploymentScript '../../../../../modules/Microsoft.Resources/deploymentScripts/deploy.bicep' = {
-//   name: '${uniqueString(deployment().name)}-copyVhdDeploymentScript'
-//   scope: resourceGroup(resourceGroupName)
-//   params: {
-//     name: 'adp-<<namePrefix>>-az-ds-vhd-copyVhdToStorage'
-//     arguments: '-ImageTemplateName \\"${imageTemplate.outputs.name}\\" -ImageTemplateResourceGroup \\"${imageTemplate.outputs.resourceGroupName}\\" -DestinationStorageAccountName \\"${destinationStorageAccount.outputs.name}\\" -VhdName \\"${imageTemplate.outputs.namePrefix}\\" -WaitForComplete'
-//     azPowerShellVersion: '6.4'
-//     cleanupPreference: 'OnSuccess'
-//     kind: 'AzurePowerShell'
-//     retentionInterval: 'P1D'
-//     runOnce: false
-//     scriptContent: loadTextContent('deploymentScripts/Copy-VhdToStorageAccount.ps1')
-//     timeout: 'PT30M'
-//     userAssignedIdentities: {
-//       '${userMsi.outputs.resourceId}': {}
-//     }
-//   }
-//   dependsOn: [ triggerImageDeploymentScript ]
-// }
+@description('The URI of the created VHD.')
+output vhdUri string = 'https://${destinationStorageAccountName}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index c22cbbced5..22c5fae24d 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -3,6 +3,7 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
+
 @description('Optional. The name of the resource group to deploy for a testing purposes')
 @maxLength(90)
 param resourceGroupName string = 'ms.compute.images-${serviceShort}-rg'
@@ -15,12 +16,18 @@ param serviceShort string = 'imgcom'
 
 // TODO: discuss the following challenge: roleassignment must be a globally unique identifier (GUID). The GUID is normally generated with role + scope + identity.
 // Identity in this case is the MSI deployed in the resourceGroupResources01 module. We cannot get that as output since the resource name requires a value that can be calculated at the start of the deployment.
-// Also the name won't work since it's generated using servicesShort
+// Using the msi name as a workaround. Creating var in order not to duplicate its value (roleAssignment guid + input for resourceGroupResources01 module).
+// Same for destinationStorageAccountName. Creating other vars for consistency.
 
 // ========= //
 // Variables //
 // ========= //
+
 var managedIdentityName = 'dep-<<namePrefix>>-msi-${serviceShort}'
+var destinationStorageAccountName = 'dep<<namePrefix>>sa${serviceShort}01'
+var imageTemplateNamePrefix = 'dep-<<namePrefix>>-imgt-${serviceShort}'
+var triggerImageDeploymentScriptName = 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
+var copyVhdDeploymentScriptName = 'dep-<<namePrefix>>-ds-${serviceShort}-copyVhdToStorage'
 
 // =========== //
 // Deployments //
@@ -38,7 +45,7 @@ module resourceGroupResources01 'dependencies01.bicep' = {
   name: '${uniqueString(deployment().name, location)}-paramNested01'
   params: {
     managedIdentityName: managedIdentityName
-    storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
+    storageAccountName: destinationStorageAccountName
   }
 }
 
@@ -55,8 +62,10 @@ module resourceGroupResources02 'dependencies02.bicep' = {
   name: '${uniqueString(deployment().name, location)}-paramNested02'
   params: {
     managedIdentityResourceId: resourceGroupResources01.outputs.managedIdentityResourceId
-    triggerImageDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
-    imageTemplateNamePrefix: 'dep-<<namePrefix>>-imgt-${serviceShort}'
+    imageTemplateNamePrefix: imageTemplateNamePrefix
+    triggerImageDeploymentScriptName: triggerImageDeploymentScriptName
+    copyVhdDeploymentScriptName: copyVhdDeploymentScriptName
+    destinationStorageAccountName: destinationStorageAccountName
   }
 }
 
@@ -71,7 +80,7 @@ module testDeployment '../../deploy.bicep' = {
     // Required parameters
     name: '<<namePrefix>>${serviceShort}001'
     osAccountType: 'Premium_LRS'
-    osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
+    osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
     osDiskCaching: 'ReadWrite'
     osType: 'Windows'
     // Non-required parameters

From eb9f12d20680b08e4d6e9b28450d5ad12bfcda9c Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 20:18:22 +0200
Subject: [PATCH 18/45] validation

---
 .github/workflows/ms.compute.images.yml | 36 ++++++++++++-------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml
index ec44b997e9..82ff8ca90a 100644
--- a/.github/workflows/ms.compute.images.yml
+++ b/.github/workflows/ms.compute.images.yml
@@ -63,23 +63,23 @@ jobs:
   #########################
   #   Static validation   #
   #########################
-  # job_module_pester_validation:
-  #   runs-on: ubuntu-20.04
-  #   name: 'Static validation'
-  #   steps:
-  #     - name: 'Checkout'
-  #       uses: actions/checkout@v2
-  #       with:
-  #         fetch-depth: 0
-  #     - name: Set environment variables
-  #       uses: ./.github/actions/templates/setEnvironmentVariables
-  #       with:
-  #         variablesPath: ${{ env.variablesPath }}
-  #     - name: 'Run tests'
-  #       uses: ./.github/actions/templates/validateModulePester
-  #       with:
-  #         modulePath: '${{ env.modulePath }}'
-  #         moduleTestFilePath: '${{ env.moduleTestFilePath }}'
+  job_module_pester_validation:
+    runs-on: ubuntu-20.04
+    name: 'Static validation'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: ./.github/actions/templates/setEnvironmentVariables
+        with:
+          variablesPath: ${{ env.variablesPath }}
+      - name: 'Run tests'
+        uses: ./.github/actions/templates/validateModulePester
+        with:
+          modulePath: '${{ env.modulePath }}'
+          moduleTestFilePath: '${{ env.moduleTestFilePath }}'
 
   #############################
   #   Deployment validation   #
@@ -89,7 +89,7 @@ jobs:
     name: 'Deployment validation'
     needs:
       - job_initialize_pipeline
-      # - job_module_pester_validation
+      - job_module_pester_validation
     strategy:
       fail-fast: false
       matrix:

From bd523941b24d5200229ca7694ae8279aa6815727 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 20:21:41 +0200
Subject: [PATCH 19/45] readme

---
 modules/Microsoft.Compute/images/readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md
index 3a6b5f6df3..38ca3dcd1f 100644
--- a/modules/Microsoft.Compute/images/readme.md
+++ b/modules/Microsoft.Compute/images/readme.md
@@ -172,7 +172,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
     // Required parameters
     name: '<<namePrefix>>imgcom001'
     osAccountType: 'Premium_LRS'
-    osDiskBlobUri: 'https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd'
+    osDiskBlobUri: '<osDiskBlobUri>'
     osDiskCaching: 'ReadWrite'
     osType: 'Windows'
     // Non-required parameters
@@ -210,7 +210,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
       "value": "Premium_LRS"
     },
     "osDiskBlobUri": {
-      "value": "https://adp<<namePrefix>>azsavhd001.blob.core.windows.net/vhds/adp-<<namePrefix>>-az-imgt-vhd-001.vhd"
+      "value": "<osDiskBlobUri>"
     },
     "osDiskCaching": {
       "value": "ReadWrite"

From 4cfba9cd4da5d31c42362f0581b1ac659210fcbf Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 20:26:05 +0200
Subject: [PATCH 20/45] output and dependson

---
 .../Microsoft.Compute/images/.test/common/dependencies01.bicep | 3 ---
 .../Microsoft.Compute/images/.test/common/deploy.test.bicep    | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
index 13239207bf..71ac10c863 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
@@ -29,6 +29,3 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI
 
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityResourceId string = managedIdentity.id
-
-@description('The resource ID of the created Storage Account.')
-output storageAccountResourceId string = storageAccount.id
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 22c5fae24d..0e82037cf8 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -67,6 +67,9 @@ module resourceGroupResources02 'dependencies02.bicep' = {
     copyVhdDeploymentScriptName: copyVhdDeploymentScriptName
     destinationStorageAccountName: destinationStorageAccountName
   }
+  dependsOn: [
+    roleAssignment
+  ]
 }
 
 // ============== //

From 5445c2bd6ef3f0b1198939b04d1ce289c5205ab1 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 20:42:59 +0200
Subject: [PATCH 21/45] dep descriptions

---
 .../images/.test/common/dependencies01.bicep              | 4 ++--
 .../images/.test/common/dependencies02.bicep              | 8 +++-----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
index 71ac10c863..d57bd5f2e6 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
@@ -4,7 +4,7 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
-@description('Required. The name of the storage account to create.')
+@description('Required. The name of the Storage Account to create.')
 param storageAccountName string
 
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
@@ -27,5 +27,5 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 
-@description('The principal ID of the created Managed Identity.')
+@description('The resource ID of the created Managed Identity.')
 output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 41d43e3d82..43181a9b4c 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -1,10 +1,10 @@
 @description('Optional. The location to deploy to.')
 param location string = resourceGroup().location
 
-@description('Required. The resource ID of the Managed Identity.')
+@description('Required. The resource ID of the Managed Identity to assign.')
 param managedIdentityResourceId string
 
-@description('Required. The name of the image template.')
+@description('Required. The name prefix of the Image Template to create.')
 param imageTemplateNamePrefix string
 
 @description('Generated. Do not provide a value! This date value is used to generate a unique image template name.')
@@ -16,7 +16,7 @@ param triggerImageDeploymentScriptName string
 @description('Required. The name of the Deployment Script to copy the VHD to a destination storage account.')
 param copyVhdDeploymentScriptName string
 
-@description('Required. The name of the destination storage account.')
+@description('Required. The name of the destination Storage Account to copy the created VHD to.')
 param destinationStorageAccountName string
 
 // Deploy image template
@@ -95,8 +95,6 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-
     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
     scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
     cleanupPreference: 'OnSuccess'
-    // runOnce: false
-    // timeout: 'PT30M'
   }
   dependsOn: [ triggerImageDeploymentScript ]
 }

From d77989ad8e748aeb43558f144be0d77da9448826 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Tue, 13 Sep 2022 22:07:15 +0200
Subject: [PATCH 22/45] container

---
 .../images/.test/common/dependencies01.bicep  | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
index d57bd5f2e6..00a827efbf 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
@@ -12,7 +12,7 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
   location: location
 }
 
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
   name: storageAccountName
   location: location
   kind: 'StorageV2'
@@ -22,8 +22,30 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
   properties: {
     allowBlobPublicAccess: false
   }
+  resource blobServices 'blobServices@2021-09-01' = {
+    name: 'default'
+    resource container 'containers@2021-09-01' = {
+      name: 'vhds'
+      properties: {
+        publicAccess: 'None'
+      }
+    }
+  }
 }
 
+// resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
+//   name: 'default'
+//   parent: storageAccount
+// }
+
+// resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-09-01' = {
+//   name: 'vhds'
+//   parent: blobServices
+//   properties: {
+//     publicAccess: 'None'
+//   }
+// }
+
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 

From 0652b935fcda6a88cc499aa38d2a6cbc568aa369 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Wed, 14 Sep 2022 14:11:58 +0200
Subject: [PATCH 23/45] ps version

---
 .../images/.test/.scripts/Copy-VhdToStorageAccount.ps1      | 4 +++-
 .../images/.test/common/dependencies02.bicep                | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
index 7fb311cf31..34fc449bb6 100644
--- a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
+++ b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
@@ -81,6 +81,8 @@ begin {
 process {
     # Retrieving and initializing parameters before the blob copy
     Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose
+    Write-Verbose ('Retrieving source storage account from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose
+    Get-InstalledModule
     $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
     $sourceUri = $imgtRunOutput.ArtifactUri
     $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0]
@@ -111,7 +113,7 @@ process {
         Write-Verbose ('Copied/initialized copy of VHD from URI [{0}] to container [{1}] in storage account [{2}]' -f $sourceUri, $destinationContainerName, $destinationStorageAccountName) -Verbose
     }
 
-    if ($WaitForComplete){
+    if ($WaitForComplete) {
         $destBlob | Get-AzStorageBlobCopyState -WaitForComplete
     }
 }
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index 43181a9b4c..ae02816fa0 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -70,11 +70,12 @@ resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@202
     }
   }
   properties: {
-    azPowerShellVersion: '6.4'
+    azPowerShellVersion: '8.0'
     retentionInterval: 'P1D'
     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
     cleanupPreference: 'OnSuccess'
+    forceUpdateTag: baseTime
   }
 }
 
@@ -90,11 +91,12 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-
     }
   }
   properties: {
-    azPowerShellVersion: '6.4'
+    azPowerShellVersion: '8.0'
     retentionInterval: 'P1D'
     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
     scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
     cleanupPreference: 'OnSuccess'
+    forceUpdateTag: baseTime
   }
   dependsOn: [ triggerImageDeploymentScript ]
 }

From fe969639c85f0332032383d6b3539929bdec0e1b Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Wed, 14 Sep 2022 14:26:41 +0200
Subject: [PATCH 24/45] cleanup

---
 .../images/.test/common/dependencies01.bicep        | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
index 00a827efbf..51c195a74e 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
@@ -33,19 +33,6 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
   }
 }
 
-// resource blobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-09-01' = {
-//   name: 'default'
-//   parent: storageAccount
-// }
-
-// resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-09-01' = {
-//   name: 'vhds'
-//   parent: blobServices
-//   properties: {
-//     publicAccess: 'None'
-//   }
-// }
-
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 

From 81413ebda2e9b921f8cb64e0aa4d38b4b63a07ab Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Wed, 14 Sep 2022 17:51:56 +0200
Subject: [PATCH 25/45] Get-AzImageBuilderTemplateRunOutput

---
 .../images/.test/.scripts/Copy-VhdToStorageAccount.ps1          | 2 +-
 .../deploymentScripts/Copy-VhdToStorageAccount.ps1              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
index 34fc449bb6..ff8568b0a9 100644
--- a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
+++ b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1
@@ -83,7 +83,7 @@ process {
     Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose
     Write-Verbose ('Retrieving source storage account from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose
     Get-InstalledModule
-    $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
+    $imgtRunOutput = Get-AzImageBuilderTemplateRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
     $sourceUri = $imgtRunOutput.ArtifactUri
     $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0]
     $storageAccountList = Get-AzStorageAccount
diff --git a/utilities/pipelines/dependencies/constructs/StoreVhdToStorage/deploymentScripts/Copy-VhdToStorageAccount.ps1 b/utilities/pipelines/dependencies/constructs/StoreVhdToStorage/deploymentScripts/Copy-VhdToStorageAccount.ps1
index 7fb311cf31..604683a152 100644
--- a/utilities/pipelines/dependencies/constructs/StoreVhdToStorage/deploymentScripts/Copy-VhdToStorageAccount.ps1
+++ b/utilities/pipelines/dependencies/constructs/StoreVhdToStorage/deploymentScripts/Copy-VhdToStorageAccount.ps1
@@ -81,7 +81,7 @@ begin {
 process {
     # Retrieving and initializing parameters before the blob copy
     Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose
-    $imgtRunOutput = Get-AzImageBuilderRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
+    $imgtRunOutput = Get-AzImageBuilderTemplateRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null
     $sourceUri = $imgtRunOutput.ArtifactUri
     $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0]
     $storageAccountList = Get-AzStorageAccount

From 31655ac8c1b920d516a10fdb6ee9f56a8f774963 Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Sun, 18 Sep 2022 20:22:25 +0200
Subject: [PATCH 26/45] Update
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 0e82037cf8..f62c00d079 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -54,6 +54,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   properties: {
     roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
+    principalType: 'ServicePrincipal'
   }
 }
 

From bc7446a4ec715806c9514ba1ee7464bf379f0069 Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Sun, 18 Sep 2022 20:23:39 +0200
Subject: [PATCH 27/45] Update
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index f62c00d079..4f06704b9b 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -52,7 +52,7 @@ module resourceGroupResources01 'dependencies01.bicep' = {
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(subscription().subscriptionId, 'Contributor', managedIdentityName)
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'
+    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor
     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
     principalType: 'ServicePrincipal'
   }

From 1e08317c6b609d4d2cf8ff1575ed8063da4c3307 Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Tue, 27 Sep 2022 19:58:54 +0200
Subject: [PATCH 28/45] Update
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep

Co-authored-by: Alexander Sehr <ASehr@hotmail.de>
---
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 4f06704b9b..81daae8396 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -52,7 +52,7 @@ module resourceGroupResources01 'dependencies01.bicep' = {
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
   name: guid(subscription().subscriptionId, 'Contributor', managedIdentityName)
   properties: {
-    roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor
     principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
     principalType: 'ServicePrincipal'
   }

From 3e1a4924e93ff19117a3a9261727f6846a4166bc Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Wed, 28 Sep 2022 15:07:23 +0200
Subject: [PATCH 29/45] no img

---
 .github/workflows/ms.compute.images.yml       | 90 +++++++++----------
 .../images/.test/common/dependencies02.bicep  | 82 ++++++++---------
 .../images/.test/common/deploy.test.bicep     | 46 +++++-----
 3 files changed, 109 insertions(+), 109 deletions(-)

diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml
index 82ff8ca90a..b58b078531 100644
--- a/.github/workflows/ms.compute.images.yml
+++ b/.github/workflows/ms.compute.images.yml
@@ -63,23 +63,23 @@ jobs:
   #########################
   #   Static validation   #
   #########################
-  job_module_pester_validation:
-    runs-on: ubuntu-20.04
-    name: 'Static validation'
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Set environment variables
-        uses: ./.github/actions/templates/setEnvironmentVariables
-        with:
-          variablesPath: ${{ env.variablesPath }}
-      - name: 'Run tests'
-        uses: ./.github/actions/templates/validateModulePester
-        with:
-          modulePath: '${{ env.modulePath }}'
-          moduleTestFilePath: '${{ env.moduleTestFilePath }}'
+  # job_module_pester_validation:
+  #   runs-on: ubuntu-20.04
+  #   name: 'Static validation'
+  #   steps:
+  #     - name: 'Checkout'
+  #       uses: actions/checkout@v2
+  #       with:
+  #         fetch-depth: 0
+  #     - name: Set environment variables
+  #       uses: ./.github/actions/templates/setEnvironmentVariables
+  #       with:
+  #         variablesPath: ${{ env.variablesPath }}
+  #     - name: 'Run tests'
+  #       uses: ./.github/actions/templates/validateModulePester
+  #       with:
+  #         modulePath: '${{ env.modulePath }}'
+  #         moduleTestFilePath: '${{ env.moduleTestFilePath }}'
 
   #############################
   #   Deployment validation   #
@@ -89,7 +89,7 @@ jobs:
     name: 'Deployment validation'
     needs:
       - job_initialize_pipeline
-      - job_module_pester_validation
+      # - job_module_pester_validation
     strategy:
       fail-fast: false
       matrix:
@@ -116,30 +116,30 @@ jobs:
   ##################
   #   Publishing   #
   ##################
-  job_publish_module:
-    name: 'Publishing'
-    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true'
-    runs-on: ubuntu-20.04
-    needs:
-      - job_module_deploy_validation
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Set environment variables
-        uses: ./.github/actions/templates/setEnvironmentVariables
-        with:
-          variablesPath: ${{ env.variablesPath }}
-      - name: 'Publishing'
-        uses: ./.github/actions/templates/publishModule
-        with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          templateSpecsRGName: '${{ env.templateSpecsRGName }}'
-          templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
-          templateSpecsDescription: '${{ env.templateSpecsDescription }}'
-          templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
-          bicepRegistryName: '${{ env.bicepRegistryName }}'
-          bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
-          bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}'
-          bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
+  # job_publish_module:
+  #   name: 'Publishing'
+  #   if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true'
+  #   runs-on: ubuntu-20.04
+  #   needs:
+  #     - job_module_deploy_validation
+  #   steps:
+  #     - name: 'Checkout'
+  #       uses: actions/checkout@v2
+  #       with:
+  #         fetch-depth: 0
+  #     - name: Set environment variables
+  #       uses: ./.github/actions/templates/setEnvironmentVariables
+  #       with:
+  #         variablesPath: ${{ env.variablesPath }}
+  #     - name: 'Publishing'
+  #       uses: ./.github/actions/templates/publishModule
+  #       with:
+  #         templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+  #         templateSpecsRGName: '${{ env.templateSpecsRGName }}'
+  #         templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
+  #         templateSpecsDescription: '${{ env.templateSpecsDescription }}'
+  #         templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
+  #         bicepRegistryName: '${{ env.bicepRegistryName }}'
+  #         bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
+  #         bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}'
+  #         bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
index ae02816fa0..805792b26f 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
@@ -58,48 +58,48 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14
   }
 }
 
-// Trigger VHD creation
-resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-  name: triggerImageDeploymentScriptName
-  location: location
-  kind: 'AzurePowerShell'
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${managedIdentityResourceId}': {}
-    }
-  }
-  properties: {
-    azPowerShellVersion: '8.0'
-    retentionInterval: 'P1D'
-    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
-    scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
-    cleanupPreference: 'OnSuccess'
-    forceUpdateTag: baseTime
-  }
-}
+// // Trigger VHD creation
+// resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+//   name: triggerImageDeploymentScriptName
+//   location: location
+//   kind: 'AzurePowerShell'
+//   identity: {
+//     type: 'UserAssigned'
+//     userAssignedIdentities: {
+//       '${managedIdentityResourceId}': {}
+//     }
+//   }
+//   properties: {
+//     azPowerShellVersion: '8.0'
+//     retentionInterval: 'P1D'
+//     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
+//     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
+//     cleanupPreference: 'OnSuccess'
+//     forceUpdateTag: baseTime
+//   }
+// }
 
-// Copy VHD to destination storage account
-resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-  name: copyVhdDeploymentScriptName
-  location: location
-  kind: 'AzurePowerShell'
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${managedIdentityResourceId}': {}
-    }
-  }
-  properties: {
-    azPowerShellVersion: '8.0'
-    retentionInterval: 'P1D'
-    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
-    scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
-    cleanupPreference: 'OnSuccess'
-    forceUpdateTag: baseTime
-  }
-  dependsOn: [ triggerImageDeploymentScript ]
-}
+// // Copy VHD to destination storage account
+// resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+//   name: copyVhdDeploymentScriptName
+//   location: location
+//   kind: 'AzurePowerShell'
+//   identity: {
+//     type: 'UserAssigned'
+//     userAssignedIdentities: {
+//       '${managedIdentityResourceId}': {}
+//     }
+//   }
+//   properties: {
+//     azPowerShellVersion: '8.0'
+//     retentionInterval: 'P1D'
+//     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
+//     scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
+//     cleanupPreference: 'OnSuccess'
+//     forceUpdateTag: baseTime
+//   }
+//   dependsOn: [ triggerImageDeploymentScript ]
+// }
 
 @description('The URI of the created VHD.')
 output vhdUri string = 'https://${destinationStorageAccountName}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 4f06704b9b..f685409d61 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -77,26 +77,26 @@ module resourceGroupResources02 'dependencies02.bicep' = {
 // Test Execution //
 // ============== //
 
-module testDeployment '../../deploy.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
-  params: {
-    // Required parameters
-    name: '<<namePrefix>>${serviceShort}001'
-    osAccountType: 'Premium_LRS'
-    osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
-    osDiskCaching: 'ReadWrite'
-    osType: 'Windows'
-    // Non-required parameters
-    hyperVGeneration: 'V1'
-    roleAssignments: [
-      {
-        principalIds: [
-          resourceGroupResources01.outputs.managedIdentityPrincipalId
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
-    zoneResilient: true
-  }
-}
+// module testDeployment '../../deploy.bicep' = {
+//   scope: resourceGroup
+//   name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+//   params: {
+//     // Required parameters
+//     name: '<<namePrefix>>${serviceShort}001'
+//     osAccountType: 'Premium_LRS'
+//     osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
+//     osDiskCaching: 'ReadWrite'
+//     osType: 'Windows'
+//     // Non-required parameters
+//     hyperVGeneration: 'V1'
+//     roleAssignments: [
+//       {
+//         principalIds: [
+//           resourceGroupResources01.outputs.managedIdentityPrincipalId
+//         ]
+//         roleDefinitionIdOrName: 'Reader'
+//       }
+//     ]
+//     zoneResilient: true
+//   }
+// }

From 3c392dd9c1cc4afabeea27b956aada7fa915a1cc Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Wed, 28 Sep 2022 15:14:47 +0200
Subject: [PATCH 30/45] test remove rolea prio

---
 .../pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1 b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1
index ff6e202dc7..1983185e83 100644
--- a/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1
+++ b/utilities/pipelines/resourceRemoval/Initialize-DeploymentRemoval.ps1
@@ -66,6 +66,7 @@ function Initialize-DeploymentRemoval {
         # The initial sequence is a general order-recommendation
         $removalSequence = @(
             'Microsoft.Authorization/locks',
+            'Microsoft.Authorization/roleAssignments',
             'Microsoft.Insights/diagnosticSettings',
             'Microsoft.Network/privateEndpoints/privateDnsZoneGroups',
             'Microsoft.Network/privateEndpoints',

From 37326402df17f09758cb020e34d2f08cff3ec7ad Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 11:34:33 +0200
Subject: [PATCH 31/45] reenable

---
 .github/workflows/ms.compute.images.yml       | 90 +++++++++----------
 .../images/.test/common/deploy.test.bicep     | 46 +++++-----
 2 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/ms.compute.images.yml b/.github/workflows/ms.compute.images.yml
index b58b078531..82ff8ca90a 100644
--- a/.github/workflows/ms.compute.images.yml
+++ b/.github/workflows/ms.compute.images.yml
@@ -63,23 +63,23 @@ jobs:
   #########################
   #   Static validation   #
   #########################
-  # job_module_pester_validation:
-  #   runs-on: ubuntu-20.04
-  #   name: 'Static validation'
-  #   steps:
-  #     - name: 'Checkout'
-  #       uses: actions/checkout@v2
-  #       with:
-  #         fetch-depth: 0
-  #     - name: Set environment variables
-  #       uses: ./.github/actions/templates/setEnvironmentVariables
-  #       with:
-  #         variablesPath: ${{ env.variablesPath }}
-  #     - name: 'Run tests'
-  #       uses: ./.github/actions/templates/validateModulePester
-  #       with:
-  #         modulePath: '${{ env.modulePath }}'
-  #         moduleTestFilePath: '${{ env.moduleTestFilePath }}'
+  job_module_pester_validation:
+    runs-on: ubuntu-20.04
+    name: 'Static validation'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: ./.github/actions/templates/setEnvironmentVariables
+        with:
+          variablesPath: ${{ env.variablesPath }}
+      - name: 'Run tests'
+        uses: ./.github/actions/templates/validateModulePester
+        with:
+          modulePath: '${{ env.modulePath }}'
+          moduleTestFilePath: '${{ env.moduleTestFilePath }}'
 
   #############################
   #   Deployment validation   #
@@ -89,7 +89,7 @@ jobs:
     name: 'Deployment validation'
     needs:
       - job_initialize_pipeline
-      # - job_module_pester_validation
+      - job_module_pester_validation
     strategy:
       fail-fast: false
       matrix:
@@ -116,30 +116,30 @@ jobs:
   ##################
   #   Publishing   #
   ##################
-  # job_publish_module:
-  #   name: 'Publishing'
-  #   if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true'
-  #   runs-on: ubuntu-20.04
-  #   needs:
-  #     - job_module_deploy_validation
-  #   steps:
-  #     - name: 'Checkout'
-  #       uses: actions/checkout@v2
-  #       with:
-  #         fetch-depth: 0
-  #     - name: Set environment variables
-  #       uses: ./.github/actions/templates/setEnvironmentVariables
-  #       with:
-  #         variablesPath: ${{ env.variablesPath }}
-  #     - name: 'Publishing'
-  #       uses: ./.github/actions/templates/publishModule
-  #       with:
-  #         templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-  #         templateSpecsRGName: '${{ env.templateSpecsRGName }}'
-  #         templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
-  #         templateSpecsDescription: '${{ env.templateSpecsDescription }}'
-  #         templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
-  #         bicepRegistryName: '${{ env.bicepRegistryName }}'
-  #         bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
-  #         bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}'
-  #         bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
+  job_publish_module:
+    name: 'Publishing'
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true'
+    runs-on: ubuntu-20.04
+    needs:
+      - job_module_deploy_validation
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: ./.github/actions/templates/setEnvironmentVariables
+        with:
+          variablesPath: ${{ env.variablesPath }}
+      - name: 'Publishing'
+        uses: ./.github/actions/templates/publishModule
+        with:
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          templateSpecsRGName: '${{ env.templateSpecsRGName }}'
+          templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
+          templateSpecsDescription: '${{ env.templateSpecsDescription }}'
+          templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
+          bicepRegistryName: '${{ env.bicepRegistryName }}'
+          bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
+          bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}'
+          bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index c3f1b35284..81daae8396 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -77,26 +77,26 @@ module resourceGroupResources02 'dependencies02.bicep' = {
 // Test Execution //
 // ============== //
 
-// module testDeployment '../../deploy.bicep' = {
-//   scope: resourceGroup
-//   name: '${uniqueString(deployment().name)}-test-${serviceShort}'
-//   params: {
-//     // Required parameters
-//     name: '<<namePrefix>>${serviceShort}001'
-//     osAccountType: 'Premium_LRS'
-//     osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
-//     osDiskCaching: 'ReadWrite'
-//     osType: 'Windows'
-//     // Non-required parameters
-//     hyperVGeneration: 'V1'
-//     roleAssignments: [
-//       {
-//         principalIds: [
-//           resourceGroupResources01.outputs.managedIdentityPrincipalId
-//         ]
-//         roleDefinitionIdOrName: 'Reader'
-//       }
-//     ]
-//     zoneResilient: true
-//   }
-// }
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    // Required parameters
+    name: '<<namePrefix>>${serviceShort}001'
+    osAccountType: 'Premium_LRS'
+    osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
+    osDiskCaching: 'ReadWrite'
+    osType: 'Windows'
+    // Non-required parameters
+    hyperVGeneration: 'V1'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources01.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+    zoneResilient: true
+  }
+}

From 4d5de1210c597dfb42b55a2b89cef1db38bc13eb Mon Sep 17 00:00:00 2001
From: Alexander Sehr <ASehr@hotmail.de>
Date: Fri, 30 Sep 2022 12:07:10 +0200
Subject: [PATCH 32/45] Proposal 1 (#2136)

Co-authored-by: Erika Gressi <erikag@microsoft.com>
---
 .../images/.test/common/dependencies.bicep    | 152 ++++++++++++++++++
 .../images/.test/common/dependencies01.bicep  |  40 -----
 .../images/.test/common/dependencies02.bicep  | 105 ------------
 .../.test/common/dependencies_rbac.bicep      |  13 ++
 .../images/.test/common/deploy.test.bicep     |  27 +---
 5 files changed, 168 insertions(+), 169 deletions(-)
 create mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies.bicep
 delete mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
 delete mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
 create mode 100644 modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
new file mode 100644
index 0000000000..3e1a47c1fb
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -0,0 +1,152 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Storage Account to create.')
+param storageAccountName string
+
+@description('Required. The name prefix of the Image Template to create.')
+param imageTemplateNamePrefix string
+
+@description('Generated. Do not provide a value! This date value is used to generate a unique image template name.')
+param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss')
+
+@description('Required. The name of the Deployment Script to create for triggering the image creation.')
+param triggerImageDeploymentScriptName string
+
+@description('Required. The name of the Deployment Script to copy the VHD to a destination storage account.')
+param copyVhdDeploymentScriptName string
+
+@description('Required. The name of the destination Storage Account to copy the created VHD to.')
+param destinationStorageAccountName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+  name: managedIdentityName
+  location: location
+}
+
+resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
+  name: storageAccountName
+  location: location
+  kind: 'StorageV2'
+  sku: {
+    name: 'Standard_LRS'
+  }
+  properties: {
+    allowBlobPublicAccess: false
+  }
+  resource blobServices 'blobServices@2021-09-01' = {
+    name: 'default'
+    resource container 'containers@2021-09-01' = {
+      name: 'vhds'
+      properties: {
+        publicAccess: 'None'
+      }
+    }
+  }
+}
+
+module roleAssignment 'dependencies_rbac.bicep' = {
+  name: '${uniqueString(deployment().name, location)}-MSI-roleAssignment'
+  scope: subscription()
+  params: {
+    managedIdentityPrincipalId: managedIdentity.properties.principalId
+    managedIdentityResourceId: managedIdentity.id
+  }
+}
+
+// Deploy image template
+resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14' = {
+  name: '${imageTemplateNamePrefix}-${baseTime}'
+  location: location
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    buildTimeoutInMinutes: 0
+    vmProfile: {
+      vmSize: 'Standard_D2s_v3'
+      osDiskSizeGB: 127
+    }
+    source: {
+      type: 'PlatformImage'
+      publisher: 'MicrosoftWindowsDesktop'
+      offer: 'Windows-10'
+      sku: '19h2-evd'
+      version: 'latest'
+    }
+    distribute: [
+      {
+        type: 'VHD'
+        runOutputName: '${imageTemplateNamePrefix}-VHD'
+        artifactTags: {}
+      }
+    ]
+    customize: [
+      {
+        restartTimeout: '30m'
+        type: 'WindowsRestart'
+      }
+    ]
+  }
+}
+
+// Trigger VHD creation
+resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: triggerImageDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '8.0'
+    retentionInterval: 'P1D'
+    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
+    scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
+    cleanupPreference: 'OnSuccess'
+    forceUpdateTag: baseTime
+  }
+  dependsOn: [
+    roleAssignment
+  ]
+}
+
+// Copy VHD to destination storage account
+resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+  name: copyVhdDeploymentScriptName
+  location: location
+  kind: 'AzurePowerShell'
+  identity: {
+    type: 'UserAssigned'
+    userAssignedIdentities: {
+      '${managedIdentity.id}': {}
+    }
+  }
+  properties: {
+    azPowerShellVersion: '8.0'
+    retentionInterval: 'P1D'
+    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
+    scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
+    cleanupPreference: 'OnSuccess'
+    forceUpdateTag: baseTime
+  }
+  dependsOn: [ triggerImageDeploymentScript ]
+}
+
+@description('The URI of the created VHD.')
+output vhdUri string = 'https://${destinationStorageAccountName}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
deleted file mode 100644
index 51c195a74e..0000000000
--- a/modules/Microsoft.Compute/images/.test/common/dependencies01.bicep
+++ /dev/null
@@ -1,40 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Storage Account to create.')
-param storageAccountName string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
-  name: managedIdentityName
-  location: location
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
-  name: storageAccountName
-  location: location
-  kind: 'StorageV2'
-  sku: {
-    name: 'Standard_LRS'
-  }
-  properties: {
-    allowBlobPublicAccess: false
-  }
-  resource blobServices 'blobServices@2021-09-01' = {
-    name: 'default'
-    resource container 'containers@2021-09-01' = {
-      name: 'vhds'
-      properties: {
-        publicAccess: 'None'
-      }
-    }
-  }
-}
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
deleted file mode 100644
index 805792b26f..0000000000
--- a/modules/Microsoft.Compute/images/.test/common/dependencies02.bicep
+++ /dev/null
@@ -1,105 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The resource ID of the Managed Identity to assign.')
-param managedIdentityResourceId string
-
-@description('Required. The name prefix of the Image Template to create.')
-param imageTemplateNamePrefix string
-
-@description('Generated. Do not provide a value! This date value is used to generate a unique image template name.')
-param baseTime string = utcNow('yyyy-MM-dd-HH-mm-ss')
-
-@description('Required. The name of the Deployment Script to create for triggering the image creation.')
-param triggerImageDeploymentScriptName string
-
-@description('Required. The name of the Deployment Script to copy the VHD to a destination storage account.')
-param copyVhdDeploymentScriptName string
-
-@description('Required. The name of the destination Storage Account to copy the created VHD to.')
-param destinationStorageAccountName string
-
-// Deploy image template
-resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2022-02-14' = {
-  name: '${imageTemplateNamePrefix}-${baseTime}'
-  location: location
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${managedIdentityResourceId}': {}
-    }
-  }
-  properties: {
-    buildTimeoutInMinutes: 0
-    vmProfile: {
-      vmSize: 'Standard_D2s_v3'
-      osDiskSizeGB: 127
-    }
-    source: {
-      type: 'PlatformImage'
-      publisher: 'MicrosoftWindowsDesktop'
-      offer: 'Windows-10'
-      sku: '19h2-evd'
-      version: 'latest'
-    }
-    distribute: [
-      {
-        type: 'VHD'
-        runOutputName: '${imageTemplateNamePrefix}-VHD'
-        artifactTags: {}
-      }
-    ]
-    customize: [
-      {
-        restartTimeout: '30m'
-        type: 'WindowsRestart'
-      }
-    ]
-  }
-}
-
-// // Trigger VHD creation
-// resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-//   name: triggerImageDeploymentScriptName
-//   location: location
-//   kind: 'AzurePowerShell'
-//   identity: {
-//     type: 'UserAssigned'
-//     userAssignedIdentities: {
-//       '${managedIdentityResourceId}': {}
-//     }
-//   }
-//   properties: {
-//     azPowerShellVersion: '8.0'
-//     retentionInterval: 'P1D'
-//     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"'
-//     scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1')
-//     cleanupPreference: 'OnSuccess'
-//     forceUpdateTag: baseTime
-//   }
-// }
-
-// // Copy VHD to destination storage account
-// resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
-//   name: copyVhdDeploymentScriptName
-//   location: location
-//   kind: 'AzurePowerShell'
-//   identity: {
-//     type: 'UserAssigned'
-//     userAssignedIdentities: {
-//       '${managedIdentityResourceId}': {}
-//     }
-//   }
-//   properties: {
-//     azPowerShellVersion: '8.0'
-//     retentionInterval: 'P1D'
-//     arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
-//     scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
-//     cleanupPreference: 'OnSuccess'
-//     forceUpdateTag: baseTime
-//   }
-//   dependsOn: [ triggerImageDeploymentScript ]
-// }
-
-@description('The URI of the created VHD.')
-output vhdUri string = 'https://${destinationStorageAccountName}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep
new file mode 100644
index 0000000000..7fbc0ff9ed
--- /dev/null
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep
@@ -0,0 +1,13 @@
+targetScope = 'subscription'
+
+param managedIdentityResourceId string
+param managedIdentityPrincipalId string
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(subscription().subscriptionId, 'Contributor', managedIdentityResourceId)
+  properties: {
+    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor
+    principalId: managedIdentityPrincipalId
+    principalType: 'ServicePrincipal'
+  }
+}
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 81daae8396..4211526b54 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -40,43 +40,22 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
   location: location
 }
 
-module resourceGroupResources01 'dependencies01.bicep' = {
+module resourceGroupResources 'dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-paramNested01'
   params: {
     managedIdentityName: managedIdentityName
     storageAccountName: destinationStorageAccountName
-  }
-}
-
-resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
-  name: guid(subscription().subscriptionId, 'Contributor', managedIdentityName)
-  properties: {
-    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') // Contributor
-    principalId: resourceGroupResources01.outputs.managedIdentityPrincipalId
-    principalType: 'ServicePrincipal'
-  }
-}
-
-module resourceGroupResources02 'dependencies02.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-paramNested02'
-  params: {
-    managedIdentityResourceId: resourceGroupResources01.outputs.managedIdentityResourceId
     imageTemplateNamePrefix: imageTemplateNamePrefix
     triggerImageDeploymentScriptName: triggerImageDeploymentScriptName
     copyVhdDeploymentScriptName: copyVhdDeploymentScriptName
     destinationStorageAccountName: destinationStorageAccountName
   }
-  dependsOn: [
-    roleAssignment
-  ]
 }
 
 // ============== //
 // Test Execution //
 // ============== //
-
 module testDeployment '../../deploy.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name)}-test-${serviceShort}'
@@ -84,7 +63,7 @@ module testDeployment '../../deploy.bicep' = {
     // Required parameters
     name: '<<namePrefix>>${serviceShort}001'
     osAccountType: 'Premium_LRS'
-    osDiskBlobUri: resourceGroupResources02.outputs.vhdUri
+    osDiskBlobUri: resourceGroupResources.outputs.vhdUri
     osDiskCaching: 'ReadWrite'
     osType: 'Windows'
     // Non-required parameters
@@ -92,7 +71,7 @@ module testDeployment '../../deploy.bicep' = {
     roleAssignments: [
       {
         principalIds: [
-          resourceGroupResources01.outputs.managedIdentityPrincipalId
+          resourceGroupResources.outputs.managedIdentityPrincipalId
         ]
         roleDefinitionIdOrName: 'Reader'
       }

From ee1340e49e7fe2bf472b1550722f475b2fa81d70 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 12:13:04 +0200
Subject: [PATCH 33/45] update naming

---
 .../images/.test/common/dependencies.bicep            |  2 +-
 .../images/.test/common/deploy.test.bicep             | 11 +++--------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
index 3e1a47c1fb..261af907dc 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -49,7 +49,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
 }
 
 module roleAssignment 'dependencies_rbac.bicep' = {
-  name: '${uniqueString(deployment().name, location)}-MSI-roleAssignment'
+  name: '${deployment().name}-MSI-roleAssignment'
   scope: subscription()
   params: {
     managedIdentityPrincipalId: managedIdentity.properties.principalId
diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 4211526b54..23fd06d70e 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -12,12 +12,7 @@ param resourceGroupName string = 'ms.compute.images-${serviceShort}-rg'
 param location string = deployment().location
 
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
-param serviceShort string = 'imgcom'
-
-// TODO: discuss the following challenge: roleassignment must be a globally unique identifier (GUID). The GUID is normally generated with role + scope + identity.
-// Identity in this case is the MSI deployed in the resourceGroupResources01 module. We cannot get that as output since the resource name requires a value that can be calculated at the start of the deployment.
-// Using the msi name as a workaround. Creating var in order not to duplicate its value (roleAssignment guid + input for resourceGroupResources01 module).
-// Same for destinationStorageAccountName. Creating other vars for consistency.
+param serviceShort string = 'cicom'
 
 // ========= //
 // Variables //
@@ -42,7 +37,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
 
 module resourceGroupResources 'dependencies.bicep' = {
   scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-paramNested01'
+  name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
     managedIdentityName: managedIdentityName
     storageAccountName: destinationStorageAccountName
@@ -58,7 +53,7 @@ module resourceGroupResources 'dependencies.bicep' = {
 // ============== //
 module testDeployment '../../deploy.bicep' = {
   scope: resourceGroup
-  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
   params: {
     // Required parameters
     name: '<<namePrefix>>${serviceShort}001'

From 2c5ecc72e792ee4f3c65a7d8fb3c4621b8127b66 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 12:16:35 +0200
Subject: [PATCH 34/45] readme

---
 modules/Microsoft.Compute/images/readme.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md
index aa89731b21..7dbfe27c76 100644
--- a/modules/Microsoft.Compute/images/readme.md
+++ b/modules/Microsoft.Compute/images/readme.md
@@ -169,10 +169,10 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module images './Microsoft.Compute/images/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-test-imgcom'
+  name: '${uniqueString(deployment().name, location)}-test-cicom'
   params: {
     // Required parameters
-    name: '<<namePrefix>>imgcom001'
+    name: '<<namePrefix>>cicom001'
     osAccountType: 'Premium_LRS'
     osDiskBlobUri: '<osDiskBlobUri>'
     osDiskCaching: 'ReadWrite'
@@ -206,7 +206,7 @@ module images './Microsoft.Compute/images/deploy.bicep' = {
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>imgcom001"
+      "value": "<<namePrefix>>cicom001"
     },
     "osAccountType": {
       "value": "Premium_LRS"

From b4d618beed2839d223c8b66cde03c296845f2df0 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 12:59:34 +0200
Subject: [PATCH 35/45] no version update

---
 modules/Microsoft.Compute/images/version.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/version.json b/modules/Microsoft.Compute/images/version.json
index badc0a2285..56f8d9ca40 100644
--- a/modules/Microsoft.Compute/images/version.json
+++ b/modules/Microsoft.Compute/images/version.json
@@ -1,4 +1,4 @@
 {
     "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
-    "version": "0.5"
+    "version": "0.4"
 }

From fd0e17d8ce122ab5a36efa269ecade97ebbb1967 Mon Sep 17 00:00:00 2001
From: Elisa Anzelmo <elisa.anzelmo@microsoft.com>
Date: Fri, 30 Sep 2022 13:08:13 +0200
Subject: [PATCH 36/45] hosting env draft new dependencies

---
 .../workflows/ms.web.hostingenvironments.yml  |  3 +-
 .../.test/asev2.parameters.json               | 54 ------------
 .../.test/asev2/dependencies.bicep            | 48 +++++++++++
 .../.test/asev2/deploy.test.bicep             | 85 +++++++++++++++++++
 .../.test/asev3.parameters.json               | 48 -----------
 .../.test/asev3/dependencies.bicep            | 48 +++++++++++
 .../.test/asev3/deploy.test.bicep             | 83 ++++++++++++++++++
 7 files changed, 265 insertions(+), 104 deletions(-)
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep

diff --git a/.github/workflows/ms.web.hostingenvironments.yml b/.github/workflows/ms.web.hostingenvironments.yml
index 5b4e9cdb84..51cefec7c7 100644
--- a/.github/workflows/ms.web.hostingenvironments.yml
+++ b/.github/workflows/ms.web.hostingenvironments.yml
@@ -106,8 +106,7 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
-          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
deleted file mode 100644
index c556495066..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-appse-asev2-001"
-        },
-        "kind": {
-            "value": "ASEv2"
-        },
-        "multiSize": {
-            "value": "Standard_D1_V2"
-        },
-        "ipsslAddressCount": {
-            "value": 2
-        },
-        "clusterSettings": {
-            "value": [
-                {
-                    "name": "DisableTls1.0",
-                    "value": "1"
-                }
-            ]
-        },
-        "subnetResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
new file mode 100644
index 0000000000..7cefa287d0
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
@@ -0,0 +1,48 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/16'
+            ]
+        }
+        subnets: [
+            {
+                name: '<<namePrefix>>-az-subnet-x-008'
+                properties: {
+                    addressPrefix: '10.0.9.0/24'
+                    delegations: [
+                        {
+                            name: 'ase'
+                            properties: {
+                            serviceName: 'Microsoft.Web/hostingEnvironments'
+                            }
+                        }
+                    ]
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
new file mode 100644
index 0000000000..175f8e9999
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -0,0 +1,85 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'whasev2'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+    // Non-required parameters
+    clusterSettings: [
+      {
+        name: 'DisableTls1.0'
+        value: '1'
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    ipsslAddressCount: 2
+    kind: 'ASEv2'
+    multiSize: 'Standard_D1_V2'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+
+  }
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
deleted file mode 100644
index a304822546..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
-    "contentVersion": "1.0.0.0",
-    "parameters": {
-        "name": {
-            "value": "<<namePrefix>>-az-appse-asev3-001"
-        },
-        "lock": {
-            "value": "CanNotDelete"
-        },
-        "subnetResourceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006"
-        },
-        "roleAssignments": {
-            "value": [
-                {
-                    "roleDefinitionIdOrName": "Reader",
-                    "principalIds": [
-                        "<<deploymentSpId>>"
-                    ]
-                }
-            ]
-        },
-        "diagnosticLogsRetentionInDays": {
-            "value": 7
-        },
-        "clusterSettings": {
-            "value": [
-                {
-                    "name": "DisableTls1.0",
-                    "value": "1"
-                }
-            ]
-        },
-        "diagnosticStorageAccountId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
-        },
-        "diagnosticWorkspaceId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
-        },
-        "diagnosticEventHubAuthorizationRuleId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
-        },
-        "diagnosticEventHubName": {
-            "value": "adp-<<namePrefix>>-az-evh-x-001"
-        }
-    }
-}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
new file mode 100644
index 0000000000..a5d9abc95c
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
@@ -0,0 +1,48 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
+    name: virtualNetworkName
+    location: location
+    properties: {
+        addressSpace: {
+            addressPrefixes: [
+                '10.0.0.0/16'
+            ]
+        }
+        subnets: [
+            {
+                name: '<<namePrefix>>-az-subnet-x-006'
+                properties: {
+                    addressPrefix: '10.0.7.0/24'
+                    delegations: [
+                        {
+                            name: 'ase'
+                            properties: {
+                            serviceName: 'Microsoft.Web/hostingEnvironments'
+                            }
+                        }
+                    ]
+                }
+            }
+        ]
+    }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+    name: managedIdentityName
+    location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
new file mode 100644
index 0000000000..0a4373c60a
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -0,0 +1,83 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+@description('Optional. The name of the resource group to deploy for testing purposes')
+@maxLength(90)
+param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+param serviceShort string = 'whasev3'
+
+// =========== //
+// Deployments //
+// =========== //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+  name: resourceGroupName
+  location: location
+}
+
+module resourceGroupResources 'dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-paramNested'
+  params: {
+    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+  }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+  params: {
+    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
+    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
+    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
+    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
+    location: location
+  }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../deploy.bicep' = {
+  scope: resourceGroup
+  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
+  params: {
+    name: '<<namePrefix>>${serviceShort}001'
+    subnetResourceId: resourceGroupResources.outputs.subnetResourceId
+    // Non-required parameters
+    clusterSettings: [
+      {
+        name: 'DisableTls1.0'
+        value: '1'
+      }
+    ]
+    diagnosticLogsRetentionInDays: 7
+    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+    lock: 'CanNotDelete'
+    roleAssignments: [
+      {
+        principalIds: [
+          resourceGroupResources.outputs.managedIdentityPrincipalId
+        ]
+        roleDefinitionIdOrName: 'Reader'
+      }
+    ]
+
+  }
+}

From 4e06cd333cab06807e5d7fe6f0c0c3b3d59df383 Mon Sep 17 00:00:00 2001
From: Elisa Anzelmo <elisa.anzelmo@microsoft.com>
Date: Fri, 30 Sep 2022 13:46:46 +0200
Subject: [PATCH 37/45] added nsg

---
 .../.test/asev2/dependencies.bicep            | 29 ++++++++-
 .../.test/asev2/deploy.test.bicep             |  1 +
 .../.test/asev3/dependencies.bicep            | 27 +++++++++
 .../.test/asev3/deploy.test.bicep             |  1 +
 .../hostingEnvironments/readme.md             | 60 +++++++++----------
 5 files changed, 87 insertions(+), 31 deletions(-)

diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
index 7cefa287d0..ffdc26a8d9 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
@@ -1,12 +1,37 @@
 @description('Optional. The location to deploy to.')
 param location string = resourceGroup().location
 
+@description('Required. The name of the Network Security Group to create.')
+param networkSecurityGroupName string
+
 @description('Required. The name of the Virtual Network to create.')
 param virtualNetworkName string
 
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
+  name: networkSecurityGroupName
+  location: location
+  properties: {
+    securityRules: [
+      {
+        name: 'AllowPortsForASE2'
+        properties: {
+          access: 'Allow'
+          destinationAddressPrefix: '10.0.9.0/24'
+          destinationPortRange: '454-455'
+          direction: 'Inbound'
+          priority: 1020
+          protocol: '*'
+          sourceAddressPrefix: 'AppServiceManagement'
+          sourcePortRange: '*'
+        }
+      }
+    ]
+  }
+}
+
 resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
     name: virtualNetworkName
     location: location
@@ -21,6 +46,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
                 name: '<<namePrefix>>-az-subnet-x-008'
                 properties: {
                     addressPrefix: '10.0.9.0/24'
+                    networkSecurityGroup: {
+                        id: networkSecurityGroup.id
+                    }
                     delegations: [
                         {
                             name: 'ase'
@@ -42,7 +70,6 @@ resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-
 
 @description('The resource ID of the created Virtual Network Subnet.')
 output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId
 
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
index 175f8e9999..3fb06c8e21 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -28,6 +28,7 @@ module resourceGroupResources 'dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
+    networkSecurityGroupName: 'dep-<<namePrefix>>-nsg-${serviceShort}'
     virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
   }
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
index a5d9abc95c..9f915aa35f 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
@@ -1,12 +1,36 @@
 @description('Optional. The location to deploy to.')
 param location string = resourceGroup().location
 
+@description('Required. The name of the Network Security Group to create.')
+param networkSecurityGroupName string
+
 @description('Required. The name of the Virtual Network to create.')
 param virtualNetworkName string
 
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
+  name: networkSecurityGroupName
+  location: location
+  properties: {
+    securityRules: [
+      {
+        name: 'AllowPortsForASE'
+        properties: {
+          access: 'Allow'
+          destinationAddressPrefix: '10.0.7.0/24'
+          destinationPortRange: '454-455'
+          direction: 'Inbound'
+          priority: 1010
+          protocol: '*'
+          sourceAddressPrefix: 'AppServiceManagement'
+          sourcePortRange: '*'
+        }
+      }
+    ]
+  }
+}
 resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
     name: virtualNetworkName
     location: location
@@ -21,6 +45,9 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
                 name: '<<namePrefix>>-az-subnet-x-006'
                 properties: {
                     addressPrefix: '10.0.7.0/24'
+                    networkSecurityGroup: {
+                        id: networkSecurityGroup.id
+                    }
                     delegations: [
                         {
                             name: 'ase'
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 0a4373c60a..0aec67c354 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -28,6 +28,7 @@ module resourceGroupResources 'dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
+    networkSecurityGroupName: 'dep-<<namePrefix>>-nsg-${serviceShort}'
     virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
     managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
   }
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index 25e04b3123..ce46d09b17 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -219,11 +219,11 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-HostingEnvironments'
+  name: '${uniqueString(deployment().name)}-test-whasev2'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-appse-asev2-001'
-    subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008'
+    name: '<<namePrefix>>whasev2001'
+    subnetResourceId: '<subnetResourceId>'
     // Non-required parameters
     clusterSettings: [
       {
@@ -231,18 +231,18 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
         value: '1'
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     ipsslAddressCount: 2
     kind: 'ASEv2'
     multiSize: 'Standard_D1_V2'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -265,10 +265,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-appse-asev2-001"
+      "value": "<<namePrefix>>whasev2001"
     },
     "subnetResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008"
+      "value": "<subnetResourceId>"
     },
     // Non-required parameters
     "clusterSettings": {
@@ -280,19 +280,19 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "ipsslAddressCount": {
       "value": 2
@@ -307,7 +307,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -328,11 +328,11 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
 
 ```bicep
 module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-HostingEnvironments'
+  name: '${uniqueString(deployment().name)}-test-whasev3'
   params: {
     // Required parameters
-    name: '<<namePrefix>>-az-appse-asev3-001'
-    subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006'
+    name: '<<namePrefix>>whasev3001'
+    subnetResourceId: '<subnetResourceId>'
     // Non-required parameters
     clusterSettings: [
       {
@@ -340,16 +340,16 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
         value: '1'
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
-    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
+    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
+    diagnosticEventHubName: '<diagnosticEventHubName>'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
-    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
+    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
+    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
     lock: 'CanNotDelete'
     roleAssignments: [
       {
         principalIds: [
-          '<<deploymentSpId>>'
+          '<managedIdentityPrincipalId>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -372,10 +372,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>-az-appse-asev3-001"
+      "value": "<<namePrefix>>whasev3001"
     },
     "subnetResourceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006"
+      "value": "<subnetResourceId>"
     },
     // Non-required parameters
     "clusterSettings": {
@@ -387,19 +387,19 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+      "value": "<diagnosticEventHubAuthorizationRuleId>"
     },
     "diagnosticEventHubName": {
-      "value": "adp-<<namePrefix>>-az-evh-x-001"
+      "value": "<diagnosticEventHubName>"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+      "value": "<diagnosticStorageAccountId>"
     },
     "diagnosticWorkspaceId": {
-      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+      "value": "<diagnosticWorkspaceId>"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -408,7 +408,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       "value": [
         {
           "principalIds": [
-            "<<deploymentSpId>>"
+            "<managedIdentityPrincipalId>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }

From e0ce6c9d6875427e711fe6158cfc3bd41ca32729 Mon Sep 17 00:00:00 2001
From: Elisa Anzelmo <elisa.anzelmo@microsoft.com>
Date: Fri, 30 Sep 2022 14:46:53 +0200
Subject: [PATCH 38/45] description .

---
 .../hostingEnvironments/.test/asev2/deploy.test.bicep       | 6 +++---
 .../hostingEnvironments/.test/asev3/deploy.test.bicep       | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
index 3fb06c8e21..acab043bc8 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
@@ -3,14 +3,14 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for testing purposes')
+@description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
 
-@description('Optional. The location to deploy resources to')
+@description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
 param serviceShort string = 'whasev2'
 
 // =========== //
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
index 0aec67c354..b06be6f780 100644
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
@@ -3,14 +3,14 @@ targetScope = 'subscription'
 // ========== //
 // Parameters //
 // ========== //
-@description('Optional. The name of the resource group to deploy for testing purposes')
+@description('Optional. The name of the resource group to deploy for testing purposes.')
 @maxLength(90)
 param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
 
-@description('Optional. The location to deploy resources to')
+@description('Optional. The location to deploy resources to.')
 param location string = deployment().location
 
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
 param serviceShort string = 'whasev3'
 
 // =========== //

From 26046e5fdef11b1888c3b298ab4e21e17fcfb9c8 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 18:16:28 +0200
Subject: [PATCH 39/45] rollback ase

---
 .../.test/asev2.parameters.json               | 54 ++++++++++++
 .../.test/asev2/dependencies.bicep            | 75 ----------------
 .../.test/asev2/deploy.test.bicep             | 86 -------------------
 .../.test/asev3.parameters.json               | 48 +++++++++++
 .../.test/asev3/dependencies.bicep            | 75 ----------------
 .../.test/asev3/deploy.test.bicep             | 84 ------------------
 .../hostingEnvironments/readme.md             | 60 ++++++-------
 7 files changed, 132 insertions(+), 350 deletions(-)
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
 create mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
 delete mode 100644 modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep

diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
new file mode 100644
index 0000000000..c556495066
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2.parameters.json
@@ -0,0 +1,54 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-appse-asev2-001"
+        },
+        "kind": {
+            "value": "ASEv2"
+        },
+        "multiSize": {
+            "value": "Standard_D1_V2"
+        },
+        "ipsslAddressCount": {
+            "value": 2
+        },
+        "clusterSettings": {
+            "value": [
+                {
+                    "name": "DisableTls1.0",
+                    "value": "1"
+                }
+            ]
+        },
+        "subnetResourceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008"
+        },
+        "roleAssignments": {
+            "value": [
+                {
+                    "roleDefinitionIdOrName": "Reader",
+                    "principalIds": [
+                        "<<deploymentSpId>>"
+                    ]
+                }
+            ]
+        },
+        "diagnosticLogsRetentionInDays": {
+            "value": 7
+        },
+        "diagnosticStorageAccountId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+        },
+        "diagnosticWorkspaceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+        },
+        "diagnosticEventHubAuthorizationRuleId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+        },
+        "diagnosticEventHubName": {
+            "value": "adp-<<namePrefix>>-az-evh-x-001"
+        }
+    }
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
deleted file mode 100644
index ffdc26a8d9..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/dependencies.bicep
+++ /dev/null
@@ -1,75 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Network Security Group to create.')
-param networkSecurityGroupName string
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
-  name: networkSecurityGroupName
-  location: location
-  properties: {
-    securityRules: [
-      {
-        name: 'AllowPortsForASE2'
-        properties: {
-          access: 'Allow'
-          destinationAddressPrefix: '10.0.9.0/24'
-          destinationPortRange: '454-455'
-          direction: 'Inbound'
-          priority: 1020
-          protocol: '*'
-          sourceAddressPrefix: 'AppServiceManagement'
-          sourcePortRange: '*'
-        }
-      }
-    ]
-  }
-}
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
-    name: virtualNetworkName
-    location: location
-    properties: {
-        addressSpace: {
-            addressPrefixes: [
-                '10.0.0.0/16'
-            ]
-        }
-        subnets: [
-            {
-                name: '<<namePrefix>>-az-subnet-x-008'
-                properties: {
-                    addressPrefix: '10.0.9.0/24'
-                    networkSecurityGroup: {
-                        id: networkSecurityGroup.id
-                    }
-                    delegations: [
-                        {
-                            name: 'ase'
-                            properties: {
-                            serviceName: 'Microsoft.Web/hostingEnvironments'
-                            }
-                        }
-                    ]
-                }
-            }
-        ]
-    }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
-    name: managedIdentityName
-    location: location
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
deleted file mode 100644
index acab043bc8..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep
+++ /dev/null
@@ -1,86 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev2'
-
-// =========== //
-// Deployments //
-// =========== //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
-  name: resourceGroupName
-  location: location
-}
-
-module resourceGroupResources 'dependencies.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-paramNested'
-  params: {
-    networkSecurityGroupName: 'dep-<<namePrefix>>-nsg-${serviceShort}'
-    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
-    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
-  }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
-  params: {
-    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
-    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
-    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
-    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
-    location: location
-  }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../deploy.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
-  params: {
-    name: '<<namePrefix>>${serviceShort}001'
-    subnetResourceId: resourceGroupResources.outputs.subnetResourceId
-    // Non-required parameters
-    clusterSettings: [
-      {
-        name: 'DisableTls1.0'
-        value: '1'
-      }
-    ]
-    diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
-    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
-    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
-    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
-    ipsslAddressCount: 2
-    kind: 'ASEv2'
-    multiSize: 'Standard_D1_V2'
-    roleAssignments: [
-      {
-        principalIds: [
-          resourceGroupResources.outputs.managedIdentityPrincipalId
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
-
-  }
-}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json b/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
new file mode 100644
index 0000000000..a304822546
--- /dev/null
+++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3.parameters.json
@@ -0,0 +1,48 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-az-appse-asev3-001"
+        },
+        "lock": {
+            "value": "CanNotDelete"
+        },
+        "subnetResourceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006"
+        },
+        "roleAssignments": {
+            "value": [
+                {
+                    "roleDefinitionIdOrName": "Reader",
+                    "principalIds": [
+                        "<<deploymentSpId>>"
+                    ]
+                }
+            ]
+        },
+        "diagnosticLogsRetentionInDays": {
+            "value": 7
+        },
+        "clusterSettings": {
+            "value": [
+                {
+                    "name": "DisableTls1.0",
+                    "value": "1"
+                }
+            ]
+        },
+        "diagnosticStorageAccountId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+        },
+        "diagnosticWorkspaceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
+        },
+        "diagnosticEventHubAuthorizationRuleId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
+        },
+        "diagnosticEventHubName": {
+            "value": "adp-<<namePrefix>>-az-evh-x-001"
+        }
+    }
+}
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
deleted file mode 100644
index 9f915aa35f..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/dependencies.bicep
+++ /dev/null
@@ -1,75 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Network Security Group to create.')
-param networkSecurityGroupName string
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
-  name: networkSecurityGroupName
-  location: location
-  properties: {
-    securityRules: [
-      {
-        name: 'AllowPortsForASE'
-        properties: {
-          access: 'Allow'
-          destinationAddressPrefix: '10.0.7.0/24'
-          destinationPortRange: '454-455'
-          direction: 'Inbound'
-          priority: 1010
-          protocol: '*'
-          sourceAddressPrefix: 'AppServiceManagement'
-          sourcePortRange: '*'
-        }
-      }
-    ]
-  }
-}
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
-    name: virtualNetworkName
-    location: location
-    properties: {
-        addressSpace: {
-            addressPrefixes: [
-                '10.0.0.0/16'
-            ]
-        }
-        subnets: [
-            {
-                name: '<<namePrefix>>-az-subnet-x-006'
-                properties: {
-                    addressPrefix: '10.0.7.0/24'
-                    networkSecurityGroup: {
-                        id: networkSecurityGroup.id
-                    }
-                    delegations: [
-                        {
-                            name: 'ase'
-                            properties: {
-                            serviceName: 'Microsoft.Web/hostingEnvironments'
-                            }
-                        }
-                    ]
-                }
-            }
-        ]
-    }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
-    name: managedIdentityName
-    location: location
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
deleted file mode 100644
index b06be6f780..0000000000
--- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep
+++ /dev/null
@@ -1,84 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'ms.web.hostingenvironments-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev3'
-
-// =========== //
-// Deployments //
-// =========== //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
-  name: resourceGroupName
-  location: location
-}
-
-module resourceGroupResources 'dependencies.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-paramNested'
-  params: {
-    networkSecurityGroupName: 'dep-<<namePrefix>>-nsg-${serviceShort}'
-    virtualNetworkName: 'dep-<<namePrefix>>-vnet-${serviceShort}'
-    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
-  }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
-  params: {
-    storageAccountName: 'dep<<namePrefix>>diasa${serviceShort}01'
-    logAnalyticsWorkspaceName: 'dep-<<namePrefix>>-law-${serviceShort}'
-    eventHubNamespaceEventHubName: 'dep-<<namePrefix>>-evh-${serviceShort}'
-    eventHubNamespaceName: 'dep-<<namePrefix>>-evhns-${serviceShort}'
-    location: location
-  }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../deploy.bicep' = {
-  scope: resourceGroup
-  name: '${uniqueString(deployment().name)}-test-${serviceShort}'
-  params: {
-    name: '<<namePrefix>>${serviceShort}001'
-    subnetResourceId: resourceGroupResources.outputs.subnetResourceId
-    // Non-required parameters
-    clusterSettings: [
-      {
-        name: 'DisableTls1.0'
-        value: '1'
-      }
-    ]
-    diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
-    diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
-    diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
-    diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
-    lock: 'CanNotDelete'
-    roleAssignments: [
-      {
-        principalIds: [
-          resourceGroupResources.outputs.managedIdentityPrincipalId
-        ]
-        roleDefinitionIdOrName: 'Reader'
-      }
-    ]
-
-  }
-}
diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md
index ce46d09b17..25e04b3123 100644
--- a/modules/Microsoft.Web/hostingEnvironments/readme.md
+++ b/modules/Microsoft.Web/hostingEnvironments/readme.md
@@ -219,11 +219,11 @@ The following module usage examples are retrieved from the content of the files
 
 ```bicep
 module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-test-whasev2'
+  name: '${uniqueString(deployment().name)}-HostingEnvironments'
   params: {
     // Required parameters
-    name: '<<namePrefix>>whasev2001'
-    subnetResourceId: '<subnetResourceId>'
+    name: '<<namePrefix>>-az-appse-asev2-001'
+    subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008'
     // Non-required parameters
     clusterSettings: [
       {
@@ -231,18 +231,18 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
         value: '1'
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
-    diagnosticEventHubName: '<diagnosticEventHubName>'
+    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
-    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
     ipsslAddressCount: 2
     kind: 'ASEv2'
     multiSize: 'Standard_D1_V2'
     roleAssignments: [
       {
         principalIds: [
-          '<managedIdentityPrincipalId>'
+          '<<deploymentSpId>>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -265,10 +265,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>whasev2001"
+      "value": "<<namePrefix>>-az-appse-asev2-001"
     },
     "subnetResourceId": {
-      "value": "<subnetResourceId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-008"
     },
     // Non-required parameters
     "clusterSettings": {
@@ -280,19 +280,19 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "<diagnosticEventHubAuthorizationRuleId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
     },
     "diagnosticEventHubName": {
-      "value": "<diagnosticEventHubName>"
+      "value": "adp-<<namePrefix>>-az-evh-x-001"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "<diagnosticStorageAccountId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
     },
     "diagnosticWorkspaceId": {
-      "value": "<diagnosticWorkspaceId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
     },
     "ipsslAddressCount": {
       "value": 2
@@ -307,7 +307,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       "value": [
         {
           "principalIds": [
-            "<managedIdentityPrincipalId>"
+            "<<deploymentSpId>>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }
@@ -328,11 +328,11 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
 
 ```bicep
 module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' = {
-  name: '${uniqueString(deployment().name)}-test-whasev3'
+  name: '${uniqueString(deployment().name)}-HostingEnvironments'
   params: {
     // Required parameters
-    name: '<<namePrefix>>whasev3001'
-    subnetResourceId: '<subnetResourceId>'
+    name: '<<namePrefix>>-az-appse-asev3-001'
+    subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006'
     // Non-required parameters
     clusterSettings: [
       {
@@ -340,16 +340,16 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
         value: '1'
       }
     ]
-    diagnosticEventHubAuthorizationRuleId: '<diagnosticEventHubAuthorizationRuleId>'
-    diagnosticEventHubName: '<diagnosticEventHubName>'
+    diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
+    diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
     diagnosticLogsRetentionInDays: 7
-    diagnosticStorageAccountId: '<diagnosticStorageAccountId>'
-    diagnosticWorkspaceId: '<diagnosticWorkspaceId>'
+    diagnosticStorageAccountId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001'
+    diagnosticWorkspaceId: '/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001'
     lock: 'CanNotDelete'
     roleAssignments: [
       {
         principalIds: [
-          '<managedIdentityPrincipalId>'
+          '<<deploymentSpId>>'
         ]
         roleDefinitionIdOrName: 'Reader'
       }
@@ -372,10 +372,10 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
   "parameters": {
     // Required parameters
     "name": {
-      "value": "<<namePrefix>>whasev3001"
+      "value": "<<namePrefix>>-az-appse-asev3-001"
     },
     "subnetResourceId": {
-      "value": "<subnetResourceId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-006"
     },
     // Non-required parameters
     "clusterSettings": {
@@ -387,19 +387,19 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       ]
     },
     "diagnosticEventHubAuthorizationRuleId": {
-      "value": "<diagnosticEventHubAuthorizationRuleId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
     },
     "diagnosticEventHubName": {
-      "value": "<diagnosticEventHubName>"
+      "value": "adp-<<namePrefix>>-az-evh-x-001"
     },
     "diagnosticLogsRetentionInDays": {
       "value": 7
     },
     "diagnosticStorageAccountId": {
-      "value": "<diagnosticStorageAccountId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
     },
     "diagnosticWorkspaceId": {
-      "value": "<diagnosticWorkspaceId>"
+      "value": "/subscriptions/<<subscriptionId>>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<<namePrefix>>-az-law-x-001"
     },
     "lock": {
       "value": "CanNotDelete"
@@ -408,7 +408,7 @@ module hostingEnvironments './Microsoft.Web/hostingEnvironments/deploy.bicep' =
       "value": [
         {
           "principalIds": [
-            "<managedIdentityPrincipalId>"
+            "<<deploymentSpId>>"
           ],
           "roleDefinitionIdOrName": "Reader"
         }

From a816d84d00050cce930ed005ae18c6eff39d3713 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Fri, 30 Sep 2022 18:18:02 +0200
Subject: [PATCH 40/45] rollback ase pipeline

---
 .github/workflows/ms.web.hostingenvironments.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ms.web.hostingenvironments.yml b/.github/workflows/ms.web.hostingenvironments.yml
index 51cefec7c7..5b4e9cdb84 100644
--- a/.github/workflows/ms.web.hostingenvironments.yml
+++ b/.github/workflows/ms.web.hostingenvironments.yml
@@ -106,7 +106,8 @@ jobs:
       - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:
-          templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          parameterFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}'
           location: '${{ env.location }}'
           resourceGroupName: '${{ env.resourceGroupName }}'
           subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'

From 7f82d64beaf635196716d4943b83a60da89e6a20 Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 3 Oct 2022 12:20:59 +0200
Subject: [PATCH 41/45] remove comment

---
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 2 --
 1 file changed, 2 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 23fd06d70e..1570936be0 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -55,13 +55,11 @@ module testDeployment '../../deploy.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
   params: {
-    // Required parameters
     name: '<<namePrefix>>${serviceShort}001'
     osAccountType: 'Premium_LRS'
     osDiskBlobUri: resourceGroupResources.outputs.vhdUri
     osDiskCaching: 'ReadWrite'
     osType: 'Windows'
-    // Non-required parameters
     hyperVGeneration: 'V1'
     roleAssignments: [
       {

From b343454395a3bc49cf6f6f743238c6338f0a696c Mon Sep 17 00:00:00 2001
From: Erika Gressi <erikag@microsoft.com>
Date: Mon, 3 Oct 2022 12:24:16 +0200
Subject: [PATCH 42/45] add metadata to nested rbac param

---
 .../images/.test/common/dependencies_rbac.bicep                | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep
index 7fbc0ff9ed..cdca1b63bd 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies_rbac.bicep
@@ -1,6 +1,9 @@
 targetScope = 'subscription'
 
+@description('Required. The resource ID of the created Managed Identity.')
 param managedIdentityResourceId string
+
+@description('Required. The principal ID of the created Managed Identity.')
 param managedIdentityPrincipalId string
 
 resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {

From 2b989f5b753c71e5f77d00235e8fae9bafad5ebb Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Mon, 3 Oct 2022 15:57:21 +0200
Subject: [PATCH 43/45] Update deploy.test.bicep

Remove vars
---
 .../images/.test/common/deploy.test.bicep     | 22 +++++--------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index 1570936be0..f248a325d0 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -14,16 +14,6 @@ param location string = deployment().location
 @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints')
 param serviceShort string = 'cicom'
 
-// ========= //
-// Variables //
-// ========= //
-
-var managedIdentityName = 'dep-<<namePrefix>>-msi-${serviceShort}'
-var destinationStorageAccountName = 'dep<<namePrefix>>sa${serviceShort}01'
-var imageTemplateNamePrefix = 'dep-<<namePrefix>>-imgt-${serviceShort}'
-var triggerImageDeploymentScriptName = 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
-var copyVhdDeploymentScriptName = 'dep-<<namePrefix>>-ds-${serviceShort}-copyVhdToStorage'
-
 // =========== //
 // Deployments //
 // =========== //
@@ -39,12 +29,12 @@ module resourceGroupResources 'dependencies.bicep' = {
   scope: resourceGroup
   name: '${uniqueString(deployment().name, location)}-paramNested'
   params: {
-    managedIdentityName: managedIdentityName
-    storageAccountName: destinationStorageAccountName
-    imageTemplateNamePrefix: imageTemplateNamePrefix
-    triggerImageDeploymentScriptName: triggerImageDeploymentScriptName
-    copyVhdDeploymentScriptName: copyVhdDeploymentScriptName
-    destinationStorageAccountName: destinationStorageAccountName
+    managedIdentityName: 'dep-<<namePrefix>>-msi-${serviceShort}'
+    storageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
+    imageTemplateNamePrefix: 'dep-<<namePrefix>>-imgt-${serviceShort}'
+    triggerImageDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
+    copyVhdDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-copyVhdToStorage'
+    destinationStorageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
   }
 }
 

From 14f0b546f59da4780bd39aa4aec7bca8bea23a7b Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Mon, 3 Oct 2022 16:02:07 +0200
Subject: [PATCH 44/45] Update dependencies.bicep

Use storageAccount output
---
 .../images/.test/common/dependencies.bicep               | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
index 261af907dc..d422b9c273 100644
--- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep
@@ -4,7 +4,7 @@ param location string = resourceGroup().location
 @description('Required. The name of the Managed Identity to create.')
 param managedIdentityName string
 
-@description('Required. The name of the Storage Account to create.')
+@description('Required. The name of the Storage Account to create and to copy the VHD into.')
 param storageAccountName string
 
 @description('Required. The name prefix of the Image Template to create.')
@@ -19,9 +19,6 @@ param triggerImageDeploymentScriptName string
 @description('Required. The name of the Deployment Script to copy the VHD to a destination storage account.')
 param copyVhdDeploymentScriptName string
 
-@description('Required. The name of the destination Storage Account to copy the created VHD to.')
-param destinationStorageAccountName string
-
 resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
   name: managedIdentityName
   location: location
@@ -134,7 +131,7 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-
   properties: {
     azPowerShellVersion: '8.0'
     retentionInterval: 'P1D'
-    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${destinationStorageAccountName}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
+    arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${storageAccount.name}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete'
     scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1')
     cleanupPreference: 'OnSuccess'
     forceUpdateTag: baseTime
@@ -143,7 +140,7 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-
 }
 
 @description('The URI of the created VHD.')
-output vhdUri string = 'https://${destinationStorageAccountName}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
+output vhdUri string = 'https://${storageAccount.name}.blob.core.windows.net/vhds/${imageTemplateNamePrefix}.vhd'
 
 @description('The principal ID of the created Managed Identity.')
 output managedIdentityPrincipalId string = managedIdentity.properties.principalId

From e38255881aaa30628d65b95c3e68dbd235627e29 Mon Sep 17 00:00:00 2001
From: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Date: Mon, 3 Oct 2022 16:03:22 +0200
Subject: [PATCH 45/45] Update deploy.test.bicep

Remove destinationStorageAccount
---
 modules/Microsoft.Compute/images/.test/common/deploy.test.bicep | 1 -
 1 file changed, 1 deletion(-)

diff --git a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
index f248a325d0..6cc6933050 100644
--- a/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
+++ b/modules/Microsoft.Compute/images/.test/common/deploy.test.bicep
@@ -34,7 +34,6 @@ module resourceGroupResources 'dependencies.bicep' = {
     imageTemplateNamePrefix: 'dep-<<namePrefix>>-imgt-${serviceShort}'
     triggerImageDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-triggerImageTemplate'
     copyVhdDeploymentScriptName: 'dep-<<namePrefix>>-ds-${serviceShort}-copyVhdToStorage'
-    destinationStorageAccountName: 'dep<<namePrefix>>sa${serviceShort}01'
   }
 }