From c7c33b079019753f1f2ee6f6291cdae1e2559ceb Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 14 Dec 2022 16:33:26 +0000 Subject: [PATCH 01/26] sftp feature add --- .../.test/common/deploy.test.bicep | 21 + .../storageAccounts/deploy.bicep | 26 + .../storageAccounts/localUsers/deploy.bicep | 66 ++ .../storageAccounts/localUsers/readme.md | 55 ++ .../storageAccounts/readme.md | 614 ++++++++++-------- settings.yml | 28 +- 6 files changed, 509 insertions(+), 301 deletions(-) create mode 100644 modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep create mode 100644 modules/Microsoft.Storage/storageAccounts/localUsers/readme.md diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index 20379c8bda..616d8cd924 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -64,6 +64,9 @@ module testDeployment '../../deploy.bicep' = { allowBlobPublicAccess: false requireInfrastructureEncryption: true lock: 'CanNotDelete' + enableHierarchicalNamespace: true + enableSftp: true + enableNfsV3: true privateEndpoints: [ { service: 'blob' @@ -91,6 +94,24 @@ module testDeployment '../../deploy.bicep' = { } ] } + localUsers:[ + { + storageAccountName: '<>${serviceShort}001' + name: 'testuser' + hasSharedKey: false + hasSshKey: true + hasSshPassword: false + permissionScopes: [ + { + permissions: 'r' + service: 'blob' + resourceName: 'avdscripts' + } + ] + } + ] + + blobServices: { diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index cb3c0ffc81..dc90df1fc8 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -85,6 +85,15 @@ param minimumTlsVersion string = 'TLS1_2' @description('Optional. If true, enables Hierarchical Namespace for the storage account.') param enableHierarchicalNamespace bool = false +@description('Optional. If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true.') +param enableSftp bool = false + +@description('Optional. Details of local users to be added for SFTP authentication.') +param localUsers array = [] + +@description('Optional. If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true.') +param enableNfsV3 bool = false + @description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') @minValue(0) @maxValue(365) @@ -227,6 +236,8 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { accessTier: storageAccountKind != 'Storage' ? storageAccountAccessTier : null supportsHttpsTrafficOnly: supportsHttpsTrafficOnly isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null + isSftpEnabled: enableSftp ? enableSftp : null + isNfsV3Enabled: enableNfsV3 ? enableNfsV3 : null minimumTlsVersion: minimumTlsVersion networkAcls: !empty(networkAcls) ? { bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null @@ -304,6 +315,21 @@ module storageAccount_managementPolicies 'managementPolicies/deploy.bicep' = if } } +// SFTP user settings +module storageAccount_localUsers 'localUsers/deploy.bicep' = [ for (localUser, index) in localUsers: { + name: '${uniqueString(deployment().name, location)}-Storage-LocalUsers-${index}' + params: { + storageAccountName: storageAccount.name + name: localUser.name + hasSharedKey: localUser.hasSharedKey + hasSshKey: localUser.hasSshKey + hasSshPassword: localUser.hasSshPassword + homeDirectory: localUser.homeDirectory + permissionScopes: localUser.permissionScopes + sshAuthorizedKeys: localUser.sshAuthorizedKeys + } +}] + // Containers module storageAccount_blobServices 'blobServices/deploy.bicep' = if (!empty(blobServices)) { name: '${uniqueString(deployment().name, location)}-Storage-BlobServices' diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep new file mode 100644 index 0000000000..29c789a67b --- /dev/null +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -0,0 +1,66 @@ +@maxLength(24) +@description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') +param storageAccountName string + +@description('Required. The local user name to be used for SFTP Authentication.') +param name string + +@description('Required. Indicates whether shared key exists. Set it to false to remove existing shared key.') +param hasSharedKey bool + +@description('Required. Indicates whether ssh key exists. Set it to false to remove existing SSH key.') +param hasSshKey bool + +@description('Required. Indicates whether ssh password exists. Set it to false to remove existing SSH password.') +param hasSshPassword bool + +@description('Optional. The local user home directory.') +param homeDirectory string = '' + +@description('Required. The permission scopes of the local user.') +param permissionScopes array + +@description('Optional. The local user ssh authorized keys for SFTP.') +param sshAuthorizedKeys array + + + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { + name: storageAccountName +} + +resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2021-09-01' = { + name: name + parent : storageAccount + properties: { + hasSharedKey: hasSharedKey + hasSshKey: hasSshKey + hasSshPassword: hasSshPassword + homeDirectory: homeDirectory + permissionScopes: permissionScopes + sshAuthorizedKeys: sshAuthorizedKeys + } +} + +@description('The name of the local user created for SFTP Authentication.') +output localUser string = localUsers.name + +@description('The permission scopes granted for the local user.') +output permissionScopes array = localUsers.properties.permissionScopes + diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md new file mode 100644 index 0000000000..e712035556 --- /dev/null +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -0,0 +1,55 @@ +# Storage StorageAccounts LocalUsers `[Microsoft.Storage/storageAccounts/localUsers]` + +This module deploys Storage StorageAccounts LocalUsers. +// TODO: Replace Resource and fill in description + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Storage/storageAccounts/localUsers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/localUsers) | + +## Parameters + +**Required parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `hasSharedKey` | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. | +| `hasSshKey` | bool | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | +| `hasSshPassword` | bool | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | +| `name` | string | The local user name to be used for SFTP Authentication. | +| `permissionScopes` | array | The permission scopes of the local user. | + +**Conditional parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `storageAccountName` | string | The name of the parent Storage Account. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| `homeDirectory` | string | `''` | The local user home directory. | +| `sshAuthorizedKeys` | array | | The local user ssh authorized keys for SFTP. | + + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `localUser` | string | The name of the local user created for SFTP Authentication. | +| `permissionScopes` | array | The permission scopes granted for the local user. | + +## Cross-referenced modules + +_None_ diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index f76689cd74..c923694251 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -26,6 +26,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices/containers/immutabilityPolicies) | | `Microsoft.Storage/storageAccounts/fileServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices) | | `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices/shares) | +| `Microsoft.Storage/storageAccounts/localUsers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/localUsers) | | `Microsoft.Storage/storageAccounts/managementPolicies` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/managementPolicies) | | `Microsoft.Storage/storageAccounts/queueServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices) | | `Microsoft.Storage/storageAccounts/queueServices/queues` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices/queues) | @@ -65,7 +66,10 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | | `enableHierarchicalNamespace` | bool | `False` | | If true, enables Hierarchical Namespace for the storage account. | +| `enableNfsV3` | bool | `False` | | If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. | +| `enableSftp` | bool | `False` | | If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. | | `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | File service and shares to deploy. | +| `localUsers` | _[localUsers](localUsers/readme.md)_ array | `[]` | | Details of local users to be added for SFTP authentication. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `managementPolicyRules` | array | `[]` | | The Storage Account ManagementPolicies Rules. | @@ -399,151 +403,170 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters - allowBlobPublicAccess: false - blobServices: { - containers: [ + requireInfrastructureEncryption: true + queueServices: { + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticWorkspaceId: '' + queues: [ { - name: 'avdscripts' - publicAccess: 'None' roleAssignments: [ { + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' } ] + name: 'queue1' + metadata: { + key1: 'value1' + key2: 'value2' + } } { - allowProtectedAppendWrites: false - enableWORM: true - name: 'archivecontainer' - publicAccess: 'None' - WORMRetention: 666 + metadata: {} + name: 'queue2' } ] diagnosticEventHubAuthorizationRuleId: '' - diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' } - diagnosticEventHubAuthorizationRuleId: '' - diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + } + ] enableDefaultTelemetry: '' - fileServices: { - diagnosticEventHubAuthorizationRuleId: '' + systemAssignedIdentity: true + blobServices: { diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - shares: [ + containers: [ { - name: 'avdprofiles' roleAssignments: [ { + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' } ] - shareQuota: 5120 - } - { - name: 'avdprofiles2' - shareQuota: 5120 - } - ] - } - lock: 'CanNotDelete' - networkAcls: { - bypass: 'AzureServices' - defaultAction: 'Deny' - ipRules: [ - { - action: 'Allow' - value: '1.1.1.1' + publicAccess: 'None' + name: 'avdscripts' } - ] - virtualNetworkRules: [ { - action: 'Allow' - id: '' + name: 'archivecontainer' + publicAccess: 'None' + enableWORM: true + WORMRetention: 666 + allowProtectedAppendWrites: false } ] + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' } - privateEndpoints: [ + storageAccountSku: 'Standard_LRS' + enableNfsV3: true + localUsers: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - service: 'blob' - subnetResourceId: '' + hasSshPassword: false + permissionScopes: [ + { + service: 'blob' + permissions: 'r' + resourceName: 'avdscripts' + } + ] + storageAccountName: '<>ssacom001' + hasSshKey: true + hasSharedKey: false + name: 'testuser' } ] - queueServices: { - diagnosticEventHubAuthorizationRuleId: '' + enableHierarchicalNamespace: true + lock: 'CanNotDelete' + userAssignedIdentities: { + '': {} + } + fileServices: { diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - queues: [ + shares: [ { - metadata: { - key1: 'value1' - key2: 'value2' - } - name: 'queue1' + shareQuota: 5120 + name: 'avdprofiles' roleAssignments: [ { + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' } ] } { - metadata: {} - name: 'queue2' + shareQuota: 5120 + name: 'avdprofiles2' } ] + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' } - requireInfrastructureEncryption: true - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - storageAccountSku: 'Standard_LRS' - systemAssignedIdentity: true tableServices: { - diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' tables: [ 'table1' 'table2' ] + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' } - userAssignedIdentities: { - '': {} + diagnosticLogsRetentionInDays: 7 + allowBlobPublicAccess: false + diagnosticWorkspaceId: '' + enableSftp: true + diagnosticStorageAccountId: '' + networkAcls: { + virtualNetworkRules: [ + { + action: 'Allow' + id: '' + } + ] + bypass: 'AzureServices' + defaultAction: 'Deny' + ipRules: [ + { + value: '1.1.1.1' + action: 'Allow' + } + ] } + diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' + privateEndpoints: [ + { + subnetResourceId: '' + service: 'blob' + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + } + ] } } ``` @@ -565,188 +588,215 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "allowBlobPublicAccess": { - "value": false + "requireInfrastructureEncryption": { + "value": true }, - "blobServices": { + "queueServices": { "value": { - "containers": [ + "diagnosticEventHubName": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticWorkspaceId": "", + "queues": [ { - "name": "avdscripts", - "publicAccess": "None", "roleAssignments": [ { + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } - ] + ], + "name": "queue1", + "metadata": { + "key1": "value1", + "key2": "value2" + } }, { - "allowProtectedAppendWrites": false, - "enableWORM": true, - "name": "archivecontainer", - "publicAccess": "None", - "WORMRetention": 666 + "metadata": {}, + "name": "queue2" } ], "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticEventHubName": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "" + "diagnosticStorageAccountId": "" } }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticWorkspaceId": { - "value": "" + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal" + } + ] }, "enableDefaultTelemetry": { "value": "" }, - "fileServices": { + "systemAssignedIdentity": { + "value": true + }, + "blobServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "", - "shares": [ + "containers": [ { - "name": "avdprofiles", "roleAssignments": [ { + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } ], - "shareQuota": 5120 + "publicAccess": "None", + "name": "avdscripts" }, { - "name": "avdprofiles2", - "shareQuota": 5120 + "name": "archivecontainer", + "publicAccess": "None", + "enableWORM": true, + "WORMRetention": 666, + "allowProtectedAppendWrites": false } - ] + ], + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "" } }, - "lock": { - "value": "CanNotDelete" + "enableNfsV3": { + "value": true + }, + "localUsers": { + "value": [ + { + "hasSshPassword": false, + "permissionScopes": [ + { + "service": "blob", + "permissions": "r", + "resourceName": "avdscripts" + } + ], + "storageAccountName": "<>ssacom001", + "hasSshKey": true, + "hasSharedKey": false, + "name": "testuser" + } + ] }, "networkAcls": { "value": { - "bypass": "AzureServices", - "defaultAction": "Deny", - "ipRules": [ + "virtualNetworkRules": [ { "action": "Allow", - "value": "1.1.1.1" + "id": "" } ], - "virtualNetworkRules": [ + "bypass": "AzureServices", + "defaultAction": "Deny", + "ipRules": [ { - "action": "Allow", - "id": "" + "value": "1.1.1.1", + "action": "Allow" } ] } }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, - "service": "blob", - "subnetResourceId": "" - } - ] + "enableHierarchicalNamespace": { + "value": true }, - "queueServices": { + "lock": { + "value": "CanNotDelete" + }, + "fileServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "", - "queues": [ + "shares": [ { - "metadata": { - "key1": "value1", - "key2": "value2" - }, - "name": "queue1", + "shareQuota": 5120, + "name": "avdprofiles", "roleAssignments": [ { + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } ] }, { - "metadata": {}, - "name": "queue2" + "shareQuota": 5120, + "name": "avdprofiles2" } - ] + ], + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "" } }, - "requireInfrastructureEncryption": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "systemAssignedIdentity": { - "value": true + "userAssignedIdentities": { + "value": { + "": {} + } }, "tableServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "", "tables": [ "table1", "table2" - ] + ], + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "" } }, - "userAssignedIdentities": { - "value": { - "": {} - } + "storageAccountSku": { + "value": "Standard_LRS" + }, + "allowBlobPublicAccess": { + "value": false + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableSftp": { + "value": true + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "", + "service": "blob", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + } + } + ] } } } @@ -768,35 +818,35 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters + requireInfrastructureEncryption: true + cMKKeyVaultResourceId: '' + enableDefaultTelemetry: '' + systemAssignedIdentity: false allowBlobPublicAccess: false - blobServices: { - containers: [ - { - name: '<>container' - publicAccess: 'None' - } - ] + storageAccountSku: 'Standard_LRS' + userAssignedIdentities: { + '': {} } - cMKKeyName: '' - cMKKeyVaultResourceId: '' cMKUserAssignedIdentityResourceId: '' - enableDefaultTelemetry: '' privateEndpoints: [ { + subnetResourceId: '' + service: 'blob' privateDnsZoneGroup: { privateDNSResourceIds: [ '' ] } - service: 'blob' - subnetResourceId: '' } ] - requireInfrastructureEncryption: true - storageAccountSku: 'Standard_LRS' - systemAssignedIdentity: false - userAssignedIdentities: { - '': {} + cMKKeyName: '' + blobServices: { + containers: [ + { + publicAccess: 'None' + name: '<>container' + } + ] } } } @@ -819,56 +869,56 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>stsencr001" }, // Non-required parameters + "requireInfrastructureEncryption": { + "value": true + }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "systemAssignedIdentity": { + "value": false + }, "allowBlobPublicAccess": { "value": false }, - "blobServices": { + "storageAccountSku": { + "value": "Standard_LRS" + }, + "userAssignedIdentities": { "value": { - "containers": [ - { - "name": "<>container", - "publicAccess": "None" - } - ] + "": {} } }, - "cMKKeyName": { - "value": "" - }, - "cMKKeyVaultResourceId": { - "value": "" - }, "cMKUserAssignedIdentityResourceId": { "value": "" }, - "enableDefaultTelemetry": { - "value": "" - }, "privateEndpoints": { "value": [ { + "subnetResourceId": "", + "service": "blob", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" ] - }, - "service": "blob", - "subnetResourceId": "" + } } ] }, - "requireInfrastructureEncryption": { - "value": true - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "systemAssignedIdentity": { - "value": false + "cMKKeyName": { + "value": "" }, - "userAssignedIdentities": { + "blobServices": { "value": { - "": {} + "containers": [ + { + "publicAccess": "None", + "name": "<>container" + } + ] } } } @@ -940,38 +990,38 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters - allowBlobPublicAccess: false - diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + allowBlobPublicAccess: false + userAssignedIdentities: { + '': {} + } enableDefaultTelemetry: '' fileServices: { shares: [ { - enabledProtocols: 'NFS' name: 'nfsfileshare' + enabledProtocols: 'NFS' } ] } - lock: 'CanNotDelete' roleAssignments: [ { + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' } ] - storageAccountKind: 'FileStorage' - storageAccountSku: 'Premium_LRS' supportsHttpsTrafficOnly: false systemAssignedIdentity: true - userAssignedIdentities: { - '': {} - } + diagnosticStorageAccountId: '' + diagnosticLogsRetentionInDays: 7 + storageAccountSku: 'Premium_LRS' + storageAccountKind: 'FileStorage' + diagnosticWorkspaceId: '' + lock: 'CanNotDelete' } } ``` @@ -993,23 +1043,22 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssanfs001" }, // Non-required parameters - "allowBlobPublicAccess": { - "value": false - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" + "lock": { + "value": "CanNotDelete" }, "diagnosticEventHubName": { "value": "" }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "userAssignedIdentities": { + "value": { + "": {} + } }, - "diagnosticStorageAccountId": { - "value": "" + "allowBlobPublicAccess": { + "value": false }, - "diagnosticWorkspaceId": { - "value": "" + "diagnosticLogsRetentionInDays": { + "value": 7 }, "enableDefaultTelemetry": { "value": "" @@ -1018,42 +1067,43 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": { "shares": [ { - "enabledProtocols": "NFS", - "name": "nfsfileshare" + "name": "nfsfileshare", + "enabledProtocols": "NFS" } ] } }, - "lock": { - "value": "CanNotDelete" - }, "roleAssignments": { "value": [ { + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } ] }, - "storageAccountKind": { - "value": "FileStorage" - }, - "storageAccountSku": { - "value": "Premium_LRS" - }, "supportsHttpsTrafficOnly": { "value": false }, "systemAssignedIdentity": { "value": true }, - "userAssignedIdentities": { - "value": { - "": {} - } + "diagnosticStorageAccountId": { + "value": "" + }, + "storageAccountSku": { + "value": "Premium_LRS" + }, + "storageAccountKind": { + "value": "FileStorage" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" } } } @@ -1076,8 +1126,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { name: '<>ssav1001' // Non-required parameters allowBlobPublicAccess: false - enableDefaultTelemetry: '' storageAccountKind: 'Storage' + enableDefaultTelemetry: '' } } ``` @@ -1102,11 +1152,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "allowBlobPublicAccess": { "value": false }, - "enableDefaultTelemetry": { - "value": "" - }, "storageAccountKind": { "value": "Storage" + }, + "enableDefaultTelemetry": { + "value": "" } } } diff --git a/settings.yml b/settings.yml index 37c759f5f5..213ce25208 100644 --- a/settings.yml +++ b/settings.yml @@ -13,7 +13,7 @@ variables: # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' - localToken_namePrefix: '' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. ###################################### # global tokens settings @@ -23,13 +23,6 @@ variables: tokenPrefix: '<<' tokenSuffix: '>>' - ###################################### - # Agent settings - ###################################### - - vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents - poolName: '' # Use this for self-hosted agents - ###################################### # Common folders and file paths ###################################### @@ -41,19 +34,14 @@ variables: ###################################### location: 'West Europe' # The default location to test deploy resources to - - ###################################### - # Publish: Shared settings - ###################################### - - publishLatest: true # [Only for Template-Specs & Bicep Registry] Publish an absolute latest version. Note: This version may include breaking changes and is not recommended for production environments + resourceGroupName: 'carml-validation-rg' # The default resource group to test deployment resources into ###################################### # Publish: Template-Spec settings ###################################### templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs - templateSpecsRGName: 'artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. + templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform @@ -62,8 +50,8 @@ variables: ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. - bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) + bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryRGName: 'carml-artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to ########################################################################################################################### @@ -71,9 +59,11 @@ variables: ########################################################################################################################### ###################################### - # Connection settings + # Agent settings ###################################### + vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents + poolName: '' # Use this for self-hosted agents serviceConnection: 'CARML-CSU-Tenant-Connection' ###################################### @@ -113,4 +103,4 @@ variables: # value: 'OtherVersion' # - name: preferredAzurePowerShellVersion # value: '4.4.0' -# +# \ No newline at end of file From 5404eabd90b43b0f3f5bd858513b7b8c911b2bee Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 14 Dec 2022 16:49:05 +0000 Subject: [PATCH 02/26] added version.json --- .../Microsoft.Storage/storageAccounts/localUsers/version.json | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 modules/Microsoft.Storage/storageAccounts/localUsers/version.json diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/version.json b/modules/Microsoft.Storage/storageAccounts/localUsers/version.json new file mode 100644 index 0000000000..56f8d9ca40 --- /dev/null +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.4" +} From 7d9f92e4129027cce987dbfa0fd92414ab71e317 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 14 Dec 2022 17:02:09 +0000 Subject: [PATCH 03/26] added outputs --- .../storageAccounts/localUsers/deploy.bicep | 5 +++++ .../Microsoft.Storage/storageAccounts/localUsers/readme.md | 2 ++ 2 files changed, 7 insertions(+) diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index 29c789a67b..08602a9c17 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -64,3 +64,8 @@ output localUser string = localUsers.name @description('The permission scopes granted for the local user.') output permissionScopes array = localUsers.properties.permissionScopes +@description('The resource group of the deployed management policy.') +output resourceGroupName string = resourceGroup().name + +@description('The resource ID of the local user resource created.') +output resourceId string = localUsers.id diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index e712035556..a6cc3d980d 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -49,6 +49,8 @@ This module deploys Storage StorageAccounts LocalUsers. | :-- | :-- | :-- | | `localUser` | string | The name of the local user created for SFTP Authentication. | | `permissionScopes` | array | The permission scopes granted for the local user. | +| `resourceGroupName` | string | The resource group of the deployed management policy. | +| `resourceId` | string | The resource ID of the local user resource created. | ## Cross-referenced modules From ac383d5aa50348e3511391b4c9fc2e67fccae56f Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 14 Dec 2022 17:14:14 +0000 Subject: [PATCH 04/26] updated output name --- .../storageAccounts/localUsers/deploy.bicep | 5 +---- .../Microsoft.Storage/storageAccounts/localUsers/readme.md | 3 +-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index 08602a9c17..97ddd16626 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -59,10 +59,7 @@ resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2021-09-01' = } @description('The name of the local user created for SFTP Authentication.') -output localUser string = localUsers.name - -@description('The permission scopes granted for the local user.') -output permissionScopes array = localUsers.properties.permissionScopes +output name string = localUsers.name @description('The resource group of the deployed management policy.') output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index a6cc3d980d..d2939fea7a 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -47,8 +47,7 @@ This module deploys Storage StorageAccounts LocalUsers. | Output Name | Type | Description | | :-- | :-- | :-- | -| `localUser` | string | The name of the local user created for SFTP Authentication. | -| `permissionScopes` | array | The permission scopes granted for the local user. | +| `name` | string | The name of the local user created for SFTP Authentication. | | `resourceGroupName` | string | The resource group of the deployed management policy. | | `resourceId` | string | The resource ID of the local user resource created. | From 5bad81f7bd3b4f0d8e008cc1fea828ad217439b5 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 15 Dec 2022 16:33:10 +0000 Subject: [PATCH 05/26] updated readme --- .../storageAccounts/readme.md | 648 +++++++++--------- 1 file changed, 324 insertions(+), 324 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index c923694251..f6cccc4830 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -403,170 +403,170 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters - requireInfrastructureEncryption: true - queueServices: { - diagnosticEventHubName: '' + enableNfsV3: true + storageAccountSku: 'Standard_LRS' + enableHierarchicalNamespace: true + diagnosticLogsRetentionInDays: 7 + roleAssignments: [ + { + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + principalIds: [ + '' + ] + } + ] + privateEndpoints: [ + { + service: 'blob' + subnetResourceId: '' + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + } + ] + fileServices: { + diagnosticEventHubAuthorizationRuleId: '' diagnosticLogsRetentionInDays: 7 diagnosticWorkspaceId: '' - queues: [ + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' + shares: [ { + name: 'avdprofiles' + shareQuota: 5120 roleAssignments: [ { + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - principalType: 'ServicePrincipal' } ] - name: 'queue1' - metadata: { - key1: 'value1' - key2: 'value2' - } } { - metadata: {} - name: 'queue2' + shareQuota: 5120 + name: 'avdprofiles2' } ] - diagnosticEventHubAuthorizationRuleId: '' - diagnosticStorageAccountId: '' } - roleAssignments: [ + enableSftp: true + localUsers: [ { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '' + hasSharedKey: false + hasSshPassword: false + storageAccountName: '<>ssacom001' + name: 'testuser' + hasSshKey: true + permissionScopes: [ + { + service: 'blob' + resourceName: 'avdscripts' + permissions: 'r' + } ] - principalType: 'ServicePrincipal' } ] - enableDefaultTelemetry: '' - systemAssignedIdentity: true + networkAcls: { + virtualNetworkRules: [ + { + action: 'Allow' + id: '' + } + ] + ipRules: [ + { + action: 'Allow' + value: '1.1.1.1' + } + ] + defaultAction: 'Deny' + bypass: 'AzureServices' + } blobServices: { - diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' diagnosticLogsRetentionInDays: 7 + diagnosticEventHubName: '' + diagnosticWorkspaceId: '' + diagnosticStorageAccountId: '' containers: [ { + name: 'avdscripts' + publicAccess: 'None' roleAssignments: [ { + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - principalType: 'ServicePrincipal' } ] - publicAccess: 'None' - name: 'avdscripts' } { - name: 'archivecontainer' - publicAccess: 'None' + allowProtectedAppendWrites: false enableWORM: true + publicAccess: 'None' WORMRetention: 666 - allowProtectedAppendWrites: false + name: 'archivecontainer' } ] - diagnosticWorkspaceId: '' - diagnosticEventHubAuthorizationRuleId: '' - diagnosticStorageAccountId: '' } - storageAccountSku: 'Standard_LRS' - enableNfsV3: true - localUsers: [ - { - hasSshPassword: false - permissionScopes: [ - { - service: 'blob' - permissions: 'r' - resourceName: 'avdscripts' - } - ] - storageAccountName: '<>ssacom001' - hasSshKey: true - hasSharedKey: false - name: 'testuser' - } - ] - enableHierarchicalNamespace: true - lock: 'CanNotDelete' userAssignedIdentities: { '': {} } - fileServices: { - diagnosticEventHubName: '' + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' + requireInfrastructureEncryption: true + queueServices: { + diagnosticEventHubAuthorizationRuleId: '' diagnosticLogsRetentionInDays: 7 - shares: [ + diagnosticWorkspaceId: '' + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' + queues: [ { - shareQuota: 5120 - name: 'avdprofiles' + metadata: { + key1: 'value1' + key2: 'value2' + } + name: 'queue1' roleAssignments: [ { + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - principalType: 'ServicePrincipal' } ] } { - shareQuota: 5120 - name: 'avdprofiles2' + metadata: {} + name: 'queue2' } ] - diagnosticWorkspaceId: '' - diagnosticEventHubAuthorizationRuleId: '' - diagnosticStorageAccountId: '' } + systemAssignedIdentity: true + allowBlobPublicAccess: false + lock: 'CanNotDelete' + enableDefaultTelemetry: '' + diagnosticWorkspaceId: '' tableServices: { - diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' diagnosticLogsRetentionInDays: 7 + diagnosticWorkspaceId: '' + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' tables: [ 'table1' 'table2' ] - diagnosticWorkspaceId: '' - diagnosticEventHubAuthorizationRuleId: '' - diagnosticStorageAccountId: '' } - diagnosticLogsRetentionInDays: 7 - allowBlobPublicAccess: false - diagnosticWorkspaceId: '' - enableSftp: true - diagnosticStorageAccountId: '' - networkAcls: { - virtualNetworkRules: [ - { - action: 'Allow' - id: '' - } - ] - bypass: 'AzureServices' - defaultAction: 'Deny' - ipRules: [ - { - value: '1.1.1.1' - action: 'Allow' - } - ] - } - diagnosticEventHubName: '' diagnosticEventHubAuthorizationRuleId: '' - privateEndpoints: [ - { - subnetResourceId: '' - service: 'blob' - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - } - ] } } ``` @@ -588,106 +588,75 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "requireInfrastructureEncryption": { + "enableNfsV3": { "value": true }, - "queueServices": { - "value": { - "diagnosticEventHubName": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticWorkspaceId": "", - "queues": [ - { - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal" - } - ], - "name": "queue1", - "metadata": { - "key1": "value1", - "key2": "value2" - } - }, - { - "metadata": {}, - "name": "queue2" - } - ], - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "" - } + "storageAccountSku": { + "value": "Standard_LRS" + }, + "enableHierarchicalNamespace": { + "value": true + }, + "diagnosticLogsRetentionInDays": { + "value": 7 }, "roleAssignments": { "value": [ { + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ], - "principalType": "ServicePrincipal" + ] } ] }, - "enableDefaultTelemetry": { - "value": "" - }, - "systemAssignedIdentity": { - "value": true - }, - "blobServices": { + "fileServices": { "value": { - "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", "diagnosticLogsRetentionInDays": 7, - "containers": [ + "diagnosticWorkspaceId": "", + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", + "shares": [ { + "name": "avdprofiles", + "shareQuota": 5120, "roleAssignments": [ { + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ], - "principalType": "ServicePrincipal" + ] } - ], - "publicAccess": "None", - "name": "avdscripts" + ] }, { - "name": "archivecontainer", - "publicAccess": "None", - "enableWORM": true, - "WORMRetention": 666, - "allowProtectedAppendWrites": false + "shareQuota": 5120, + "name": "avdprofiles2" } - ], - "diagnosticWorkspaceId": "", - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "" + ] } }, - "enableNfsV3": { + "enableSftp": { "value": true }, "localUsers": { "value": [ { + "hasSharedKey": false, "hasSshPassword": false, + "storageAccountName": "<>ssacom001", + "name": "testuser", + "hasSshKey": true, "permissionScopes": [ { "service": "blob", - "permissions": "r", - "resourceName": "avdscripts" + "resourceName": "avdscripts", + "permissions": "r" } - ], - "storageAccountName": "<>ssacom001", - "hasSshKey": true, - "hasSharedKey": false, - "name": "testuser" + ] } ] }, @@ -699,104 +668,135 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "id": "" } ], - "bypass": "AzureServices", - "defaultAction": "Deny", "ipRules": [ { - "value": "1.1.1.1", - "action": "Allow" + "action": "Allow", + "value": "1.1.1.1" + } + ], + "defaultAction": "Deny", + "bypass": "AzureServices" + } + }, + "blobServices": { + "value": { + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticEventHubName": "", + "diagnosticWorkspaceId": "", + "diagnosticStorageAccountId": "", + "containers": [ + { + "name": "avdscripts", + "publicAccess": "None", + "roleAssignments": [ + { + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "" + ] + } + ] + }, + { + "allowProtectedAppendWrites": false, + "enableWORM": true, + "publicAccess": "None", + "WORMRetention": 666, + "name": "archivecontainer" } ] } }, - "enableHierarchicalNamespace": { + "userAssignedIdentities": { + "value": { + "": {} + } + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "requireInfrastructureEncryption": { "value": true }, + "privateEndpoints": { + "value": [ + { + "service": "blob", + "subnetResourceId": "", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + } + } + ] + }, + "systemAssignedIdentity": { + "value": true + }, + "allowBlobPublicAccess": { + "value": false + }, "lock": { "value": "CanNotDelete" }, - "fileServices": { + "queueServices": { "value": { - "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", "diagnosticLogsRetentionInDays": 7, - "shares": [ + "diagnosticWorkspaceId": "", + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", + "queues": [ { - "shareQuota": 5120, - "name": "avdprofiles", + "metadata": { + "key1": "value1", + "key2": "value2" + }, + "name": "queue1", "roleAssignments": [ { + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ], - "principalType": "ServicePrincipal" + ] } ] }, { - "shareQuota": 5120, - "name": "avdprofiles2" + "metadata": {}, + "name": "queue2" } - ], - "diagnosticWorkspaceId": "", - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "" + ] } }, - "userAssignedIdentities": { - "value": { - "": {} - } + "enableDefaultTelemetry": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" }, "tableServices": { "value": { - "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", "diagnosticLogsRetentionInDays": 7, + "diagnosticWorkspaceId": "", + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", "tables": [ "table1", "table2" - ], - "diagnosticWorkspaceId": "", - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "" + ] } }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "diagnosticWorkspaceId": { - "value": "" - }, - "enableSftp": { - "value": true - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticEventHubName": { - "value": "" - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "", - "service": "blob", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - } - } - ] } } } @@ -818,20 +818,24 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters - requireInfrastructureEncryption: true + cMKKeyName: '' + blobServices: { + containers: [ + { + name: '<>container' + publicAccess: 'None' + } + ] + } cMKKeyVaultResourceId: '' - enableDefaultTelemetry: '' - systemAssignedIdentity: false - allowBlobPublicAccess: false storageAccountSku: 'Standard_LRS' - userAssignedIdentities: { - '': {} - } - cMKUserAssignedIdentityResourceId: '' + allowBlobPublicAccess: false + systemAssignedIdentity: false + requireInfrastructureEncryption: true privateEndpoints: [ { - subnetResourceId: '' service: 'blob' + subnetResourceId: '' privateDnsZoneGroup: { privateDNSResourceIds: [ '' @@ -839,15 +843,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } } ] - cMKKeyName: '' - blobServices: { - containers: [ - { - publicAccess: 'None' - name: '<>container' - } - ] + enableDefaultTelemetry: '' + userAssignedIdentities: { + '': {} } + cMKUserAssignedIdentityResourceId: '' } } ``` @@ -869,37 +869,39 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>stsencr001" }, // Non-required parameters - "requireInfrastructureEncryption": { - "value": true + "cMKKeyName": { + "value": "" + }, + "blobServices": { + "value": { + "containers": [ + { + "name": "<>container", + "publicAccess": "None" + } + ] + } }, "cMKKeyVaultResourceId": { "value": "" }, - "enableDefaultTelemetry": { - "value": "" - }, - "systemAssignedIdentity": { - "value": false + "storageAccountSku": { + "value": "Standard_LRS" }, "allowBlobPublicAccess": { "value": false }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "userAssignedIdentities": { - "value": { - "": {} - } + "systemAssignedIdentity": { + "value": false }, - "cMKUserAssignedIdentityResourceId": { - "value": "" + "requireInfrastructureEncryption": { + "value": true }, "privateEndpoints": { "value": [ { - "subnetResourceId": "", "service": "blob", + "subnetResourceId": "", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" @@ -908,18 +910,16 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] }, - "cMKKeyName": { - "value": "" + "enableDefaultTelemetry": { + "value": "" }, - "blobServices": { + "userAssignedIdentities": { "value": { - "containers": [ - { - "publicAccess": "None", - "name": "<>container" - } - ] + "": {} } + }, + "cMKUserAssignedIdentityResourceId": { + "value": "" } } } @@ -990,38 +990,38 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters + lock: 'CanNotDelete' + diagnosticWorkspaceId: '' diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' - allowBlobPublicAccess: false - userAssignedIdentities: { - '': {} - } + storageAccountKind: 'FileStorage' enableDefaultTelemetry: '' - fileServices: { - shares: [ - { - name: 'nfsfileshare' - enabledProtocols: 'NFS' - } - ] - } roleAssignments: [ { + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - principalType: 'ServicePrincipal' } ] supportsHttpsTrafficOnly: false - systemAssignedIdentity: true diagnosticStorageAccountId: '' - diagnosticLogsRetentionInDays: 7 + allowBlobPublicAccess: false storageAccountSku: 'Premium_LRS' - storageAccountKind: 'FileStorage' - diagnosticWorkspaceId: '' - lock: 'CanNotDelete' + diagnosticEventHubAuthorizationRuleId: '' + fileServices: { + shares: [ + { + name: 'nfsfileshare' + enabledProtocols: 'NFS' + } + ] + } + userAssignedIdentities: { + '': {} + } + diagnosticLogsRetentionInDays: 7 + systemAssignedIdentity: true } } ``` @@ -1046,22 +1046,45 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "lock": { "value": "CanNotDelete" }, + "diagnosticWorkspaceId": { + "value": "" + }, + "supportsHttpsTrafficOnly": { + "value": false + }, + "roleAssignments": { + "value": [ + { + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "" + ] + } + ] + }, + "enableDefaultTelemetry": { + "value": "" + }, "diagnosticEventHubName": { "value": "" }, - "userAssignedIdentities": { - "value": { - "": {} - } + "storageAccountKind": { + "value": "FileStorage" + }, + "diagnosticStorageAccountId": { + "value": "" }, "allowBlobPublicAccess": { "value": false }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "userAssignedIdentities": { + "value": { + "": {} + } }, - "enableDefaultTelemetry": { - "value": "" + "diagnosticEventHubAuthorizationRuleId": { + "value": "" }, "fileServices": { "value": { @@ -1073,37 +1096,14 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { ] } }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal" - } - ] - }, - "supportsHttpsTrafficOnly": { - "value": false - }, - "systemAssignedIdentity": { - "value": true - }, - "diagnosticStorageAccountId": { - "value": "" - }, "storageAccountSku": { "value": "Premium_LRS" }, - "storageAccountKind": { - "value": "FileStorage" - }, - "diagnosticWorkspaceId": { - "value": "" + "diagnosticLogsRetentionInDays": { + "value": 7 }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" + "systemAssignedIdentity": { + "value": true } } } @@ -1152,11 +1152,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "allowBlobPublicAccess": { "value": false }, - "storageAccountKind": { - "value": "Storage" - }, "enableDefaultTelemetry": { "value": "" + }, + "storageAccountKind": { + "value": "Storage" } } } From ecd6be6008f44a427aa261bf139e4290868622e8 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 16 Dec 2022 12:42:24 +0000 Subject: [PATCH 06/26] readme updates --- .../storageAccounts/readme.md | 578 +++++++++--------- 1 file changed, 289 insertions(+), 289 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index f6cccc4830..bf70c1747e 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -403,64 +403,82 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters - enableNfsV3: true - storageAccountSku: 'Standard_LRS' - enableHierarchicalNamespace: true - diagnosticLogsRetentionInDays: 7 + enableDefaultTelemetry: '' + diagnosticEventHubAuthorizationRuleId: '' roleAssignments: [ { principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] + roleDefinitionIdOrName: 'Reader' } ] - privateEndpoints: [ - { - service: 'blob' - subnetResourceId: '' - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - } - ] - fileServices: { - diagnosticEventHubAuthorizationRuleId: '' + enableSftp: true + tableServices: { + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticWorkspaceId: '' + tables: [ + 'table1' + 'table2' + ] diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + } + diagnosticStorageAccountId: '' + fileServices: { diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' shares: [ { - name: 'avdprofiles' shareQuota: 5120 + name: 'avdprofiles' roleAssignments: [ { principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] + roleDefinitionIdOrName: 'Reader' } ] } { - shareQuota: 5120 name: 'avdprofiles2' + shareQuota: 5120 } ] } - enableSftp: true + userAssignedIdentities: { + '': {} + } + networkAcls: { + defaultAction: 'Deny' + bypass: 'AzureServices' + ipRules: [ + { + action: 'Allow' + value: '1.1.1.1' + } + ] + virtualNetworkRules: [ + { + action: 'Allow' + id: '' + } + ] + } + enableNfsV3: true localUsers: [ { - hasSharedKey: false - hasSshPassword: false - storageAccountName: '<>ssacom001' name: 'testuser' + hasSharedKey: false hasSshKey: true + storageAccountName: '<>ssacom001' permissionScopes: [ { service: 'blob' @@ -468,105 +486,87 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { permissions: 'r' } ] + hasSshPassword: false } ] - networkAcls: { - virtualNetworkRules: [ - { - action: 'Allow' - id: '' - } - ] - ipRules: [ - { - action: 'Allow' - value: '1.1.1.1' - } - ] - defaultAction: 'Deny' - bypass: 'AzureServices' - } - blobServices: { - diagnosticEventHubAuthorizationRuleId: '' - diagnosticLogsRetentionInDays: 7 - diagnosticEventHubName: '' - diagnosticWorkspaceId: '' - diagnosticStorageAccountId: '' - containers: [ - { - name: 'avdscripts' - publicAccess: 'None' - roleAssignments: [ - { - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '' - ] - } + privateEndpoints: [ + { + service: 'blob' + subnetResourceId: '' + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' ] } - { - allowProtectedAppendWrites: false - enableWORM: true - publicAccess: 'None' - WORMRetention: 666 - name: 'archivecontainer' - } - ] - } - userAssignedIdentities: { - '': {} - } - diagnosticStorageAccountId: '' - diagnosticEventHubName: '' + } + ] requireInfrastructureEncryption: true queueServices: { - diagnosticEventHubAuthorizationRuleId: '' - diagnosticLogsRetentionInDays: 7 diagnosticWorkspaceId: '' - diagnosticStorageAccountId: '' diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' queues: [ { metadata: { - key1: 'value1' key2: 'value2' + key1: 'value1' } name: 'queue1' roleAssignments: [ { principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] + roleDefinitionIdOrName: 'Reader' } ] } { - metadata: {} name: 'queue2' + metadata: {} } ] + diagnosticEventHubAuthorizationRuleId: '' } systemAssignedIdentity: true allowBlobPublicAccess: false + diagnosticLogsRetentionInDays: 7 + storageAccountSku: 'Standard_LRS' + diagnosticEventHubName: '' lock: 'CanNotDelete' - enableDefaultTelemetry: '' diagnosticWorkspaceId: '' - tableServices: { - diagnosticEventHubAuthorizationRuleId: '' + blobServices: { + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - diagnosticWorkspaceId: '' diagnosticStorageAccountId: '' - diagnosticEventHubName: '' - tables: [ - 'table1' - 'table2' + diagnosticWorkspaceId: '' + diagnosticEventHubAuthorizationRuleId: '' + containers: [ + { + publicAccess: 'None' + name: 'avdscripts' + roleAssignments: [ + { + principalType: 'ServicePrincipal' + principalIds: [ + '' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + } + { + WORMRetention: 666 + publicAccess: 'None' + allowProtectedAppendWrites: false + name: 'archivecontainer' + enableWORM: true + } ] } - diagnosticEventHubAuthorizationRuleId: '' + enableHierarchicalNamespace: true } } ``` @@ -588,141 +588,117 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "enableNfsV3": { - "value": true - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "enableHierarchicalNamespace": { - "value": true + "enableDefaultTelemetry": { + "value": "" }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "diagnosticEventHubAuthorizationRuleId": { + "value": "" }, "roleAssignments": { "value": [ { "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ] + ], + "roleDefinitionIdOrName": "Reader" } ] }, - "fileServices": { + "enableSftp": { + "value": true + }, + "systemAssignedIdentity": { + "value": true + }, + "tableServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticWorkspaceId": "", + "tables": [ + "table1", + "table2" + ], "diagnosticStorageAccountId": "", + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "" + } + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "fileServices": { + "value": { "diagnosticEventHubName": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "", "shares": [ { - "name": "avdprofiles", "shareQuota": 5120, + "name": "avdprofiles", "roleAssignments": [ { "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ] + ], + "roleDefinitionIdOrName": "Reader" } ] }, { - "shareQuota": 5120, - "name": "avdprofiles2" + "name": "avdprofiles2", + "shareQuota": 5120 } ] } }, - "enableSftp": { - "value": true - }, - "localUsers": { - "value": [ - { - "hasSharedKey": false, - "hasSshPassword": false, - "storageAccountName": "<>ssacom001", - "name": "testuser", - "hasSshKey": true, - "permissionScopes": [ - { - "service": "blob", - "resourceName": "avdscripts", - "permissions": "r" - } - ] - } - ] + "userAssignedIdentities": { + "value": { + "": {} + } }, "networkAcls": { "value": { - "virtualNetworkRules": [ - { - "action": "Allow", - "id": "" - } - ], + "defaultAction": "Deny", + "bypass": "AzureServices", "ipRules": [ { "action": "Allow", "value": "1.1.1.1" } ], - "defaultAction": "Deny", - "bypass": "AzureServices" - } - }, - "blobServices": { - "value": { - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticEventHubName": "", - "diagnosticWorkspaceId": "", - "diagnosticStorageAccountId": "", - "containers": [ - { - "name": "avdscripts", - "publicAccess": "None", - "roleAssignments": [ - { - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "" - ] - } - ] - }, - { - "allowProtectedAppendWrites": false, - "enableWORM": true, - "publicAccess": "None", - "WORMRetention": 666, - "name": "archivecontainer" + "virtualNetworkRules": [ + { + "action": "Allow", + "id": "" } ] } }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticEventHubName": { - "value": "" - }, - "requireInfrastructureEncryption": { + "enableNfsV3": { "value": true }, + "localUsers": { + "value": [ + { + "name": "testuser", + "hasSharedKey": false, + "hasSshKey": true, + "storageAccountName": "<>ssacom001", + "permissionScopes": [ + { + "service": "blob", + "resourceName": "avdscripts", + "permissions": "r" + } + ], + "hasSshPassword": false + } + ] + }, "privateEndpoints": { "value": [ { @@ -736,67 +712,91 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] }, - "systemAssignedIdentity": { + "requireInfrastructureEncryption": { "value": true }, - "allowBlobPublicAccess": { - "value": false - }, - "lock": { - "value": "CanNotDelete" - }, "queueServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticLogsRetentionInDays": 7, "diagnosticWorkspaceId": "", - "diagnosticStorageAccountId": "", "diagnosticEventHubName": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", "queues": [ { "metadata": { - "key1": "value1", - "key2": "value2" + "key2": "value2", + "key1": "value1" }, "name": "queue1", "roleAssignments": [ { "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ] + ], + "roleDefinitionIdOrName": "Reader" } ] }, { - "metadata": {}, - "name": "queue2" + "name": "queue2", + "metadata": {} } - ] + ], + "diagnosticEventHubAuthorizationRuleId": "" } }, - "enableDefaultTelemetry": { - "value": "" + "lock": { + "value": "CanNotDelete" + }, + "allowBlobPublicAccess": { + "value": false + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "storageAccountSku": { + "value": "Standard_LRS" + }, + "diagnosticEventHubName": { + "value": "" }, "diagnosticWorkspaceId": { "value": "" }, - "tableServices": { + "blobServices": { "value": { - "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticWorkspaceId": "", "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "tables": [ - "table1", - "table2" + "diagnosticWorkspaceId": "", + "diagnosticEventHubAuthorizationRuleId": "", + "containers": [ + { + "publicAccess": "None", + "name": "avdscripts", + "roleAssignments": [ + { + "principalType": "ServicePrincipal", + "principalIds": [ + "" + ], + "roleDefinitionIdOrName": "Reader" + } + ] + }, + { + "WORMRetention": 666, + "publicAccess": "None", + "allowProtectedAppendWrites": false, + "name": "archivecontainer", + "enableWORM": true + } ] } }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" + "enableHierarchicalNamespace": { + "value": true } } } @@ -818,20 +818,18 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters - cMKKeyName: '' + cMKUserAssignedIdentityResourceId: '' + systemAssignedIdentity: false + enableDefaultTelemetry: '' + allowBlobPublicAccess: false blobServices: { containers: [ { - name: '<>container' publicAccess: 'None' + name: '<>container' } ] } - cMKKeyVaultResourceId: '' - storageAccountSku: 'Standard_LRS' - allowBlobPublicAccess: false - systemAssignedIdentity: false - requireInfrastructureEncryption: true privateEndpoints: [ { service: 'blob' @@ -843,11 +841,13 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } } ] - enableDefaultTelemetry: '' + requireInfrastructureEncryption: true + cMKKeyVaultResourceId: '' + storageAccountSku: 'Standard_LRS' userAssignedIdentities: { '': {} } - cMKUserAssignedIdentityResourceId: '' + cMKKeyName: '' } } ``` @@ -869,34 +869,28 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>stsencr001" }, // Non-required parameters - "cMKKeyName": { - "value": "" + "cMKUserAssignedIdentityResourceId": { + "value": "" + }, + "systemAssignedIdentity": { + "value": false + }, + "enableDefaultTelemetry": { + "value": "" + }, + "allowBlobPublicAccess": { + "value": false }, "blobServices": { "value": { "containers": [ { - "name": "<>container", - "publicAccess": "None" + "publicAccess": "None", + "name": "<>container" } ] } }, - "cMKKeyVaultResourceId": { - "value": "" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "allowBlobPublicAccess": { - "value": false - }, - "systemAssignedIdentity": { - "value": false - }, - "requireInfrastructureEncryption": { - "value": true - }, "privateEndpoints": { "value": [ { @@ -910,16 +904,22 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] }, - "enableDefaultTelemetry": { - "value": "" + "requireInfrastructureEncryption": { + "value": true + }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "storageAccountSku": { + "value": "Standard_LRS" }, "userAssignedIdentities": { "value": { "": {} } }, - "cMKUserAssignedIdentityResourceId": { - "value": "" + "cMKKeyName": { + "value": "" } } } @@ -941,8 +941,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssamin001' // Non-required parameters - allowBlobPublicAccess: false enableDefaultTelemetry: '' + allowBlobPublicAccess: false } } ``` @@ -964,11 +964,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssamin001" }, // Non-required parameters - "allowBlobPublicAccess": { - "value": false - }, "enableDefaultTelemetry": { "value": "" + }, + "allowBlobPublicAccess": { + "value": false } } } @@ -990,25 +990,30 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters - lock: 'CanNotDelete' - diagnosticWorkspaceId: '' - diagnosticEventHubName: '' - storageAccountKind: 'FileStorage' enableDefaultTelemetry: '' + storageAccountKind: 'FileStorage' + userAssignedIdentities: { + '': {} + } + systemAssignedIdentity: true + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticEventHubAuthorizationRuleId: '' + allowBlobPublicAccess: false roleAssignments: [ { principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] + roleDefinitionIdOrName: 'Reader' } ] + diagnosticEventHubName: '' supportsHttpsTrafficOnly: false - diagnosticStorageAccountId: '' - allowBlobPublicAccess: false + lock: 'CanNotDelete' + diagnosticWorkspaceId: '' storageAccountSku: 'Premium_LRS' - diagnosticEventHubAuthorizationRuleId: '' fileServices: { shares: [ { @@ -1017,11 +1022,6 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } - userAssignedIdentities: { - '': {} - } - diagnosticLogsRetentionInDays: 7 - systemAssignedIdentity: true } } ``` @@ -1043,49 +1043,58 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssanfs001" }, // Non-required parameters - "lock": { - "value": "CanNotDelete" + "enableDefaultTelemetry": { + "value": "" + }, + "storageAccountKind": { + "value": "FileStorage" + }, + "userAssignedIdentities": { + "value": { + "": {} + } + }, + "systemAssignedIdentity": { + "value": true + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "" }, "diagnosticWorkspaceId": { "value": "" }, - "supportsHttpsTrafficOnly": { + "allowBlobPublicAccess": { "value": false }, "roleAssignments": { "value": [ { "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader", "principalIds": [ "" - ] + ], + "roleDefinitionIdOrName": "Reader" } ] }, - "enableDefaultTelemetry": { - "value": "" - }, "diagnosticEventHubName": { "value": "" }, - "storageAccountKind": { - "value": "FileStorage" - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "allowBlobPublicAccess": { + "supportsHttpsTrafficOnly": { "value": false }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, + "lock": { + "value": "CanNotDelete" + }, + "storageAccountSku": { + "value": "Premium_LRS" + }, "fileServices": { "value": { "shares": [ @@ -1095,15 +1104,6 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } - }, - "storageAccountSku": { - "value": "Premium_LRS" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "systemAssignedIdentity": { - "value": true } } } @@ -1125,9 +1125,9 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssav1001' // Non-required parameters - allowBlobPublicAccess: false - storageAccountKind: 'Storage' enableDefaultTelemetry: '' + storageAccountKind: 'Storage' + allowBlobPublicAccess: false } } ``` @@ -1149,14 +1149,14 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssav1001" }, // Non-required parameters - "allowBlobPublicAccess": { - "value": false - }, "enableDefaultTelemetry": { "value": "" }, "storageAccountKind": { "value": "Storage" + }, + "allowBlobPublicAccess": { + "value": false } } } From a46c39103387029e4b6f222e2235686afa5eaa56 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 16 Dec 2022 13:25:36 +0000 Subject: [PATCH 07/26] readme updates --- .../storageAccounts/readme.md | 644 +++++++++--------- 1 file changed, 322 insertions(+), 322 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index bf70c1747e..cc54b65c97 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -403,82 +403,32 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters + diagnosticEventHubName: '' + enableHierarchicalNamespace: true enableDefaultTelemetry: '' - diagnosticEventHubAuthorizationRuleId: '' - roleAssignments: [ - { - principalType: 'ServicePrincipal' - principalIds: [ - '' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - enableSftp: true + diagnosticStorageAccountId: '' tableServices: { - diagnosticEventHubName: '' + diagnosticWorkspaceId: '' diagnosticLogsRetentionInDays: 7 + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' tables: [ 'table1' 'table2' ] - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - diagnosticEventHubAuthorizationRuleId: '' - } - diagnosticStorageAccountId: '' - fileServices: { - diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - diagnosticEventHubAuthorizationRuleId: '' - shares: [ - { - shareQuota: 5120 - name: 'avdprofiles' - roleAssignments: [ - { - principalType: 'ServicePrincipal' - principalIds: [ - '' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - } - { - name: 'avdprofiles2' - shareQuota: 5120 - } - ] } + systemAssignedIdentity: true + allowBlobPublicAccess: false + diagnosticLogsRetentionInDays: 7 + requireInfrastructureEncryption: true userAssignedIdentities: { '': {} } - networkAcls: { - defaultAction: 'Deny' - bypass: 'AzureServices' - ipRules: [ - { - action: 'Allow' - value: '1.1.1.1' - } - ] - virtualNetworkRules: [ - { - action: 'Allow' - id: '' - } - ] - } enableNfsV3: true localUsers: [ { - name: 'testuser' - hasSharedKey: false - hasSshKey: true - storageAccountName: '<>ssacom001' + hasSshPassword: false permissionScopes: [ { service: 'blob' @@ -486,87 +436,137 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { permissions: 'r' } ] - hasSshPassword: false - } - ] - privateEndpoints: [ - { - service: 'blob' - subnetResourceId: '' - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } + hasSshKey: true + hasSharedKey: false + name: 'testuser' + storageAccountName: '<>ssacom001' } ] - requireInfrastructureEncryption: true queueServices: { diagnosticWorkspaceId: '' - diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' queues: [ { + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + } + ] metadata: { - key2: 'value2' key1: 'value1' + key2: 'value2' } name: 'queue1' + } + { + name: 'queue2' + metadata: {} + } + ] + diagnosticLogsRetentionInDays: 7 + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' + } + fileServices: { + diagnosticWorkspaceId: '' + diagnosticLogsRetentionInDays: 7 + diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' + shares: [ + { roleAssignments: [ { - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' } ] + shareQuota: 5120 + name: 'avdprofiles' } { - name: 'queue2' - metadata: {} + name: 'avdprofiles2' + shareQuota: 5120 } ] - diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' } - systemAssignedIdentity: true - allowBlobPublicAccess: false - diagnosticLogsRetentionInDays: 7 - storageAccountSku: 'Standard_LRS' - diagnosticEventHubName: '' - lock: 'CanNotDelete' diagnosticWorkspaceId: '' blobServices: { - diagnosticEventHubName: '' - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' + diagnosticLogsRetentionInDays: 7 diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' containers: [ { - publicAccess: 'None' - name: 'avdscripts' roleAssignments: [ { - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' } ] + name: 'avdscripts' + publicAccess: 'None' } { + allowProtectedAppendWrites: false WORMRetention: 666 + enableWORM: true publicAccess: 'None' - allowProtectedAppendWrites: false name: 'archivecontainer' - enableWORM: true } ] + diagnosticEventHubName: '' } - enableHierarchicalNamespace: true + enableSftp: true + diagnosticEventHubAuthorizationRuleId: '' + lock: 'CanNotDelete' + storageAccountSku: 'Standard_LRS' + privateEndpoints: [ + { + service: 'blob' + subnetResourceId: '' + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + } + ] + networkAcls: { + bypass: 'AzureServices' + ipRules: [ + { + value: '1.1.1.1' + action: 'Allow' + } + ] + defaultAction: 'Deny' + virtualNetworkRules: [ + { + id: '' + action: 'Allow' + } + ] + } + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + } + ] } } ``` @@ -588,106 +588,45 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "roleAssignments": { - "value": [ - { - "principalType": "ServicePrincipal", - "principalIds": [ - "" - ], - "roleDefinitionIdOrName": "Reader" - } - ] + "diagnosticEventHubName": { + "value": "" }, - "enableSftp": { + "enableHierarchicalNamespace": { "value": true }, - "systemAssignedIdentity": { - "value": true + "enableDefaultTelemetry": { + "value": "" }, - "tableServices": { + "userAssignedIdentities": { "value": { - "diagnosticEventHubName": "", - "diagnosticLogsRetentionInDays": 7, - "tables": [ - "table1", - "table2" - ], - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "", - "diagnosticEventHubAuthorizationRuleId": "" + "": {} } }, - "diagnosticStorageAccountId": { - "value": "" + "systemAssignedIdentity": { + "value": true }, - "fileServices": { - "value": { - "diagnosticEventHubName": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticWorkspaceId": "", - "diagnosticEventHubAuthorizationRuleId": "", - "shares": [ - { - "shareQuota": 5120, - "name": "avdprofiles", - "roleAssignments": [ - { - "principalType": "ServicePrincipal", - "principalIds": [ - "" - ], - "roleDefinitionIdOrName": "Reader" - } - ] - }, - { - "name": "avdprofiles2", - "shareQuota": 5120 - } - ] - } + "requireInfrastructureEncryption": { + "value": true }, - "userAssignedIdentities": { - "value": { - "": {} - } + "allowBlobPublicAccess": { + "value": false }, - "networkAcls": { - "value": { - "defaultAction": "Deny", - "bypass": "AzureServices", - "ipRules": [ - { - "action": "Allow", - "value": "1.1.1.1" - } - ], - "virtualNetworkRules": [ - { - "action": "Allow", - "id": "" - } - ] - } + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "lock": { + "value": "CanNotDelete" }, "enableNfsV3": { "value": true }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, "localUsers": { "value": [ { - "name": "testuser", - "hasSharedKey": false, - "hasSshKey": true, - "storageAccountName": "<>ssacom001", + "hasSshPassword": false, "permissionScopes": [ { "service": "blob", @@ -695,108 +634,169 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "permissions": "r" } ], - "hasSshPassword": false + "hasSshKey": true, + "hasSharedKey": false, + "name": "testuser", + "storageAccountName": "<>ssacom001" } ] }, - "privateEndpoints": { - "value": [ - { - "service": "blob", - "subnetResourceId": "", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] + "queueServices": { + "value": { + "diagnosticWorkspaceId": "", + "queues": [ + { + "roleAssignments": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal" + } + ], + "metadata": { + "key1": "value1", + "key2": "value2" + }, + "name": "queue1" + }, + { + "name": "queue2", + "metadata": {} } - } - ] - }, - "requireInfrastructureEncryption": { - "value": true + ], + "diagnosticLogsRetentionInDays": 7, + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "" + } }, - "queueServices": { + "fileServices": { "value": { "diagnosticWorkspaceId": "", - "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, + "diagnosticEventHubAuthorizationRuleId": "", "diagnosticStorageAccountId": "", - "queues": [ + "shares": [ { - "metadata": { - "key2": "value2", - "key1": "value1" - }, - "name": "queue1", "roleAssignments": [ { - "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } - ] + ], + "shareQuota": 5120, + "name": "avdprofiles" }, { - "name": "queue2", - "metadata": {} + "name": "avdprofiles2", + "shareQuota": 5120 } ], - "diagnosticEventHubAuthorizationRuleId": "" + "diagnosticEventHubName": "" } }, - "lock": { - "value": "CanNotDelete" - }, - "allowBlobPublicAccess": { - "value": false - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "diagnosticEventHubName": { - "value": "" - }, "diagnosticWorkspaceId": { "value": "" }, "blobServices": { "value": { - "diagnosticEventHubName": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", "diagnosticWorkspaceId": "", + "diagnosticLogsRetentionInDays": 7, "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "", "containers": [ { - "publicAccess": "None", - "name": "avdscripts", "roleAssignments": [ { - "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } - ] + ], + "name": "avdscripts", + "publicAccess": "None" }, { + "allowProtectedAppendWrites": false, "WORMRetention": 666, + "enableWORM": true, "publicAccess": "None", - "allowProtectedAppendWrites": false, - "name": "archivecontainer", - "enableWORM": true + "name": "archivecontainer" } - ] + ], + "diagnosticEventHubName": "" } }, - "enableHierarchicalNamespace": { + "enableSftp": { "value": true + }, + "tableServices": { + "value": { + "diagnosticWorkspaceId": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", + "tables": [ + "table1", + "table2" + ] + } + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "storageAccountSku": { + "value": "Standard_LRS" + }, + "privateEndpoints": { + "value": [ + { + "service": "blob", + "subnetResourceId": "", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + } + } + ] + }, + "networkAcls": { + "value": { + "bypass": "AzureServices", + "ipRules": [ + { + "value": "1.1.1.1", + "action": "Allow" + } + ], + "defaultAction": "Deny", + "virtualNetworkRules": [ + { + "id": "", + "action": "Allow" + } + ] + } + }, + "roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal" + } + ] } } } @@ -818,18 +818,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters - cMKUserAssignedIdentityResourceId: '' - systemAssignedIdentity: false - enableDefaultTelemetry: '' - allowBlobPublicAccess: false - blobServices: { - containers: [ - { - publicAccess: 'None' - name: '<>container' - } - ] - } + cMKKeyName: '' privateEndpoints: [ { service: 'blob' @@ -841,13 +830,24 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } } ] + enableDefaultTelemetry: '' + systemAssignedIdentity: false requireInfrastructureEncryption: true + allowBlobPublicAccess: false cMKKeyVaultResourceId: '' - storageAccountSku: 'Standard_LRS' userAssignedIdentities: { '': {} } - cMKKeyName: '' + cMKUserAssignedIdentityResourceId: '' + blobServices: { + containers: [ + { + publicAccess: 'None' + name: '<>container' + } + ] + } + storageAccountSku: 'Standard_LRS' } } ``` @@ -869,18 +869,32 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>stsencr001" }, // Non-required parameters + "cMKKeyName": { + "value": "" + }, "cMKUserAssignedIdentityResourceId": { "value": "" }, + "enableDefaultTelemetry": { + "value": "" + }, "systemAssignedIdentity": { "value": false }, - "enableDefaultTelemetry": { - "value": "" + "requireInfrastructureEncryption": { + "value": true }, "allowBlobPublicAccess": { "value": false }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "userAssignedIdentities": { + "value": { + "": {} + } + }, "blobServices": { "value": { "containers": [ @@ -904,22 +918,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] }, - "requireInfrastructureEncryption": { - "value": true - }, - "cMKKeyVaultResourceId": { - "value": "" - }, "storageAccountSku": { "value": "Standard_LRS" - }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, - "cMKKeyName": { - "value": "" } } } @@ -990,30 +990,23 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters - enableDefaultTelemetry: '' + storageAccountSku: 'Premium_LRS' storageAccountKind: 'FileStorage' - userAssignedIdentities: { - '': {} - } - systemAssignedIdentity: true - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticEventHubAuthorizationRuleId: '' allowBlobPublicAccess: false + diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' + enableDefaultTelemetry: '' + systemAssignedIdentity: true + supportsHttpsTrafficOnly: false roleAssignments: [ { - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' principalIds: [ '' ] - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' } ] - diagnosticEventHubName: '' - supportsHttpsTrafficOnly: false - lock: 'CanNotDelete' - diagnosticWorkspaceId: '' - storageAccountSku: 'Premium_LRS' fileServices: { shares: [ { @@ -1022,6 +1015,13 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + diagnosticLogsRetentionInDays: 7 + userAssignedIdentities: { + '': {} + } + lock: 'CanNotDelete' } } ``` @@ -1043,58 +1043,38 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssanfs001" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, "storageAccountKind": { "value": "FileStorage" }, - "userAssignedIdentities": { - "value": { - "": {} - } + "allowBlobPublicAccess": { + "value": false }, - "systemAssignedIdentity": { - "value": true + "diagnosticEventHubName": { + "value": "" }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "diagnosticEventHubAuthorizationRuleId": { + "value": "" }, - "diagnosticStorageAccountId": { - "value": "" + "enableDefaultTelemetry": { + "value": "" }, - "diagnosticWorkspaceId": { - "value": "" + "storageAccountSku": { + "value": "Premium_LRS" }, - "allowBlobPublicAccess": { + "supportsHttpsTrafficOnly": { "value": false }, "roleAssignments": { "value": [ { - "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader", "principalIds": [ "" ], - "roleDefinitionIdOrName": "Reader" + "principalType": "ServicePrincipal" } ] }, - "diagnosticEventHubName": { - "value": "" - }, - "supportsHttpsTrafficOnly": { - "value": false - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "storageAccountSku": { - "value": "Premium_LRS" - }, "fileServices": { "value": { "shares": [ @@ -1104,6 +1084,26 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "userAssignedIdentities": { + "value": { + "": {} + } + }, + "systemAssignedIdentity": { + "value": true + }, + "lock": { + "value": "CanNotDelete" } } } @@ -1126,8 +1126,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { name: '<>ssav1001' // Non-required parameters enableDefaultTelemetry: '' - storageAccountKind: 'Storage' allowBlobPublicAccess: false + storageAccountKind: 'Storage' } } ``` @@ -1152,11 +1152,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "enableDefaultTelemetry": { "value": "" }, - "storageAccountKind": { - "value": "Storage" - }, "allowBlobPublicAccess": { "value": false + }, + "storageAccountKind": { + "value": "Storage" } } } From 21920b2ba0770f161027f4450e53f5c0e815e903 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 22 Dec 2022 12:58:37 +0000 Subject: [PATCH 08/26] readme updates --- .../storageAccounts/readme.md | 634 +++++++++--------- 1 file changed, 317 insertions(+), 317 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index cc54b65c97..333ff55375 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -403,62 +403,29 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters - diagnosticEventHubName: '' - enableHierarchicalNamespace: true - enableDefaultTelemetry: '' - diagnosticStorageAccountId: '' - tableServices: { - diagnosticWorkspaceId: '' + requireInfrastructureEncryption: true + diagnosticEventHubAuthorizationRuleId: '' + queueServices: { diagnosticLogsRetentionInDays: 7 - diagnosticEventHubAuthorizationRuleId: '' diagnosticStorageAccountId: '' diagnosticEventHubName: '' - tables: [ - 'table1' - 'table2' - ] - } - systemAssignedIdentity: true - allowBlobPublicAccess: false - diagnosticLogsRetentionInDays: 7 - requireInfrastructureEncryption: true - userAssignedIdentities: { - '': {} - } - enableNfsV3: true - localUsers: [ - { - hasSshPassword: false - permissionScopes: [ - { - service: 'blob' - resourceName: 'avdscripts' - permissions: 'r' - } - ] - hasSshKey: true - hasSharedKey: false - name: 'testuser' - storageAccountName: '<>ssacom001' - } - ] - queueServices: { + diagnosticEventHubAuthorizationRuleId: '' diagnosticWorkspaceId: '' queues: [ { + metadata: { + key1: 'value1' + key2: 'value2' + } roleAssignments: [ { - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' principalIds: [ '' ] - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' } ] - metadata: { - key1: 'value1' - key2: 'value2' - } name: 'queue1' } { @@ -466,107 +433,140 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { metadata: {} } ] + } + enableSftp: true + diagnosticWorkspaceId: '' + blobServices: { diagnosticLogsRetentionInDays: 7 - diagnosticEventHubAuthorizationRuleId: '' diagnosticStorageAccountId: '' diagnosticEventHubName: '' - } - fileServices: { - diagnosticWorkspaceId: '' - diagnosticLogsRetentionInDays: 7 diagnosticEventHubAuthorizationRuleId: '' - diagnosticStorageAccountId: '' - shares: [ + containers: [ { + name: 'avdscripts' roleAssignments: [ { - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' principalIds: [ '' ] - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' } ] - shareQuota: 5120 - name: 'avdprofiles' + publicAccess: 'None' } { - name: 'avdprofiles2' - shareQuota: 5120 + enableWORM: true + allowProtectedAppendWrites: false + WORMRetention: 666 + name: 'archivecontainer' + publicAccess: 'None' } ] - diagnosticEventHubName: '' - } - diagnosticWorkspaceId: '' - blobServices: { diagnosticWorkspaceId: '' + } + localUsers: [ + { + hasSshKey: true + hasSshPassword: false + permissionScopes: [ + { + permissions: 'r' + resourceName: 'avdscripts' + service: 'blob' + } + ] + name: 'testuser' + storageAccountName: '<>ssacom001' + hasSharedKey: false + } + ] + allowBlobPublicAccess: false + fileServices: { diagnosticLogsRetentionInDays: 7 - diagnosticEventHubAuthorizationRuleId: '' diagnosticStorageAccountId: '' - containers: [ + diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' + shares: [ { + shareQuota: 5120 roleAssignments: [ { - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' principalIds: [ '' ] - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' } ] - name: 'avdscripts' - publicAccess: 'None' + name: 'avdprofiles' } { - allowProtectedAppendWrites: false - WORMRetention: 666 - enableWORM: true - publicAccess: 'None' - name: 'archivecontainer' + name: 'avdprofiles2' + shareQuota: 5120 } ] - diagnosticEventHubName: '' + diagnosticWorkspaceId: '' } - enableSftp: true - diagnosticEventHubAuthorizationRuleId: '' + systemAssignedIdentity: true + enableDefaultTelemetry: '' lock: 'CanNotDelete' - storageAccountSku: 'Standard_LRS' + networkAcls: { + virtualNetworkRules: [ + { + action: 'Allow' + id: '' + } + ] + bypass: 'AzureServices' + ipRules: [ + { + action: 'Allow' + value: '1.1.1.1' + } + ] + defaultAction: 'Deny' + } privateEndpoints: [ { - service: 'blob' subnetResourceId: '' privateDnsZoneGroup: { privateDNSResourceIds: [ '' ] } + service: 'blob' } ] - networkAcls: { - bypass: 'AzureServices' - ipRules: [ - { - value: '1.1.1.1' - action: 'Allow' - } - ] - defaultAction: 'Deny' - virtualNetworkRules: [ - { - id: '' - action: 'Allow' - } + diagnosticLogsRetentionInDays: 7 + tableServices: { + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticWorkspaceId: '' + tables: [ + 'table1' + 'table2' ] } + storageAccountSku: 'Standard_LRS' + diagnosticStorageAccountId: '' roleAssignments: [ { - roleDefinitionIdOrName: 'Reader' + principalType: 'ServicePrincipal' principalIds: [ '' ] - principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' } ] + diagnosticEventHubName: '' + enableNfsV3: true + enableHierarchicalNamespace: true + userAssignedIdentities: { + '': {} + } } } ``` @@ -588,215 +588,215 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "diagnosticEventHubName": { - "value": "" - }, - "enableHierarchicalNamespace": { - "value": true - }, - "enableDefaultTelemetry": { - "value": "" - }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, - "systemAssignedIdentity": { - "value": true - }, "requireInfrastructureEncryption": { "value": true }, - "allowBlobPublicAccess": { - "value": false - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "lock": { - "value": "CanNotDelete" - }, - "enableNfsV3": { - "value": true - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, - "localUsers": { - "value": [ - { - "hasSshPassword": false, - "permissionScopes": [ - { - "service": "blob", - "resourceName": "avdscripts", - "permissions": "r" - } - ], - "hasSshKey": true, - "hasSharedKey": false, - "name": "testuser", - "storageAccountName": "<>ssacom001" - } - ] - }, "queueServices": { "value": { + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", "diagnosticWorkspaceId": "", "queues": [ { + "metadata": { + "key1": "value1", + "key2": "value2" + }, "roleAssignments": [ { - "roleDefinitionIdOrName": "Reader", + "principalType": "ServicePrincipal", "principalIds": [ "" ], - "principalType": "ServicePrincipal" + "roleDefinitionIdOrName": "Reader" } ], - "metadata": { - "key1": "value1", - "key2": "value2" - }, "name": "queue1" }, { "name": "queue2", "metadata": {} } - ], - "diagnosticLogsRetentionInDays": 7, - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "" + ] } }, - "fileServices": { + "enableSftp": { + "value": true + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "blobServices": { "value": { - "diagnosticWorkspaceId": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticStorageAccountId": "", - "shares": [ + "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", + "containers": [ { + "name": "avdscripts", "roleAssignments": [ { - "roleDefinitionIdOrName": "Reader", + "principalType": "ServicePrincipal", "principalIds": [ "" ], - "principalType": "ServicePrincipal" + "roleDefinitionIdOrName": "Reader" } ], - "shareQuota": 5120, - "name": "avdprofiles" + "publicAccess": "None" }, { - "name": "avdprofiles2", - "shareQuota": 5120 + "enableWORM": true, + "allowProtectedAppendWrites": false, + "WORMRetention": 666, + "name": "archivecontainer", + "publicAccess": "None" } ], - "diagnosticEventHubName": "" + "diagnosticWorkspaceId": "" } }, - "diagnosticWorkspaceId": { - "value": "" + "localUsers": { + "value": [ + { + "hasSshKey": true, + "hasSshPassword": false, + "permissionScopes": [ + { + "permissions": "r", + "resourceName": "avdscripts", + "service": "blob" + } + ], + "name": "testuser", + "storageAccountName": "<>ssacom001", + "hasSharedKey": false + } + ] }, - "blobServices": { + "allowBlobPublicAccess": { + "value": false + }, + "fileServices": { "value": { - "diagnosticWorkspaceId": "", "diagnosticLogsRetentionInDays": 7, - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticStorageAccountId": "", - "containers": [ + "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", + "shares": [ { + "shareQuota": 5120, "roleAssignments": [ { - "roleDefinitionIdOrName": "Reader", + "principalType": "ServicePrincipal", "principalIds": [ "" ], - "principalType": "ServicePrincipal" + "roleDefinitionIdOrName": "Reader" } ], - "name": "avdscripts", - "publicAccess": "None" + "name": "avdprofiles" }, { - "allowProtectedAppendWrites": false, - "WORMRetention": 666, - "enableWORM": true, - "publicAccess": "None", - "name": "archivecontainer" + "name": "avdprofiles2", + "shareQuota": 5120 } ], - "diagnosticEventHubName": "" + "diagnosticWorkspaceId": "" } }, - "enableSftp": { + "systemAssignedIdentity": { "value": true }, - "tableServices": { + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "networkAcls": { "value": { - "diagnosticWorkspaceId": "", - "diagnosticLogsRetentionInDays": 7, - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "tables": [ - "table1", - "table2" - ] + "virtualNetworkRules": [ + { + "action": "Allow", + "id": "" + } + ], + "bypass": "AzureServices", + "ipRules": [ + { + "action": "Allow", + "value": "1.1.1.1" + } + ], + "defaultAction": "Deny" } }, - "diagnosticStorageAccountId": { - "value": "" - }, - "storageAccountSku": { - "value": "Standard_LRS" - }, "privateEndpoints": { "value": [ { - "service": "blob", "subnetResourceId": "", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" ] - } + }, + "service": "blob" } ] }, - "networkAcls": { + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "tableServices": { "value": { - "bypass": "AzureServices", - "ipRules": [ - { - "value": "1.1.1.1", - "action": "Allow" - } - ], - "defaultAction": "Deny", - "virtualNetworkRules": [ - { - "id": "", - "action": "Allow" - } + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", + "diagnosticEventHubName": "", + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticWorkspaceId": "", + "tables": [ + "table1", + "table2" ] } }, + "storageAccountSku": { + "value": "Standard_LRS" + }, + "diagnosticStorageAccountId": { + "value": "" + }, "roleAssignments": { "value": [ { - "roleDefinitionIdOrName": "Reader", + "principalType": "ServicePrincipal", "principalIds": [ "" ], - "principalType": "ServicePrincipal" + "roleDefinitionIdOrName": "Reader" } ] + }, + "diagnosticEventHubName": { + "value": "" + }, + "enableNfsV3": { + "value": true + }, + "enableHierarchicalNamespace": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "": {} + } } } } @@ -818,36 +818,36 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters - cMKKeyName: '' + cMKUserAssignedIdentityResourceId: '' + requireInfrastructureEncryption: true + blobServices: { + containers: [ + { + name: '<>container' + publicAccess: 'None' + } + ] + } + userAssignedIdentities: { + '': {} + } + cMKKeyVaultResourceId: '' + enableDefaultTelemetry: '' + allowBlobPublicAccess: false + systemAssignedIdentity: false + storageAccountSku: 'Standard_LRS' privateEndpoints: [ { - service: 'blob' subnetResourceId: '' privateDnsZoneGroup: { privateDNSResourceIds: [ '' ] } + service: 'blob' } ] - enableDefaultTelemetry: '' - systemAssignedIdentity: false - requireInfrastructureEncryption: true - allowBlobPublicAccess: false - cMKKeyVaultResourceId: '' - userAssignedIdentities: { - '': {} - } - cMKUserAssignedIdentityResourceId: '' - blobServices: { - containers: [ - { - publicAccess: 'None' - name: '<>container' - } - ] - } - storageAccountSku: 'Standard_LRS' + cMKKeyName: '' } } ``` @@ -869,57 +869,57 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>stsencr001" }, // Non-required parameters - "cMKKeyName": { - "value": "" + "allowBlobPublicAccess": { + "value": false }, "cMKUserAssignedIdentityResourceId": { "value": "" }, - "enableDefaultTelemetry": { - "value": "" - }, - "systemAssignedIdentity": { - "value": false - }, "requireInfrastructureEncryption": { "value": true }, - "allowBlobPublicAccess": { - "value": false - }, - "cMKKeyVaultResourceId": { - "value": "" - }, - "userAssignedIdentities": { - "value": { - "": {} - } - }, "blobServices": { "value": { "containers": [ { - "publicAccess": "None", - "name": "<>container" + "name": "<>container", + "publicAccess": "None" } ] } }, + "userAssignedIdentities": { + "value": { + "": {} + } + }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, "privateEndpoints": { "value": [ { - "service": "blob", "subnetResourceId": "", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" ] - } + }, + "service": "blob" } ] }, + "systemAssignedIdentity": { + "value": false + }, "storageAccountSku": { "value": "Standard_LRS" + }, + "cMKKeyName": { + "value": "" } } } @@ -941,8 +941,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssamin001' // Non-required parameters - enableDefaultTelemetry: '' allowBlobPublicAccess: false + enableDefaultTelemetry: '' } } ``` @@ -964,11 +964,11 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssamin001" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, "allowBlobPublicAccess": { "value": false + }, + "enableDefaultTelemetry": { + "value": "" } } } @@ -990,23 +990,13 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters - storageAccountSku: 'Premium_LRS' - storageAccountKind: 'FileStorage' - allowBlobPublicAccess: false - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' + diagnosticStorageAccountId: '' + supportsHttpsTrafficOnly: false enableDefaultTelemetry: '' + allowBlobPublicAccess: false systemAssignedIdentity: true - supportsHttpsTrafficOnly: false - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - } - ] + diagnosticLogsRetentionInDays: 7 + lock: 'CanNotDelete' fileServices: { shares: [ { @@ -1015,13 +1005,23 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - diagnosticLogsRetentionInDays: 7 + storageAccountKind: 'FileStorage' userAssignedIdentities: { '': {} } - lock: 'CanNotDelete' + roleAssignments: [ + { + principalType: 'ServicePrincipal' + principalIds: [ + '' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + diagnosticEventHubName: '' + diagnosticEventHubAuthorizationRuleId: '' + storageAccountSku: 'Premium_LRS' + diagnosticWorkspaceId: '' } } ``` @@ -1043,37 +1043,26 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssanfs001" }, // Non-required parameters - "storageAccountKind": { - "value": "FileStorage" + "diagnosticStorageAccountId": { + "value": "" }, - "allowBlobPublicAccess": { + "supportsHttpsTrafficOnly": { "value": false }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, "enableDefaultTelemetry": { "value": "" }, - "storageAccountSku": { - "value": "Premium_LRS" - }, - "supportsHttpsTrafficOnly": { + "allowBlobPublicAccess": { "value": false }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal" - } - ] + "systemAssignedIdentity": { + "value": true + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "lock": { + "value": "CanNotDelete" }, "fileServices": { "value": { @@ -1085,25 +1074,36 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { ] } }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticWorkspaceId": { - "value": "" - }, - "diagnosticLogsRetentionInDays": { - "value": 7 + "storageAccountKind": { + "value": "FileStorage" }, "userAssignedIdentities": { "value": { "": {} } }, - "systemAssignedIdentity": { - "value": true + "roleAssignments": { + "value": [ + { + "principalType": "ServicePrincipal", + "principalIds": [ + "" + ], + "roleDefinitionIdOrName": "Reader" + } + ] }, - "lock": { - "value": "CanNotDelete" + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "storageAccountSku": { + "value": "Premium_LRS" + }, + "diagnosticWorkspaceId": { + "value": "" } } } @@ -1125,8 +1125,8 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssav1001' // Non-required parameters - enableDefaultTelemetry: '' allowBlobPublicAccess: false + enableDefaultTelemetry: '' storageAccountKind: 'Storage' } } @@ -1149,12 +1149,12 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssav1001" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, "allowBlobPublicAccess": { "value": false }, + "enableDefaultTelemetry": { + "value": "" + }, "storageAccountKind": { "value": "Storage" } From 26df57c75cc120107de3c501cd2cec3800daea31 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 23 Dec 2022 10:53:50 +0000 Subject: [PATCH 09/26] readme updates --- .../storageAccounts/readme.md | 518 +++++++++--------- 1 file changed, 259 insertions(+), 259 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 333ff55375..a730dfca87 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -403,72 +403,77 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssacom001' // Non-required parameters - requireInfrastructureEncryption: true - diagnosticEventHubAuthorizationRuleId: '' - queueServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' - diagnosticWorkspaceId: '' - queues: [ + allowBlobPublicAccess: false + blobServices: { + containers: [ { - metadata: { - key1: 'value1' - key2: 'value2' - } + name: 'avdscripts' + publicAccess: 'None' roleAssignments: [ { - principalType: 'ServicePrincipal' principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - name: 'queue1' } { - name: 'queue2' - metadata: {} + allowProtectedAppendWrites: false + enableWORM: true + name: 'archivecontainer' + publicAccess: 'None' + WORMRetention: 666 } ] + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' } - enableSftp: true + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' diagnosticWorkspaceId: '' - blobServices: { + enableDefaultTelemetry: '' + enableHierarchicalNamespace: true + enableNfsV3: true + enableSftp: true + fileServices: { + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' - containers: [ + diagnosticWorkspaceId: '' + shares: [ { - name: 'avdscripts' + name: 'avdprofiles' roleAssignments: [ { - principalType: 'ServicePrincipal' principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - publicAccess: 'None' + shareQuota: 5120 } { - enableWORM: true - allowProtectedAppendWrites: false - WORMRetention: 666 - name: 'archivecontainer' - publicAccess: 'None' + name: 'avdprofiles2' + shareQuota: 5120 } ] - diagnosticWorkspaceId: '' } localUsers: [ { + hasSharedKey: false hasSshKey: true hasSshPassword: false + name: 'testuser' permissionScopes: [ { permissions: 'r' @@ -476,94 +481,89 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { service: 'blob' } ] - name: 'testuser' storageAccountName: '<>ssacom001' - hasSharedKey: false } ] - allowBlobPublicAccess: false - fileServices: { - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '' - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' - shares: [ - { - shareQuota: 5120 - roleAssignments: [ - { - principalType: 'ServicePrincipal' - principalIds: [ - '' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - name: 'avdprofiles' - } - { - name: 'avdprofiles2' - shareQuota: 5120 - } - ] - diagnosticWorkspaceId: '' - } - systemAssignedIdentity: true - enableDefaultTelemetry: '' lock: 'CanNotDelete' networkAcls: { - virtualNetworkRules: [ + bypass: 'AzureServices' + defaultAction: 'Deny' + ipRules: [ { action: 'Allow' - id: '' + value: '1.1.1.1' } ] - bypass: 'AzureServices' - ipRules: [ + virtualNetworkRules: [ { action: 'Allow' - value: '1.1.1.1' + id: '' } ] - defaultAction: 'Deny' } privateEndpoints: [ { - subnetResourceId: '' privateDnsZoneGroup: { privateDNSResourceIds: [ '' ] } service: 'blob' + subnetResourceId: '' } ] - diagnosticLogsRetentionInDays: 7 - tableServices: { + queueServices: { + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: '' - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' diagnosticWorkspaceId: '' - tables: [ - 'table1' - 'table2' + queues: [ + { + metadata: { + key1: 'value1' + key2: 'value2' + } + name: 'queue1' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + } + { + metadata: {} + name: 'queue2' + } ] } - storageAccountSku: 'Standard_LRS' - diagnosticStorageAccountId: '' + requireInfrastructureEncryption: true roleAssignments: [ { - principalType: 'ServicePrincipal' principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - diagnosticEventHubName: '' - enableNfsV3: true - enableHierarchicalNamespace: true + storageAccountSku: 'Standard_LRS' + systemAssignedIdentity: true + tableServices: { + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + tables: [ + 'table1' + 'table2' + ] + } userAssignedIdentities: { '': {} } @@ -588,85 +588,102 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssacom001" }, // Non-required parameters - "requireInfrastructureEncryption": { - "value": true - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" + "allowBlobPublicAccess": { + "value": false }, - "queueServices": { + "blobServices": { "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "diagnosticEventHubAuthorizationRuleId": "", - "diagnosticWorkspaceId": "", - "queues": [ + "containers": [ { - "metadata": { - "key1": "value1", - "key2": "value2" - }, + "name": "avdscripts", + "publicAccess": "None", "roleAssignments": [ { - "principalType": "ServicePrincipal", "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } - ], - "name": "queue1" + ] }, { - "name": "queue2", - "metadata": {} + "allowProtectedAppendWrites": false, + "enableWORM": true, + "name": "archivecontainer", + "publicAccess": "None", + "WORMRetention": 666 } - ] + ], + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", + "diagnosticWorkspaceId": "" } }, - "enableSftp": { - "value": true + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "" }, "diagnosticWorkspaceId": { "value": "" }, - "blobServices": { + "enableDefaultTelemetry": { + "value": "" + }, + "enableHierarchicalNamespace": { + "value": true + }, + "enableNfsV3": { + "value": true + }, + "enableSftp": { + "value": true + }, + "fileServices": { "value": { + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "diagnosticEventHubAuthorizationRuleId": "", - "containers": [ + "diagnosticWorkspaceId": "", + "shares": [ { - "name": "avdscripts", + "name": "avdprofiles", "roleAssignments": [ { - "principalType": "ServicePrincipal", "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ], - "publicAccess": "None" + "shareQuota": 5120 }, { - "enableWORM": true, - "allowProtectedAppendWrites": false, - "WORMRetention": 666, - "name": "archivecontainer", - "publicAccess": "None" + "name": "avdprofiles2", + "shareQuota": 5120 } - ], - "diagnosticWorkspaceId": "" + ] } }, "localUsers": { "value": [ { + "hasSharedKey": false, "hasSshKey": true, "hasSshPassword": false, + "name": "testuser", "permissionScopes": [ { "permissions": "r", @@ -674,124 +691,107 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "service": "blob" } ], - "name": "testuser", - "storageAccountName": "<>ssacom001", - "hasSharedKey": false + "storageAccountName": "<>ssacom001" } ] }, - "allowBlobPublicAccess": { - "value": false - }, - "fileServices": { - "value": { - "diagnosticLogsRetentionInDays": 7, - "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "diagnosticEventHubAuthorizationRuleId": "", - "shares": [ - { - "shareQuota": 5120, - "roleAssignments": [ - { - "principalType": "ServicePrincipal", - "principalIds": [ - "" - ], - "roleDefinitionIdOrName": "Reader" - } - ], - "name": "avdprofiles" - }, - { - "name": "avdprofiles2", - "shareQuota": 5120 - } - ], - "diagnosticWorkspaceId": "" - } - }, - "systemAssignedIdentity": { - "value": true - }, - "enableDefaultTelemetry": { - "value": "" - }, "lock": { "value": "CanNotDelete" }, "networkAcls": { "value": { - "virtualNetworkRules": [ - { - "action": "Allow", - "id": "" - } - ], "bypass": "AzureServices", + "defaultAction": "Deny", "ipRules": [ { "action": "Allow", "value": "1.1.1.1" } ], - "defaultAction": "Deny" + "virtualNetworkRules": [ + { + "action": "Allow", + "id": "" + } + ] } }, "privateEndpoints": { "value": [ { - "subnetResourceId": "", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" ] }, - "service": "blob" + "service": "blob", + "subnetResourceId": "" } ] }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "tableServices": { + "queueServices": { "value": { + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", "diagnosticLogsRetentionInDays": 7, "diagnosticStorageAccountId": "", - "diagnosticEventHubName": "", - "diagnosticEventHubAuthorizationRuleId": "", "diagnosticWorkspaceId": "", - "tables": [ - "table1", - "table2" + "queues": [ + { + "metadata": { + "key1": "value1", + "key2": "value2" + }, + "name": "queue1", + "roleAssignments": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + { + "metadata": {}, + "name": "queue2" + } ] } }, - "storageAccountSku": { - "value": "Standard_LRS" - }, - "diagnosticStorageAccountId": { - "value": "" + "requireInfrastructureEncryption": { + "value": true }, "roleAssignments": { "value": [ { - "principalType": "ServicePrincipal", "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, - "diagnosticEventHubName": { - "value": "" + "storageAccountSku": { + "value": "Standard_LRS" }, - "enableNfsV3": { + "systemAssignedIdentity": { "value": true }, - "enableHierarchicalNamespace": { - "value": true + "tableServices": { + "value": { + "diagnosticEventHubAuthorizationRuleId": "", + "diagnosticEventHubName": "", + "diagnosticLogsRetentionInDays": 7, + "diagnosticStorageAccountId": "", + "diagnosticWorkspaceId": "", + "tables": [ + "table1", + "table2" + ] + } }, "userAssignedIdentities": { "value": { @@ -818,8 +818,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>stsencr001' // Non-required parameters - cMKUserAssignedIdentityResourceId: '' - requireInfrastructureEncryption: true + allowBlobPublicAccess: false blobServices: { containers: [ { @@ -828,26 +827,27 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { } ] } - userAssignedIdentities: { - '': {} - } + cMKKeyName: '' cMKKeyVaultResourceId: '' + cMKUserAssignedIdentityResourceId: '' enableDefaultTelemetry: '' - allowBlobPublicAccess: false - systemAssignedIdentity: false - storageAccountSku: 'Standard_LRS' privateEndpoints: [ { - subnetResourceId: '' privateDnsZoneGroup: { privateDNSResourceIds: [ '' ] } service: 'blob' + subnetResourceId: '' } ] - cMKKeyName: '' + requireInfrastructureEncryption: true + storageAccountSku: 'Standard_LRS' + systemAssignedIdentity: false + userAssignedIdentities: { + '': {} + } } } ``` @@ -872,12 +872,6 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "allowBlobPublicAccess": { "value": false }, - "cMKUserAssignedIdentityResourceId": { - "value": "" - }, - "requireInfrastructureEncryption": { - "value": true - }, "blobServices": { "value": { "containers": [ @@ -888,38 +882,44 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { ] } }, - "userAssignedIdentities": { - "value": { - "": {} - } + "cMKKeyName": { + "value": "" }, "cMKKeyVaultResourceId": { "value": "" }, + "cMKUserAssignedIdentityResourceId": { + "value": "" + }, "enableDefaultTelemetry": { "value": "" }, "privateEndpoints": { "value": [ { - "subnetResourceId": "", "privateDnsZoneGroup": { "privateDNSResourceIds": [ "" ] }, - "service": "blob" + "service": "blob", + "subnetResourceId": "" } ] }, - "systemAssignedIdentity": { - "value": false + "requireInfrastructureEncryption": { + "value": true }, "storageAccountSku": { "value": "Standard_LRS" }, - "cMKKeyName": { - "value": "" + "systemAssignedIdentity": { + "value": false + }, + "userAssignedIdentities": { + "value": { + "": {} + } } } } @@ -990,38 +990,38 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { // Required parameters name: '<>ssanfs001' // Non-required parameters - diagnosticStorageAccountId: '' - supportsHttpsTrafficOnly: false - enableDefaultTelemetry: '' allowBlobPublicAccess: false - systemAssignedIdentity: true + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 - lock: 'CanNotDelete' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' fileServices: { shares: [ { - name: 'nfsfileshare' enabledProtocols: 'NFS' + name: 'nfsfileshare' } ] } - storageAccountKind: 'FileStorage' - userAssignedIdentities: { - '': {} - } + lock: 'CanNotDelete' roleAssignments: [ { - principalType: 'ServicePrincipal' principalIds: [ '' ] + principalType: 'ServicePrincipal' roleDefinitionIdOrName: 'Reader' } ] - diagnosticEventHubName: '' - diagnosticEventHubAuthorizationRuleId: '' + storageAccountKind: 'FileStorage' storageAccountSku: 'Premium_LRS' - diagnosticWorkspaceId: '' + supportsHttpsTrafficOnly: false + systemAssignedIdentity: true + userAssignedIdentities: { + '': {} + } } } ``` @@ -1043,67 +1043,67 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "value": "<>ssanfs001" }, // Non-required parameters - "diagnosticStorageAccountId": { - "value": "" - }, - "supportsHttpsTrafficOnly": { - "value": false - }, - "enableDefaultTelemetry": { - "value": "" - }, "allowBlobPublicAccess": { "value": false }, - "systemAssignedIdentity": { - "value": true + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" }, "diagnosticLogsRetentionInDays": { "value": 7 }, - "lock": { - "value": "CanNotDelete" + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" }, "fileServices": { "value": { "shares": [ { - "name": "nfsfileshare", - "enabledProtocols": "NFS" + "enabledProtocols": "NFS", + "name": "nfsfileshare" } ] } }, - "storageAccountKind": { - "value": "FileStorage" - }, - "userAssignedIdentities": { - "value": { - "": {} - } + "lock": { + "value": "CanNotDelete" }, "roleAssignments": { "value": [ { - "principalType": "ServicePrincipal", "principalIds": [ "" ], + "principalType": "ServicePrincipal", "roleDefinitionIdOrName": "Reader" } ] }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" + "storageAccountKind": { + "value": "FileStorage" }, "storageAccountSku": { "value": "Premium_LRS" }, - "diagnosticWorkspaceId": { - "value": "" + "supportsHttpsTrafficOnly": { + "value": false + }, + "systemAssignedIdentity": { + "value": true + }, + "userAssignedIdentities": { + "value": { + "": {} + } } } } From baaa4367c2946c7a33345d55bbcf9ef4ea83e874 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 23 Dec 2022 12:28:58 +0000 Subject: [PATCH 10/26] update api version of localuser resource --- .../Microsoft.Storage/storageAccounts/localUsers/deploy.bicep | 2 +- modules/Microsoft.Storage/storageAccounts/localUsers/readme.md | 2 +- modules/Microsoft.Storage/storageAccounts/readme.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index 97ddd16626..9f558e116f 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -45,7 +45,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing name: storageAccountName } -resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2021-09-01' = { +resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2022-05-01' = { name: name parent : storageAccount properties: { diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index d2939fea7a..59239f123d 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -14,7 +14,7 @@ This module deploys Storage StorageAccounts LocalUsers. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Storage/storageAccounts/localUsers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/localUsers) | +| `Microsoft.Storage/storageAccounts/localUsers` | [2022-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-05-01/storageAccounts/localUsers) | ## Parameters diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index a730dfca87..44f4004997 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -26,7 +26,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices/containers/immutabilityPolicies) | | `Microsoft.Storage/storageAccounts/fileServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices) | | `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices/shares) | -| `Microsoft.Storage/storageAccounts/localUsers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/localUsers) | +| `Microsoft.Storage/storageAccounts/localUsers` | [2022-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-05-01/storageAccounts/localUsers) | | `Microsoft.Storage/storageAccounts/managementPolicies` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/managementPolicies) | | `Microsoft.Storage/storageAccounts/queueServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices) | | `Microsoft.Storage/storageAccounts/queueServices/queues` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices/queues) | From a3d1940a8ed60c0adeb27f32a1f058526d5bbea6 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 23 Dec 2022 12:48:48 +0000 Subject: [PATCH 11/26] add homedirectory to test bicep --- .../storageAccounts/.test/common/deploy.test.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index 616d8cd924..ff57699395 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -101,6 +101,7 @@ module testDeployment '../../deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false + homeDirectory:'avdscripts' permissionScopes: [ { permissions: 'r' From d0994f6bbca58b3d18eb920aad9788d25d0b7f67 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 23 Dec 2022 15:04:06 +0000 Subject: [PATCH 12/26] readme update --- modules/Microsoft.Storage/storageAccounts/readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 44f4004997..4de92242c9 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -473,6 +473,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false + homeDirectory: 'avdscripts' name: 'testuser' permissionScopes: [ { @@ -683,6 +684,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "hasSharedKey": false, "hasSshKey": true, "hasSshPassword": false, + "homeDirectory": "avdscripts", "name": "testuser", "permissionScopes": [ { From 9400d483a70f4d6367a6c9698393842508fd4d47 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 23 Dec 2022 15:17:58 +0000 Subject: [PATCH 13/26] removed home directory from test.bicep --- .../storageAccounts/.test/common/deploy.test.bicep | 1 - modules/Microsoft.Storage/storageAccounts/readme.md | 2 -- 2 files changed, 3 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index ff57699395..616d8cd924 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -101,7 +101,6 @@ module testDeployment '../../deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false - homeDirectory:'avdscripts' permissionScopes: [ { permissions: 'r' diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 4de92242c9..44f4004997 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -473,7 +473,6 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false - homeDirectory: 'avdscripts' name: 'testuser' permissionScopes: [ { @@ -684,7 +683,6 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "hasSharedKey": false, "hasSshKey": true, "hasSshPassword": false, - "homeDirectory": "avdscripts", "name": "testuser", "permissionScopes": [ { From e623e2d1e003e83c46778a08e84271cfee4e7758 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 12:18:54 +0000 Subject: [PATCH 14/26] updated main module with null parameter scenarios --- .../storageAccounts/.test/common/deploy.test.bicep | 1 + .../Microsoft.Storage/storageAccounts/deploy.bicep | 13 +++++++------ .../storageAccounts/localUsers/deploy.bicep | 8 ++++---- .../storageAccounts/localUsers/readme.md | 4 ++-- modules/Microsoft.Storage/storageAccounts/readme.md | 2 ++ 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index 616d8cd924..7cb30cb2d8 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -101,6 +101,7 @@ module testDeployment '../../deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false + homeDirectory: 'avdscripts' permissionScopes: [ { permissions: 'r' diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index dc90df1fc8..839b4f65af 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -321,12 +321,13 @@ module storageAccount_localUsers 'localUsers/deploy.bicep' = [ for (localUser, i params: { storageAccountName: storageAccount.name name: localUser.name - hasSharedKey: localUser.hasSharedKey - hasSshKey: localUser.hasSshKey - hasSshPassword: localUser.hasSshPassword - homeDirectory: localUser.homeDirectory - permissionScopes: localUser.permissionScopes - sshAuthorizedKeys: localUser.sshAuthorizedKeys + hasSharedKey: contains(localUser,'hasSharedKey') ? localUser.hasSharedKey : [] + hasSshKey: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: true + hasSshPassword: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: false + homeDirectory: contains(localUser,'homeDirectory') ? localUser.homeDirectory : '' + permissionScopes: contains(localUser,'permissionScopes') ? localUser.permissionScopes: [] + sshAuthorizedKeys: contains(localUser,'sshAuthorizedKeys') ? localUser.sshAuthorizedKeys : [] + enableDefaultTelemetry:enableReferencedModulesTelemetry } }] diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index 9f558e116f..d575266229 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -5,8 +5,8 @@ param storageAccountName string @description('Required. The local user name to be used for SFTP Authentication.') param name string -@description('Required. Indicates whether shared key exists. Set it to false to remove existing shared key.') -param hasSharedKey bool +@description('Optional. Indicates whether shared key exists. Set it to false to remove existing shared key.') +param hasSharedKey bool = false @description('Required. Indicates whether ssh key exists. Set it to false to remove existing SSH key.') param hasSshKey bool @@ -21,7 +21,7 @@ param homeDirectory string = '' param permissionScopes array @description('Optional. The local user ssh authorized keys for SFTP.') -param sshAuthorizedKeys array +param sshAuthorizedKeys array = [] @@ -54,7 +54,7 @@ resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2022-05-01' = hasSshPassword: hasSshPassword homeDirectory: homeDirectory permissionScopes: permissionScopes - sshAuthorizedKeys: sshAuthorizedKeys + sshAuthorizedKeys: empty(sshAuthorizedKeys) ? null : sshAuthorizedKeys } } diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index 59239f123d..6b7ded52c9 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -22,7 +22,6 @@ This module deploys Storage StorageAccounts LocalUsers. | Parameter Name | Type | Description | | :-- | :-- | :-- | -| `hasSharedKey` | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. | | `hasSshKey` | bool | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | | `hasSshPassword` | bool | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | | `name` | string | The local user name to be used for SFTP Authentication. | @@ -39,8 +38,9 @@ This module deploys Storage StorageAccounts LocalUsers. | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| `hasSharedKey` | bool | `False` | Indicates whether shared key exists. Set it to false to remove existing shared key. | | `homeDirectory` | string | `''` | The local user home directory. | -| `sshAuthorizedKeys` | array | | The local user ssh authorized keys for SFTP. | +| `sshAuthorizedKeys` | array | `[]` | The local user ssh authorized keys for SFTP. | ## Outputs diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 44f4004997..4de92242c9 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -473,6 +473,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { hasSharedKey: false hasSshKey: true hasSshPassword: false + homeDirectory: 'avdscripts' name: 'testuser' permissionScopes: [ { @@ -683,6 +684,7 @@ module storageAccounts './Microsoft.Storage/storageAccounts/deploy.bicep' = { "hasSharedKey": false, "hasSshKey": true, "hasSshPassword": false, + "homeDirectory": "avdscripts", "name": "testuser", "permissionScopes": [ { From 374a5ea15ca93e8d6773e25e15fc51e1b9d56f1f Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 13:15:55 +0000 Subject: [PATCH 15/26] update version.json --- .../Microsoft.Storage/storageAccounts/localUsers/version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/version.json b/modules/Microsoft.Storage/storageAccounts/localUsers/version.json index 56f8d9ca40..41f66cc990 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/version.json +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/version.json @@ -1,4 +1,4 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" + "version": "0.1" } From b45c84a87c539058ec7e6f73c22a9037eea812dc Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 15:08:55 +0000 Subject: [PATCH 16/26] updated parameter type for sharedkey --- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 839b4f65af..b469cb8ad2 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -321,7 +321,7 @@ module storageAccount_localUsers 'localUsers/deploy.bicep' = [ for (localUser, i params: { storageAccountName: storageAccount.name name: localUser.name - hasSharedKey: contains(localUser,'hasSharedKey') ? localUser.hasSharedKey : [] + hasSharedKey: contains(localUser,'hasSharedKey') ? localUser.hasSharedKey : false hasSshKey: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: true hasSshPassword: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: false homeDirectory: contains(localUser,'homeDirectory') ? localUser.homeDirectory : '' From b9bf660ad45b05211a288b443544281cf7dfc8bc Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 15:13:13 +0000 Subject: [PATCH 17/26] revert settings.yml --- settings.yml | 98 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 39 deletions(-) diff --git a/settings.yml b/settings.yml index 213ce25208..92ccd2c8ba 100644 --- a/settings.yml +++ b/settings.yml @@ -7,86 +7,106 @@ variables: # See: https://github.com/Azure/ResourceModules/wiki/The%20library%20-%20Module%20design#telemetry enableDefaultTelemetry: true - ###################################### - # Local tokens settings - ###################################### + ######################## + ## Token settings ## + ######################## # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' - localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. - - ###################################### - # global tokens settings - ###################################### + localToken_namePrefix: '' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. # this determines the starting prefix and ending suffix of the token in your file. tokenPrefix: '<<' tokenSuffix: '>>' - ###################################### - # Common folders and file paths - ###################################### + ######################## + ## Agent settings ## + ######################## + + vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents + poolName: '' # Use this for self-hosted agents + + ####################################### + ## Common folders and file paths ## + ####################################### moduleTestFilePath: 'utilities/pipelines/staticValidation/module.tests.ps1' - ###################################### - # Validation deployment settings - ###################################### + ############################# + ## Validation settings ## + ############################# + + # Static validation # + # ----------------- # + + allowPreviewVersionsInAPITests: true # When enabled, preview versions do not fail the API version tests in the `module.tests.ps1` file + + # Deployment validation # + # --------------------- # location: 'West Europe' # The default location to test deploy resources to - resourceGroupName: 'carml-validation-rg' # The default resource group to test deployment resources into - ###################################### - # Publish: Template-Spec settings - ###################################### + ############################# + ## Publishing settings ## + ############################# + + # Shared settings # + # --------------- # + + publishLatest: true # [Only for Template-Specs & Bicep Registry] Publish an absolute latest version. Note: This version may include breaking changes and is not recommended for production environments + + # Template-Spec settings # + # ---------------------- # templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs - templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. + templateSpecsRGName: 'artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform - ###################################### - # Publish: Private Bicep Registry settings - ###################################### + # ------------------------------- # + # Private Bicep Registry settings # + # ------------------------------- # bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. - bicepRegistryRGName: 'carml-artifacts-rg' # The resource group that hosts the private bicep registry (ACR) + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to ########################################################################################################################### ################################################## Azure DevOps Only ###################################################### ########################################################################################################################### - ###################################### - # Agent settings - ###################################### + ############################# + ## Connection settings ## + ############################# - vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents - poolName: '' # Use this for self-hosted agents serviceConnection: 'CARML-CSU-Tenant-Connection' - ###################################### - # Source - ###################################### + ################ + ## Source ## + ################ vstsOrganizationURI: '$(System.CollectionUri)' # The URI of the TFS collection or Azure DevOps organization. For example: https://dev.azure.com/fabrikam/. vstsProject: '$(System.TeamProject)' modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - ###################################### - # Publish: Universal packages settings - ###################################### + + ############################# + ## Publishing settings ## + ############################# + + # Universal packages settings # + # --------------------------- # artifactsFeedDoPublish: true # Set to true, if you would like to publish modules as Universal Packages (in Azure DevOps Artifacts) - vstsFeedName: 'ResourceModules' # The name of the Azure DevOps universal packages feed to publish to + vstsFeedName: 'carml' # The name of the Azure DevOps universal packages feed to publish to vstsFeedProject: '$(System.TeamProject)' # The project that hosts the feed vstsFeedToken: $(System.AccessToken) # The token used to publish universal packages into the feed above - ###################################### - # Azure PowerShell Version - ###################################### + ################################# + # Azure PowerShell Version ## + ################################# # Should be set to 'latestVersion' unless there is an issue with the Az PowerShell modules. # If a specific version needs to be set azurePowerShellVersion should be changed to 'OtherVersion'. From 76118d58c2711498a4b0dd0319b5d3f40ff580d5 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 15:16:28 +0000 Subject: [PATCH 18/26] change enable nfs/sftp flags to boolean --- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index b469cb8ad2..a7dcbe5e64 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -236,8 +236,8 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { accessTier: storageAccountKind != 'Storage' ? storageAccountAccessTier : null supportsHttpsTrafficOnly: supportsHttpsTrafficOnly isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null - isSftpEnabled: enableSftp ? enableSftp : null - isNfsV3Enabled: enableNfsV3 ? enableNfsV3 : null + isSftpEnabled: enableSftp + isNfsV3Enabled: enableNfsV3 minimumTlsVersion: minimumTlsVersion networkAcls: !empty(networkAcls) ? { bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null From e0e19bbb7176dd6bb165ff4f1340648770724efa Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 15:26:12 +0000 Subject: [PATCH 19/26] fix errors reported by linter checks --- .../Microsoft.Storage/storageAccounts/localUsers/deploy.bicep | 2 +- modules/Microsoft.Storage/storageAccounts/localUsers/readme.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index d575266229..40d4118fe1 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -2,7 +2,7 @@ @description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') param storageAccountName string -@description('Required. The local user name to be used for SFTP Authentication.') +@description('Required. The local username to be used for SFTP Authentication.') param name string @description('Optional. Indicates whether shared key exists. Set it to false to remove existing shared key.') diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index 6b7ded52c9..ee3410ecf3 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -24,7 +24,7 @@ This module deploys Storage StorageAccounts LocalUsers. | :-- | :-- | :-- | | `hasSshKey` | bool | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | | `hasSshPassword` | bool | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | -| `name` | string | The local user name to be used for SFTP Authentication. | +| `name` | string | The local username to be used for SFTP Authentication. | | `permissionScopes` | array | The permission scopes of the local user. | **Conditional parameters** From 56e47351e6d59b58d5e77df484d89a5a5601b9c8 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Wed, 28 Dec 2022 15:46:06 +0000 Subject: [PATCH 20/26] settings.yml update --- settings.yml | 98 +++++++++++++++++++++------------------------------- 1 file changed, 39 insertions(+), 59 deletions(-) diff --git a/settings.yml b/settings.yml index 92ccd2c8ba..213ce25208 100644 --- a/settings.yml +++ b/settings.yml @@ -7,106 +7,86 @@ variables: # See: https://github.com/Azure/ResourceModules/wiki/The%20library%20-%20Module%20design#telemetry enableDefaultTelemetry: true - ######################## - ## Token settings ## - ######################## + ###################################### + # Local tokens settings + ###################################### # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' - localToken_namePrefix: '' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + + ###################################### + # global tokens settings + ###################################### # this determines the starting prefix and ending suffix of the token in your file. tokenPrefix: '<<' tokenSuffix: '>>' - ######################## - ## Agent settings ## - ######################## - - vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents - poolName: '' # Use this for self-hosted agents - - ####################################### - ## Common folders and file paths ## - ####################################### + ###################################### + # Common folders and file paths + ###################################### moduleTestFilePath: 'utilities/pipelines/staticValidation/module.tests.ps1' - ############################# - ## Validation settings ## - ############################# - - # Static validation # - # ----------------- # - - allowPreviewVersionsInAPITests: true # When enabled, preview versions do not fail the API version tests in the `module.tests.ps1` file - - # Deployment validation # - # --------------------- # + ###################################### + # Validation deployment settings + ###################################### location: 'West Europe' # The default location to test deploy resources to + resourceGroupName: 'carml-validation-rg' # The default resource group to test deployment resources into - ############################# - ## Publishing settings ## - ############################# - - # Shared settings # - # --------------- # - - publishLatest: true # [Only for Template-Specs & Bicep Registry] Publish an absolute latest version. Note: This version may include breaking changes and is not recommended for production environments - - # Template-Spec settings # - # ---------------------- # + ###################################### + # Publish: Template-Spec settings + ###################################### templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs - templateSpecsRGName: 'artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. + templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform - # ------------------------------- # - # Private Bicep Registry settings # - # ------------------------------- # + ###################################### + # Publish: Private Bicep Registry settings + ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. - bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) + bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryRGName: 'carml-artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to ########################################################################################################################### ################################################## Azure DevOps Only ###################################################### ########################################################################################################################### - ############################# - ## Connection settings ## - ############################# + ###################################### + # Agent settings + ###################################### + vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents + poolName: '' # Use this for self-hosted agents serviceConnection: 'CARML-CSU-Tenant-Connection' - ################ - ## Source ## - ################ + ###################################### + # Source + ###################################### vstsOrganizationURI: '$(System.CollectionUri)' # The URI of the TFS collection or Azure DevOps organization. For example: https://dev.azure.com/fabrikam/. vstsProject: '$(System.TeamProject)' modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - - ############################# - ## Publishing settings ## - ############################# - - # Universal packages settings # - # --------------------------- # + ###################################### + # Publish: Universal packages settings + ###################################### artifactsFeedDoPublish: true # Set to true, if you would like to publish modules as Universal Packages (in Azure DevOps Artifacts) - vstsFeedName: 'carml' # The name of the Azure DevOps universal packages feed to publish to + vstsFeedName: 'ResourceModules' # The name of the Azure DevOps universal packages feed to publish to vstsFeedProject: '$(System.TeamProject)' # The project that hosts the feed vstsFeedToken: $(System.AccessToken) # The token used to publish universal packages into the feed above - ################################# - # Azure PowerShell Version ## - ################################# + ###################################### + # Azure PowerShell Version + ###################################### # Should be set to 'latestVersion' unless there is an issue with the Az PowerShell modules. # If a specific version needs to be set azurePowerShellVersion should be changed to 'OtherVersion'. From 13d11874e7b5684e1773992916e32592899955db Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman <44262238+karthikvenkat17@users.noreply.github.com> Date: Wed, 28 Dec 2022 16:15:31 +0000 Subject: [PATCH 21/26] Update settings.yml --- settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index 92ccd2c8ba..429b307358 100644 --- a/settings.yml +++ b/settings.yml @@ -123,4 +123,4 @@ variables: # value: 'OtherVersion' # - name: preferredAzurePowerShellVersion # value: '4.4.0' -# \ No newline at end of file +# From 4ca9bfd5a9d75163bee034b29db4dd6dba23e045 Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 29 Dec 2022 11:35:43 +0000 Subject: [PATCH 22/26] updated as per review comments --- .../.test/common/deploy.test.bicep | 3 +-- .../storageAccounts/deploy.bicep | 22 +++++++++---------- .../storageAccounts/localUsers/deploy.bicep | 21 ++++++++---------- .../storageAccounts/localUsers/readme.md | 19 ++++++++-------- .../storageAccounts/readme.md | 4 ++-- 5 files changed, 32 insertions(+), 37 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index 7cb30cb2d8..cad8abf616 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -94,7 +94,7 @@ module testDeployment '../../deploy.bicep' = { } ] } - localUsers:[ + localUsers: [ { storageAccountName: '<>${serviceShort}001' name: 'testuser' @@ -112,7 +112,6 @@ module testDeployment '../../deploy.bicep' = { } ] - blobServices: { diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index c5620ca90b..078aa4dde8 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -82,13 +82,13 @@ param allowBlobPublicAccess bool = false @description('Optional. Set the minimum TLS version on request to storage.') param minimumTlsVersion string = 'TLS1_2' -@description('Optional. If true, enables Hierarchical Namespace for the storage account.') +@description('Conditional. If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true.') param enableHierarchicalNamespace bool = false @description('Optional. If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true.') param enableSftp bool = false -@description('Optional. Details of local users to be added for SFTP authentication.') +@description('Optional. Local users to deploy for SFTP authentication.') param localUsers array = [] @description('Optional. If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true.') @@ -319,19 +319,19 @@ module storageAccount_managementPolicies 'managementPolicies/deploy.bicep' = if } // SFTP user settings -module storageAccount_localUsers 'localUsers/deploy.bicep' = [ for (localUser, index) in localUsers: { +module storageAccount_localUsers 'localUsers/deploy.bicep' = [for (localUser, index) in localUsers: { name: '${uniqueString(deployment().name, location)}-Storage-LocalUsers-${index}' params: { storageAccountName: storageAccount.name name: localUser.name - hasSharedKey: contains(localUser,'hasSharedKey') ? localUser.hasSharedKey : false - hasSshKey: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: true - hasSshPassword: contains(localUser,'hasSshPassword') ? localUser.hasSshPassword: false - homeDirectory: contains(localUser,'homeDirectory') ? localUser.homeDirectory : '' - permissionScopes: contains(localUser,'permissionScopes') ? localUser.permissionScopes: [] - sshAuthorizedKeys: contains(localUser,'sshAuthorizedKeys') ? localUser.sshAuthorizedKeys : [] - enableDefaultTelemetry:enableReferencedModulesTelemetry - } + hasSharedKey: contains(localUser, 'hasSharedKey') ? localUser.hasSharedKey : false + hasSshKey: contains(localUser, 'hasSshPassword') ? localUser.hasSshPassword : true + hasSshPassword: contains(localUser, 'hasSshPassword') ? localUser.hasSshPassword : false + homeDirectory: contains(localUser, 'homeDirectory') ? localUser.homeDirectory : '' + permissionScopes: contains(localUser, 'permissionScopes') ? localUser.permissionScopes : [] + sshAuthorizedKeys: contains(localUser, 'sshAuthorizedKeys') ? localUser.sshAuthorizedKeys : [] + enableDefaultTelemetry: enableReferencedModulesTelemetry + } }] // Containers diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep index 40d4118fe1..0178e044ee 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/deploy.bicep @@ -2,16 +2,16 @@ @description('Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment.') param storageAccountName string -@description('Required. The local username to be used for SFTP Authentication.') +@description('Required. The name of the local user used for SFTP Authentication.') param name string @description('Optional. Indicates whether shared key exists. Set it to false to remove existing shared key.') param hasSharedKey bool = false -@description('Required. Indicates whether ssh key exists. Set it to false to remove existing SSH key.') +@description('Required. Indicates whether SSH key exists. Set it to false to remove existing SSH key.') param hasSshKey bool -@description('Required. Indicates whether ssh password exists. Set it to false to remove existing SSH password.') +@description('Required. Indicates whether SSH password exists. Set it to false to remove existing SSH password.') param hasSshPassword bool @description('Optional. The local user home directory.') @@ -20,11 +20,9 @@ param homeDirectory string = '' @description('Required. The permission scopes of the local user.') param permissionScopes array -@description('Optional. The local user ssh authorized keys for SFTP.') +@description('Optional. The local user SSH authorized keys for SFTP.') param sshAuthorizedKeys array = [] - - @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -40,29 +38,28 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } - resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { name: storageAccountName } resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2022-05-01' = { name: name - parent : storageAccount + parent: storageAccount properties: { hasSharedKey: hasSharedKey hasSshKey: hasSshKey hasSshPassword: hasSshPassword homeDirectory: homeDirectory permissionScopes: permissionScopes - sshAuthorizedKeys: empty(sshAuthorizedKeys) ? null : sshAuthorizedKeys + sshAuthorizedKeys: !empty(sshAuthorizedKeys) ? sshAuthorizedKeys : null } } -@description('The name of the local user created for SFTP Authentication.') +@description('The name of the deployed local user.') output name string = localUsers.name -@description('The resource group of the deployed management policy.') +@description('The resource group of the deployed local user.') output resourceGroupName string = resourceGroup().name -@description('The resource ID of the local user resource created.') +@description('The resource ID of the deployed local user.') output resourceId string = localUsers.id diff --git a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md index ee3410ecf3..4daeb1659a 100644 --- a/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/localUsers/readme.md @@ -1,7 +1,6 @@ -# Storage StorageAccounts LocalUsers `[Microsoft.Storage/storageAccounts/localUsers]` +# StorageAccounts LocalUsers `[Microsoft.Storage/storageAccounts/localUsers]` -This module deploys Storage StorageAccounts LocalUsers. -// TODO: Replace Resource and fill in description +This module deploys LocalUsers used for SFTP authentication. ## Navigation @@ -22,9 +21,9 @@ This module deploys Storage StorageAccounts LocalUsers. | Parameter Name | Type | Description | | :-- | :-- | :-- | -| `hasSshKey` | bool | Indicates whether ssh key exists. Set it to false to remove existing SSH key. | -| `hasSshPassword` | bool | Indicates whether ssh password exists. Set it to false to remove existing SSH password. | -| `name` | string | The local username to be used for SFTP Authentication. | +| `hasSshKey` | bool | Indicates whether SSH key exists. Set it to false to remove existing SSH key. | +| `hasSshPassword` | bool | Indicates whether SSH password exists. Set it to false to remove existing SSH password. | +| `name` | string | The name of the local user used for SFTP Authentication. | | `permissionScopes` | array | The permission scopes of the local user. | **Conditional parameters** @@ -40,16 +39,16 @@ This module deploys Storage StorageAccounts LocalUsers. | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | | `hasSharedKey` | bool | `False` | Indicates whether shared key exists. Set it to false to remove existing shared key. | | `homeDirectory` | string | `''` | The local user home directory. | -| `sshAuthorizedKeys` | array | `[]` | The local user ssh authorized keys for SFTP. | +| `sshAuthorizedKeys` | array | `[]` | The local user SSH authorized keys for SFTP. | ## Outputs | Output Name | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the local user created for SFTP Authentication. | -| `resourceGroupName` | string | The resource group of the deployed management policy. | -| `resourceId` | string | The resource ID of the local user resource created. | +| `name` | string | The name of the deployed local user. | +| `resourceGroupName` | string | The resource group of the deployed local user. | +| `resourceId` | string | The resource ID of the deployed local user. | ## Cross-referenced modules diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index 6dad25d84d..5f2557a89f 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -47,6 +47,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | :-- | :-- | :-- | :-- | | `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | | `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| `enableHierarchicalNamespace` | bool | `False` | If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. | **Optional parameters** @@ -65,11 +66,10 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | | `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | | `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableHierarchicalNamespace` | bool | `False` | | If true, enables Hierarchical Namespace for the storage account. | | `enableNfsV3` | bool | `False` | | If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. | | `enableSftp` | bool | `False` | | If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. | | `fileServices` | _[fileServices](fileServices/readme.md)_ object | `{object}` | | File service and shares to deploy. | -| `localUsers` | _[localUsers](localUsers/readme.md)_ array | `[]` | | Details of local users to be added for SFTP authentication. | +| `localUsers` | _[localUsers](localUsers/readme.md)_ array | `[]` | | Local users to deploy for SFTP authentication. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `managementPolicyRules` | array | `[]` | | The Storage Account ManagementPolicies Rules. | From 58acdb38a50c2bd48f8907a26c6b11eb2192267c Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 29 Dec 2022 11:39:54 +0000 Subject: [PATCH 23/26] settings.yml to run pipeline --- settings.yml | 100 +++++++++++++++++++++------------------------------ 1 file changed, 40 insertions(+), 60 deletions(-) diff --git a/settings.yml b/settings.yml index 429b307358..213ce25208 100644 --- a/settings.yml +++ b/settings.yml @@ -7,106 +7,86 @@ variables: # See: https://github.com/Azure/ResourceModules/wiki/The%20library%20-%20Module%20design#telemetry enableDefaultTelemetry: true - ######################## - ## Token settings ## - ######################## + ###################################### + # Local tokens settings + ###################################### # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' - localToken_namePrefix: '' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + + ###################################### + # global tokens settings + ###################################### # this determines the starting prefix and ending suffix of the token in your file. tokenPrefix: '<<' tokenSuffix: '>>' - ######################## - ## Agent settings ## - ######################## - - vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents - poolName: '' # Use this for self-hosted agents - - ####################################### - ## Common folders and file paths ## - ####################################### + ###################################### + # Common folders and file paths + ###################################### moduleTestFilePath: 'utilities/pipelines/staticValidation/module.tests.ps1' - ############################# - ## Validation settings ## - ############################# - - # Static validation # - # ----------------- # - - allowPreviewVersionsInAPITests: true # When enabled, preview versions do not fail the API version tests in the `module.tests.ps1` file - - # Deployment validation # - # --------------------- # + ###################################### + # Validation deployment settings + ###################################### location: 'West Europe' # The default location to test deploy resources to + resourceGroupName: 'carml-validation-rg' # The default resource group to test deployment resources into - ############################# - ## Publishing settings ## - ############################# - - # Shared settings # - # --------------- # - - publishLatest: true # [Only for Template-Specs & Bicep Registry] Publish an absolute latest version. Note: This version may include breaking changes and is not recommended for production environments - - # Template-Spec settings # - # ---------------------- # + ###################################### + # Publish: Template-Spec settings + ###################################### templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs - templateSpecsRGName: 'artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. + templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform - # ------------------------------- # - # Private Bicep Registry settings # - # ------------------------------- # + ###################################### + # Publish: Private Bicep Registry settings + ###################################### bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. - bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) + bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryRGName: 'carml-artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to ########################################################################################################################### ################################################## Azure DevOps Only ###################################################### ########################################################################################################################### - ############################# - ## Connection settings ## - ############################# + ###################################### + # Agent settings + ###################################### + vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents + poolName: '' # Use this for self-hosted agents serviceConnection: 'CARML-CSU-Tenant-Connection' - ################ - ## Source ## - ################ + ###################################### + # Source + ###################################### vstsOrganizationURI: '$(System.CollectionUri)' # The URI of the TFS collection or Azure DevOps organization. For example: https://dev.azure.com/fabrikam/. vstsProject: '$(System.TeamProject)' modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - - ############################# - ## Publishing settings ## - ############################# - - # Universal packages settings # - # --------------------------- # + ###################################### + # Publish: Universal packages settings + ###################################### artifactsFeedDoPublish: true # Set to true, if you would like to publish modules as Universal Packages (in Azure DevOps Artifacts) - vstsFeedName: 'carml' # The name of the Azure DevOps universal packages feed to publish to + vstsFeedName: 'ResourceModules' # The name of the Azure DevOps universal packages feed to publish to vstsFeedProject: '$(System.TeamProject)' # The project that hosts the feed vstsFeedToken: $(System.AccessToken) # The token used to publish universal packages into the feed above - ################################# - # Azure PowerShell Version ## - ################################# + ###################################### + # Azure PowerShell Version + ###################################### # Should be set to 'latestVersion' unless there is an issue with the Az PowerShell modules. # If a specific version needs to be set azurePowerShellVersion should be changed to 'OtherVersion'. @@ -123,4 +103,4 @@ variables: # value: 'OtherVersion' # - name: preferredAzurePowerShellVersion # value: '4.4.0' -# +# \ No newline at end of file From 3f24c38b92c71ff3171938e824a9dbbc36a3f72c Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 29 Dec 2022 11:58:15 +0000 Subject: [PATCH 24/26] settings.yml updates --- settings.yml | 90 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 55 insertions(+), 35 deletions(-) diff --git a/settings.yml b/settings.yml index 213ce25208..3a01e503e1 100644 --- a/settings.yml +++ b/settings.yml @@ -7,47 +7,65 @@ variables: # See: https://github.com/Azure/ResourceModules/wiki/The%20library%20-%20Module%20design#telemetry enableDefaultTelemetry: true - ###################################### - # Local tokens settings - ###################################### + ######################## + ## Token settings ## + ######################## # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. - ###################################### - # global tokens settings - ###################################### - # this determines the starting prefix and ending suffix of the token in your file. tokenPrefix: '<<' tokenSuffix: '>>' - ###################################### - # Common folders and file paths - ###################################### + ######################## + ## Agent settings ## + ######################## + + vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents + poolName: '' # Use this for self-hosted agents + + ####################################### + ## Common folders and file paths ## + ####################################### moduleTestFilePath: 'utilities/pipelines/staticValidation/module.tests.ps1' - ###################################### - # Validation deployment settings - ###################################### + ############################# + ## Validation settings ## + ############################# + + # Static validation # + # ----------------- # + + allowPreviewVersionsInAPITests: true # When enabled, preview versions do not fail the API version tests in the `module.tests.ps1` file + + # Deployment validation # + # --------------------- # location: 'West Europe' # The default location to test deploy resources to - resourceGroupName: 'carml-validation-rg' # The default resource group to test deployment resources into - ###################################### - # Publish: Template-Spec settings - ###################################### + ############################# + ## Publishing settings ## + ############################# + + # Shared settings # + # --------------- # + + publishLatest: true # [Only for Template-Specs & Bicep Registry] Publish an absolute latest version. Note: This version may include breaking changes and is not recommended for production environments + + # Template-Spec settings # + # ---------------------- # templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform - ###################################### - # Publish: Private Bicep Registry settings - ###################################### + # ------------------------------- # + # Private Bicep Registry settings # + # ------------------------------- # bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. @@ -58,35 +76,37 @@ variables: ################################################## Azure DevOps Only ###################################################### ########################################################################################################################### - ###################################### - # Agent settings - ###################################### + ############################# + ## Connection settings ## + ############################# - vmImage: 'ubuntu-latest' # Use this for Microsoft-hosted agents - poolName: '' # Use this for self-hosted agents serviceConnection: 'CARML-CSU-Tenant-Connection' - ###################################### - # Source - ###################################### + ################ + ## Source ## + ################ vstsOrganizationURI: '$(System.CollectionUri)' # The URI of the TFS collection or Azure DevOps organization. For example: https://dev.azure.com/fabrikam/. vstsProject: '$(System.TeamProject)' modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - ###################################### - # Publish: Universal packages settings - ###################################### + + ############################# + ## Publishing settings ## + ############################# + + # Universal packages settings # + # --------------------------- # artifactsFeedDoPublish: true # Set to true, if you would like to publish modules as Universal Packages (in Azure DevOps Artifacts) - vstsFeedName: 'ResourceModules' # The name of the Azure DevOps universal packages feed to publish to + vstsFeedName: 'carml' # The name of the Azure DevOps universal packages feed to publish to vstsFeedProject: '$(System.TeamProject)' # The project that hosts the feed vstsFeedToken: $(System.AccessToken) # The token used to publish universal packages into the feed above - ###################################### - # Azure PowerShell Version - ###################################### + ################################# + # Azure PowerShell Version ## + ################################# # Should be set to 'latestVersion' unless there is an issue with the Az PowerShell modules. # If a specific version needs to be set azurePowerShellVersion should be changed to 'OtherVersion'. From b89ddb42aa21747b762d65617ce4df2708a9aa4c Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Thu, 29 Dec 2022 15:01:46 +0000 Subject: [PATCH 25/26] updated settings.yml --- settings.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/settings.yml b/settings.yml index 3a01e503e1..92ccd2c8ba 100644 --- a/settings.yml +++ b/settings.yml @@ -13,7 +13,7 @@ variables: # the 'localToken_' prefix will be removed from the key name when the pipelines run. # e.g. if you have a token in your parameter file as <>, then the token defined in this file looks like "localToken_customKey": 'value' - localToken_namePrefix: 'kvdem' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. + localToken_namePrefix: '' # A 3-5 character length unique string, included in the resources names (e.g. 'cntso'). Used for local module testing and pipelines. # this determines the starting prefix and ending suffix of the token in your file. tokenPrefix: '<<' @@ -59,7 +59,7 @@ variables: # ---------------------- # templateSpecsDoPublish: true # Set to true, if you would like to publish module templates as template specs - templateSpecsRGName: 'carml-artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. + templateSpecsRGName: 'artifacts-rg' # The name of the resource group to publish to. If the resource group does not exist, it will be created. templateSpecsRGLocation: 'West Europe' # The location of the resource group to publish to templateSpecsDescription: components # The description to add to template specs published by this platform @@ -68,8 +68,8 @@ variables: # ------------------------------- # bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: kvcarmldemoreg017 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. - bicepRegistryRGName: 'carml-artifacts-rg' # The resource group that hosts the private bicep registry (ACR) + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to ########################################################################################################################### From 2acd7bf6fa8e5f91da704095357f591cb9ceb82f Mon Sep 17 00:00:00 2001 From: Karthik Venkatraman Date: Fri, 30 Dec 2022 09:56:03 +0000 Subject: [PATCH 26/26] restore settings.yml from upstream --- settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index 92ccd2c8ba..429b307358 100644 --- a/settings.yml +++ b/settings.yml @@ -123,4 +123,4 @@ variables: # value: 'OtherVersion' # - name: preferredAzurePowerShellVersion # value: '4.4.0' -# \ No newline at end of file +#