From abe601749a2378cc0fe1e694a811ad68e0f6d024 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 09:15:08 +0530 Subject: [PATCH 01/23] added service connection --- settings.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/settings.yml b/settings.yml index 429b307358..2bd6aec221 100644 --- a/settings.yml +++ b/settings.yml @@ -80,7 +80,7 @@ variables: ## Connection settings ## ############################# - serviceConnection: 'CARML-CSU-Tenant-Connection' + serviceConnection: 'skhan-bicep-serviceConnection' ################ ## Source ## @@ -91,7 +91,6 @@ variables: modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - ############################# ## Publishing settings ## ############################# From 1b89c8eeb81c26f54ae48e7e4cace53b8e016638 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 09:16:12 +0530 Subject: [PATCH 02/23] update --- settings.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/settings.yml b/settings.yml index 429b307358..6ed96e59e8 100644 --- a/settings.yml +++ b/settings.yml @@ -91,7 +91,6 @@ variables: modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' - ############################# ## Publishing settings ## ############################# From e757b2ae21fdc2fdaa7f4b6d5bdfddb9cf8392bc Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 09:16:43 +0530 Subject: [PATCH 03/23] Service Connection added --- settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index 6ed96e59e8..2bd6aec221 100644 --- a/settings.yml +++ b/settings.yml @@ -80,7 +80,7 @@ variables: ## Connection settings ## ############################# - serviceConnection: 'CARML-CSU-Tenant-Connection' + serviceConnection: 'skhan-bicep-serviceConnection' ################ ## Source ## From 221e19fd0f36e196d21212d4bc947b32874392d4 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 12:47:37 +0530 Subject: [PATCH 04/23] Added Event Grid Domain topic --- .../modulePipelines/ms.eventgrid.domains.yml | 40 ++ .github/workflows/ms.eventgrid.domains.yml | 148 +++++ .../.bicep/nested_roleAssignments.bicep | 74 +++ .../domains/.test/common/dependencies.bicep | 58 ++ .../domains/.test/common/deploy.test.bicep | 96 ++++ .../domains/.test/min/deploy.test.bicep | 41 ++ .../domains/.test/pe/dependencies.bicep | 47 ++ .../domains/.test/pe/deploy.test.bicep | 60 ++ .../Microsoft.EventGrid/domains/deploy.bicep | 206 +++++++ modules/Microsoft.EventGrid/domains/readme.md | 524 ++++++++++++++++++ .../Microsoft.EventGrid/domains/version.json | 4 + 11 files changed, 1298 insertions(+) create mode 100644 .azuredevops/modulePipelines/ms.eventgrid.domains.yml create mode 100644 .github/workflows/ms.eventgrid.domains.yml create mode 100644 modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep create mode 100644 modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep create mode 100644 modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep create mode 100644 modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep create mode 100644 modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep create mode 100644 modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep create mode 100644 modules/Microsoft.EventGrid/domains/deploy.bicep create mode 100644 modules/Microsoft.EventGrid/domains/readme.md create mode 100644 modules/Microsoft.EventGrid/domains/version.json diff --git a/.azuredevops/modulePipelines/ms.eventgrid.domains.yml b/.azuredevops/modulePipelines/ms.eventgrid.domains.yml new file mode 100644 index 0000000000..336b332086 --- /dev/null +++ b/.azuredevops/modulePipelines/ms.eventgrid.domains.yml @@ -0,0 +1,40 @@ +name: 'EventGrid - Domains' + +parameters: + - name: removeDeployment + displayName: Remove deployed module + type: boolean + default: true + - name: prerelease + displayName: Publish prerelease module + type: boolean + default: false + +pr: none + +trigger: + batch: true + branches: + include: + - main + paths: + include: + - '/.azuredevops/modulePipelines/ms.eventgrid.domains.yml' + - '/.azuredevops/pipelineTemplates/*.yml' + - '/modules/Microsoft.EventGrid/domains/*' + - '/utilities/pipelines/*' + exclude: + - '/utilities/pipelines/deploymentRemoval/*' + - '/**/*.md' + +variables: + - template: '../../settings.yml' + - group: 'PLATFORM_VARIABLES' + - name: modulePath + value: '/modules/Microsoft.EventGrid/domains' + +stages: + - template: /.azuredevops/pipelineTemplates/stages.module.yml + parameters: + removeDeployment: '${{ parameters.removeDeployment }}' + prerelease: '${{ parameters.prerelease }}' diff --git a/.github/workflows/ms.eventgrid.domains.yml b/.github/workflows/ms.eventgrid.domains.yml new file mode 100644 index 0000000000..e2fc54cf0e --- /dev/null +++ b/.github/workflows/ms.eventgrid.domains.yml @@ -0,0 +1,148 @@ +name: 'EventGrid: Domains' + +on: + workflow_dispatch: + inputs: + removeDeployment: + type: boolean + description: 'Remove deployed module' + required: false + default: true + prerelease: + type: boolean + description: 'Publish prerelease module' + required: false + default: false + push: + branches: + - main + paths: + - '.github/actions/templates/**' + - '.github/workflows/ms.eventgrid.domains.yml' + - 'modules/Microsoft.EventGrid/domains/**' + - 'utilities/pipelines/**' + - '!utilities/pipelines/deploymentRemoval/**' + - '!*/**/readme.md' + +env: + variablesPath: 'settings.yml' + modulePath: 'modules/Microsoft.EventGrid/domains' + workflowPath: '.github/workflows/ms.eventgrid.domains.yml' + AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} + ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}' + ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}' + TOKEN_NAMEPREFIX: '${{ secrets.TOKEN_NAMEPREFIX }}' + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: 'Initialize pipeline' + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: 'Set input parameters to output variables' + id: get-workflow-param + uses: ./.github/actions/templates/getWorkflowInput + with: + workflowPath: '${{ env.workflowPath}}' + - name: 'Get parameter file paths' + id: get-module-test-file-paths + uses: ./.github/actions/templates/getModuleTestFiles + with: + modulePath: '${{ env.modulePath }}' + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + + ######################### + # Static validation # + ######################### + job_module_pester_validation: + runs-on: ubuntu-20.04 + name: 'Static validation' + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Run tests' + uses: ./.github/actions/templates/validateModulePester + with: + modulePath: '${{ env.modulePath }}' + moduleTestFilePath: '${{ env.moduleTestFilePath }}' + + ############################# + # Deployment validation # + ############################# + job_module_deploy_validation: + runs-on: ubuntu-20.04 + name: 'Deployment validation' + needs: + - job_initialize_pipeline + - job_module_pester_validation + strategy: + fail-fast: false + matrix: + moduleTestFilePaths: ${{ fromJson(needs.job_initialize_pipeline.outputs.moduleTestFilePaths) }} + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Using test file [${{ matrix.moduleTestFilePaths }}]' + uses: ./.github/actions/templates/validateModuleDeployment + with: + templateFilePath: '${{ env.modulePath }}/${{ matrix.moduleTestFilePaths }}' + location: '${{ env.location }}' + subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}' + managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}' + removeDeployment: '${{ (fromJson(needs.job_initialize_pipeline.outputs.workflowInput)).removeDeployment }}' + + ################## + # Publishing # + ################## + job_publish_module: + name: 'Publishing' + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || github.event.inputs.prerelease == 'true' + runs-on: ubuntu-20.04 + needs: + - job_module_deploy_validation + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set environment variables + uses: ./.github/actions/templates/setEnvironmentVariables + with: + variablesPath: ${{ env.variablesPath }} + - name: 'Publishing' + uses: ./.github/actions/templates/publishModule + with: + templateFilePath: '${{ env.modulePath }}/deploy.bicep' + templateSpecsRGName: '${{ env.templateSpecsRGName }}' + templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}' + templateSpecsDescription: '${{ env.templateSpecsDescription }}' + templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}' + bicepRegistryName: '${{ env.bicepRegistryName }}' + bicepRegistryRGName: '${{ env.bicepRegistryRGName }}' + bicepRegistryRgLocation: '${{ env.bicepRegistryRgLocation }}' + bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}' + publishLatest: '${{ env.publishLatest }}' diff --git a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep new file mode 100644 index 0000000000..60c3a24b54 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep @@ -0,0 +1,74 @@ +@sys.description('Required. The IDs of the principals to assign the role to.') +param principalIds array + +@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') +param roleDefinitionIdOrName string + +@sys.description('Required. The resource ID of the resource to apply the role assignment to.') +param resourceId string + +@sys.description('Optional. The principal type of the assigned principal ID.') +@allowed([ + 'ServicePrincipal' + 'Group' + 'User' + 'ForeignGroup' + 'Device' + '' +]) +param principalType string = '' + +@sys.description('Optional. The description of the role assignment.') +param description string = '' + +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + +var builtInRoleNames = { + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + 'Data Factory Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '673868aa-7521-48a0-acc6-0f60742d39f5') + 'EventGrid Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1e241071-0855-49ea-94dc-649edcd759de') + 'EventGrid Data Sender': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd5a91429-5739-47e2-a06b-3470a27159e7') + 'EventGrid EventSubscription Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '428e0ff0-5e57-4d9c-a221-2c70d0e0a443') + 'EventGrid EventSubscription Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2414bbcf-6497-4faf-8c65-045460748405') + 'Key Vault Crypto Service Encryption User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6') + 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') + 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') + 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') + 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') + 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') + 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') + 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') +} + +resource eventGrid 'Microsoft.EventGrid/domains@2022-06-15' existing = { + name: last(split(resourceId, '/')) +} + +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { + name: guid(eventGrid.id, principalId, roleDefinitionIdOrName) + properties: { + description: description + roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName + principalId: principalId + principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null + } + scope: eventGrid +}] diff --git a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep new file mode 100644 index 0000000000..d1fabdb239 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep @@ -0,0 +1,58 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.eventgrid.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep new file mode 100644 index 0000000000..d788205963 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep @@ -0,0 +1,96 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'egtcom' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + managedIdentityName: 'dep-<>-msi-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep<>diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-<>-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-<>-evh-${serviceShort}' + eventHubNamespaceName: 'dep-<>-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '<>${serviceShort}001' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId + diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + inboundIpRules: [ + { + action: 'Allow' + ipMask: '40.74.28.0/23' + } + ] + lock: 'CanNotDelete' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSZoneResourceId + ] + } + service: 'domain' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalIds: [ + resourceGroupResources.outputs.managedIdentityPrincipalId + ] + principalType: 'ServicePrincipal' + } + ] + } +} diff --git a/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep new file mode 100644 index 0000000000..684e155fd1 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep @@ -0,0 +1,41 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'egtmin' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '<>${serviceShort}001' + } +} diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep new file mode 100644 index 0000000000..7b6231994f --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep @@ -0,0 +1,47 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + '10.0.0.0/24' + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: '10.0.0.0/24' + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.eventgrid.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep new file mode 100644 index 0000000000..a5124a34f0 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep @@ -0,0 +1,60 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'egtpe' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module resourceGroupResources 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + virtualNetworkName: 'dep-<>-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../deploy.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '<>${serviceShort}001' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + resourceGroupResources.outputs.privateDNSZoneResourceId + ] + } + service: 'domain' + subnetResourceId: resourceGroupResources.outputs.subnetResourceId + } + ] + } +} diff --git a/modules/Microsoft.EventGrid/domains/deploy.bicep b/modules/Microsoft.EventGrid/domains/deploy.bicep new file mode 100644 index 0000000000..d42fd85462 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/deploy.bicep @@ -0,0 +1,206 @@ +@description('Required. The name of the Event Grid Domain.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set.') +@allowed([ + '' + 'Enabled' + 'Disabled' +]) +param publicNetworkAccess string = '' + +@description('Optional. Location for all Resources.') +param autoCreateTopicWithFirstSubscription bool = true + +@description('Optional. Location for all Resources.') +param autoDeleteTopicWithLastSubscription bool = true + +@description('Optional. This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled.') +param inboundIpRules array = [] + +@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') +@minValue(0) +@maxValue(365) +param diagnosticLogsRetentionInDays int = 365 + +@description('Optional. Resource ID of the diagnostic storage account.') +param diagnosticStorageAccountId string = '' + +@description('Optional. Resource ID of the diagnostic log analytics workspace.') +param diagnosticWorkspaceId string = '' + +@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') +param diagnosticEventHubAuthorizationRuleId string = '' + +@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') +param diagnosticEventHubName string = '' + +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints array = [] + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments array = [] + +@allowed([ + '' + 'CanNotDelete' + 'ReadOnly' +]) +@description('Optional. Specify the type of lock.') +param lock string = '' + +@description('Optional. Tags of the resource.') +param tags object = {} + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource.') +@allowed([ + 'allLogs' + 'DeliveryFailures' + 'PublishFailures' +]) +param diagnosticLogCategoriesToEnable array = [ + 'allLogs' +] + +@description('Optional. The name of metrics that will be streamed.') +@allowed([ + 'AllMetrics' +]) +param diagnosticMetricsToEnable array = [ + 'AllMetrics' +] + +@description('Optional. The name of the diagnostic setting, if deployed.') +param diagnosticSettingsName string = '${name}-diagnosticSettings' + +var enableReferencedModulesTelemetry = false + +var diagnosticsLogsSpecified = [for category in filter(diagnosticLogCategoriesToEnable, item => item != 'allLogs'): { + category: category + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +var diagnosticsLogs = contains(diagnosticLogCategoriesToEnable, 'allLogs') ? [ + { + categoryGroup: 'allLogs' + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } + } +] : diagnosticsLogsSpecified + +var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { + category: metric + timeGrain: null + enabled: true + retentionPolicy: { + enabled: true + days: diagnosticLogsRetentionInDays + } +}] + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource domain 'Microsoft.EventGrid/domains@2022-06-15' = { + name: name + location: location + tags: tags + properties: { + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(inboundIpRules) ? 'Disabled' : null) + inboundIpRules: (empty(inboundIpRules) ? null : inboundIpRules) + autoCreateTopicWithFirstSubscription: autoCreateTopicWithFirstSubscription + autoDeleteTopicWithLastSubscription: autoDeleteTopicWithLastSubscription + } +} + +resource domain_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock)) { + name: '${domain.name}-${lock}-lock' + properties: { + level: any(lock) + notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' + } + scope: domain +} + +resource domain_diagnosticSettings 'Microsoft.Insights/diagnosticsettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { + name: diagnosticSettingsName + properties: { + storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null + workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null + eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null + eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null + metrics: diagnosticsMetrics + logs: diagnosticsLogs + } + scope: domain +} + +module domain_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { + name: '${uniqueString(deployment().name, location)}-Domain-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.service + ] + name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(domain.id, '/'))}-${privateEndpoint.service}-${index}' + serviceResourceId: domain.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: enableReferencedModulesTelemetry + location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock + privateDnsZoneGroup: contains(privateEndpoint, 'privateDnsZoneGroup') ? privateEndpoint.privateDnsZoneGroup : {} + roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] + tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} + manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] + customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] + ipConfigurations: contains(privateEndpoint, 'ipConfigurations') ? privateEndpoint.ipConfigurations : [] + applicationSecurityGroups: contains(privateEndpoint, 'applicationSecurityGroups') ? privateEndpoint.applicationSecurityGroups : [] + customNetworkInterfaceName: contains(privateEndpoint, 'customNetworkInterfaceName') ? privateEndpoint.customNetworkInterfaceName : '' + } +}] + +module domain_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { + name: '${uniqueString(deployment().name, location)}-Domain-Rbac-${index}' + params: { + description: contains(roleAssignment, 'description') ? roleAssignment.description : '' + principalIds: roleAssignment.principalIds + principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' + roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' + resourceId: domain.id + } +}] + +@description('The name of the event grid domain.') +output name string = domain.name + +@description('The resource ID of the event grid domain.') +output resourceId string = domain.id + +@description('The name of the resource group the event grid domain was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = domain.location diff --git a/modules/Microsoft.EventGrid/domains/readme.md b/modules/Microsoft.EventGrid/domains/readme.md new file mode 100644 index 0000000000..cbaa29210b --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/readme.md @@ -0,0 +1,524 @@ +# EventGrid Domains `[Microsoft.EventGrid/domains]` + +This module deploys EventGrid Domains. +// TODO: Replace Resource and fill in description + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Deployment examples](#Deployment-examples) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.EventGrid/domains` | [2022-06-15](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2022-06-15/domains) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2022-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-05-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2022-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-05-01/privateEndpoints/privateDnsZoneGroups) | + +## Parameters + +**Required parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the Event Grid Domain. | + +**Optional parameters** + +| Parameter Name | Type | Default Value | Allowed Values | Description | +| :-- | :-- | :-- | :-- | :-- | +| `autoCreateTopicWithFirstSubscription` | bool | `True` | | Location for all Resources. | +| `autoDeleteTopicWithLastSubscription` | bool | `True` | | Location for all Resources. | +| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `[allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. | +| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | +| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | +| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | +| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | +| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | +| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | +| `inboundIpRules` | array | `[]` | | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | +| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | +| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | +| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `tags` | object | `{object}` | | Tags of the resource. | + + +### Parameter Usage: `` + +// TODO: Fill in Parameter usage + +### Parameter Usage: `privateEndpoints` + +To use Private Endpoint the following dependencies must be deployed: + +- Destination subnet must be created with the following configuration option - `"privateEndpointNetworkPolicies": "Disabled"`. Setting this option acknowledges that NSG rules are not applied to Private Endpoints (this capability is coming soon). A full example is available in the Virtual Network Module. +- Although not strictly required, it is highly recommended to first create a private DNS Zone to host Private Endpoint DNS records. See [Azure Private Endpoint DNS configuration](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns) for more information. + +
+ +Parameter JSON format + +```json +"privateEndpoints": { + "value": [ + // Example showing all available fields + { + "name": "sxx-az-pe", // Optional: Name will be automatically generated if one is not provided here + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "", // e.g. vault, registry, blob + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/" // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net + ] + }, + "ipConfigurations":[ + { + "name": "myIPconfigTest02", + "properties": { + "groupId": "blob", + "memberName": "blob", + "privateIPAddress": "10.0.0.30" + } + } + ], + "customDnsConfigs": [ + { + "fqdn": "customname.test.local", + "ipAddresses": [ + "10.10.10.10" + ] + } + ] + }, + // Example showing only mandatory fields + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001", + "service": "" // e.g. vault, registry, blob + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +privateEndpoints: [ + // Example showing all available fields + { + name: 'sxx-az-pe' // Optional: Name will be automatically generated if one is not provided here + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '' // e.g. vault, registry, blob + privateDnsZoneGroup: { + privateDNSResourceIds: [ // Optional: No DNS record will be created if a private DNS zone Resource ID is not specified + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/' // e.g. privatelink.vaultcore.azure.net, privatelink.azurecr.io, privatelink.blob.core.windows.net + ] + } + customDnsConfigs: [ + { + fqdn: 'customname.test.local' + ipAddresses: [ + '10.10.10.10' + ] + } + ] + ipConfigurations:[ + { + name: 'myIPconfigTest02' + properties: { + groupId: 'blob' + memberName: 'blob' + privateIPAddress: '10.0.0.30' + } + } + ] + } + // Example showing only mandatory fields + { + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-001' + service: '' // e.g. vault, registry, blob + } +] +``` + +
+

+ +### Parameter Usage: `roleAssignments` + +Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. + +

+ +Parameter JSON format + +```json +"roleAssignments": { + "value": [ + { + "roleDefinitionIdOrName": "Reader", + "description": "Reader Role Assignment", + "principalIds": [ + "12345678-1234-1234-1234-123456789012", // object 1 + "78945612-1234-1234-1234-123456789012" // object 2 + ] + }, + { + "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "principalIds": [ + "12345678-1234-1234-1234-123456789012" // object 1 + ], + "principalType": "ServicePrincipal" + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + description: 'Reader Role Assignment' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + '78945612-1234-1234-1234-123456789012' // object 2 + ] + } + { + roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' + principalIds: [ + '12345678-1234-1234-1234-123456789012' // object 1 + ] + principalType: 'ServicePrincipal' + } +] +``` + +
+

+ +### Parameter Usage: `tags` + +Tag names and tag values can be provided as needed. A tag can be left without a value. + +

+ +Parameter JSON format + +```json +"tags": { + "value": { + "Environment": "Non-Prod", + "Contact": "test.user@testcompany.com", + "PurchaseOrder": "1234", + "CostCenter": "7890", + "ServiceName": "DeploymentValidation", + "Role": "DeploymentValidation" + } +} +``` + +
+ +
+ +Bicep format + +```bicep +tags: { + Environment: 'Non-Prod' + Contact: 'test.user@testcompany.com' + PurchaseOrder: '1234' + CostCenter: '7890' + ServiceName: 'DeploymentValidation' + Role: 'DeploymentValidation' +} +``` + +
+

+ +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid domain. | +| `resourceGroupName` | string | The name of the resource group the event grid domain was deployed into. | +| `resourceId` | string | The resource ID of the event grid domain. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `Microsoft.Network/privateEndpoints` | Local reference | + +## Deployment examples + +The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +

Example 1: Common

+ +
+ +via Bicep module + +```bicep +module domains './Microsoft.EventGrid/domains/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-egtcom' + params: { + // Required parameters + name: '<>egtcom001' + // Non-required parameters + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticLogsRetentionInDays: 7 + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' + inboundIpRules: [ + { + action: 'Allow' + ipMask: '40.74.28.0/23' + } + ] + lock: 'CanNotDelete' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + service: 'domain' + subnetResourceId: '' + } + ] + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>egtcom001" + }, + // Non-required parameters + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticLogsRetentionInDays": { + "value": 7 + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "inboundIpRules": { + "value": [ + { + "action": "Allow", + "ipMask": "40.74.28.0/23" + } + ] + }, + "lock": { + "value": "CanNotDelete" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, + "service": "domain", + "subnetResourceId": "" + } + ] + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + } + } +} +``` + +
+

+ +

Example 2: Min

+ +
+ +via Bicep module + +```bicep +module domains './Microsoft.EventGrid/domains/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-egtmin' + params: { + // Required parameters + name: '<>egtmin001' + // Non-required parameters + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>egtmin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ +

Example 3: Pe

+ +
+ +via Bicep module + +```bicep +module domains './Microsoft.EventGrid/domains/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-test-egtpe' + params: { + // Required parameters + name: '<>egtpe001' + // Non-required parameters + enableDefaultTelemetry: '' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + service: 'domain' + subnetResourceId: '' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "<>egtpe001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, + "service": "domain", + "subnetResourceId": "" + } + ] + } + } +} +``` + +
+

diff --git a/modules/Microsoft.EventGrid/domains/version.json b/modules/Microsoft.EventGrid/domains/version.json new file mode 100644 index 0000000000..badc0a2285 --- /dev/null +++ b/modules/Microsoft.EventGrid/domains/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.5" +} From 56efc1018239ba6e20a7e1ddfa3fb3667d9e93b7 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 19:22:27 +0530 Subject: [PATCH 05/23] updated RegistryName --- settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index 2bd6aec221..ce3f452587 100644 --- a/settings.yml +++ b/settings.yml @@ -68,7 +68,7 @@ variables: # ------------------------------- # bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: skhanadpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to From d9eec90bd5be10d1df7273de9c62c5e568e19dfa Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 22:16:32 +0530 Subject: [PATCH 06/23] Revert "added service connection" This reverts commit abe601749a2378cc0fe1e694a811ad68e0f6d024. --- settings.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index ce3f452587..5be1d04f5f 100644 --- a/settings.yml +++ b/settings.yml @@ -80,7 +80,7 @@ variables: ## Connection settings ## ############################# - serviceConnection: 'skhan-bicep-serviceConnection' + serviceConnection: 'CARML-CSU-Tenant-Connection' ################ ## Source ## @@ -91,6 +91,7 @@ variables: modulesRepository: ResourceModules # The repository hosting the deployment code (i.e. 'Components'). MUST be provided as a variable with every pipeline pipelineFunctionsPath: 'utilities/pipelines' + ############################# ## Publishing settings ## ############################# From 22512bb015ef1f9cc8db2a74fcbd2ee0cb159b40 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Mon, 9 Jan 2023 22:18:31 +0530 Subject: [PATCH 07/23] Revert "updated RegistryName" This reverts commit 56efc1018239ba6e20a7e1ddfa3fb3667d9e93b7. --- settings.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.yml b/settings.yml index 5be1d04f5f..429b307358 100644 --- a/settings.yml +++ b/settings.yml @@ -68,7 +68,7 @@ variables: # ------------------------------- # bicepRegistryDoPublish: true # Set to true, if you would like to publish module templates to a bicep registry - bicepRegistryName: skhanadpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. + bicepRegistryName: adpsxxazacrx001 # The name of the bicep registry (ACR) to publish to. If it does not exist, it will be created. bicepRegistryRGName: 'artifacts-rg' # The resource group that hosts the private bicep registry (ACR) bicepRegistryRgLocation: 'West Europe' # The location of the resource group to publish to From 2fdff7c7b85bae91a126013b916432181a9c015b Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:37:02 +0530 Subject: [PATCH 08/23] Update modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep Updated symbolic name to domain Co-authored-by: Alexander Sehr --- .../domains/.bicep/nested_roleAssignments.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep index 60c3a24b54..df2acb1617 100644 --- a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ var builtInRoleNames = { 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') } -resource eventGrid 'Microsoft.EventGrid/domains@2022-06-15' existing = { +resource domain 'Microsoft.EventGrid/domains@2022-06-15' existing = { name: last(split(resourceId, '/')) } From de7e64423576dfe1158831fc4184093629687b6e Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:37:40 +0530 Subject: [PATCH 09/23] Update modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep Scoped updated to domain Co-authored-by: Alexander Sehr --- .../domains/.bicep/nested_roleAssignments.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep index df2acb1617..f98029c3c9 100644 --- a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep @@ -70,5 +70,5 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } - scope: eventGrid + scope: domain }] From 18abacc990fd7a8e49163245675578e66273a8ed Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:38:06 +0530 Subject: [PATCH 10/23] Update modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep updated the id with domain Co-authored-by: Alexander Sehr --- .../domains/.bicep/nested_roleAssignments.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep index f98029c3c9..ec6f0bcf69 100644 --- a/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/domains/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource domain 'Microsoft.EventGrid/domains@2022-06-15' existing = { } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { - name: guid(eventGrid.id, principalId, roleDefinitionIdOrName) + name: guid(domain.id, principalId, roleDefinitionIdOrName) properties: { description: description roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName From 5fbb8dff68fb4b7234064cedb9695d45ca9d6609 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:38:51 +0530 Subject: [PATCH 11/23] Update modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep parameter updated from egtmin to egdmin Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep index 684e155fd1..b3ff5b34da 100644 --- a/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/min/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'egtmin' +param serviceShort string = 'egdmin' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true From 52b73c8fc6eff91b66a607906d7b08751a42a983 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:39:13 +0530 Subject: [PATCH 12/23] Update modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep updated parameter Co-authored-by: Alexander Sehr --- .../Microsoft.EventGrid/domains/.test/common/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep index d788205963..c9e5f3d631 100644 --- a/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'egtcom' +param serviceShort string = 'egdcom' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true From 9588055f1485024e064cc86a4ceff51a63264d5c Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:39:30 +0530 Subject: [PATCH 13/23] Update modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep updated pe parameter Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep index a5124a34f0..5d710dccee 100644 --- a/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/pe/deploy.test.bicep @@ -11,7 +11,7 @@ param resourceGroupName string = 'ms.eventgrid.domains-${serviceShort}-rg' param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'egtpe' +param serviceShort string = 'egdpe' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true From 77ee1dacfe00a97637d0a0ee098e363a3f6f5b53 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:40:23 +0530 Subject: [PATCH 14/23] Update modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep updated addressPrefix to addressPrefix Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep index 7b6231994f..e3aabc5362 100644 --- a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep @@ -17,7 +17,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: '10.0.0.0/24' + addressPrefix: addressPrefix } } ] From 75b36e8b1fc3b9b737f20958d4a3c49a988836e7 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:41:00 +0530 Subject: [PATCH 15/23] Update modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep updated addressPrefix Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep index e3aabc5362..2c84b619ab 100644 --- a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep @@ -10,7 +10,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { properties: { addressSpace: { addressPrefixes: [ - '10.0.0.0/24' + addressPrefix ] } subnets: [ From 50aa18cc83014ec40062fe1c464fa5d98ab80203 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:41:42 +0530 Subject: [PATCH 16/23] Update modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep updated Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep index 2c84b619ab..0013cdcdfd 100644 --- a/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/pe/dependencies.bicep @@ -4,6 +4,8 @@ param location string = resourceGroup().location @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string +var addressPrefix = '10.0.0.0/24' + resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { name: virtualNetworkName location: location From 7bc31437f576724a01dde32c22a214642195f55c Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:41:58 +0530 Subject: [PATCH 17/23] Update modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep updated Co-authored-by: Alexander Sehr --- .../Microsoft.EventGrid/domains/.test/common/dependencies.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep index d1fabdb239..7421b31d98 100644 --- a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep @@ -7,6 +7,8 @@ param virtualNetworkName string @description('Required. The name of the Managed Identity to create.') param managedIdentityName string +var addressPrefix = '10.0.0.0/24' + resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { name: virtualNetworkName location: location From 97f8ac8dcedb8ebf606c6af79b29f1ad5e987991 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:42:12 +0530 Subject: [PATCH 18/23] Update modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep updated Co-authored-by: Alexander Sehr --- .../Microsoft.EventGrid/domains/.test/common/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep index 7421b31d98..2c9249b269 100644 --- a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep @@ -15,7 +15,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { properties: { addressSpace: { addressPrefixes: [ - '10.0.0.0/24' + addressPrefix ] } subnets: [ From f1d884b9714936d2a952788fa71726d9185b9ccc Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:42:26 +0530 Subject: [PATCH 19/23] Update modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep updated Co-authored-by: Alexander Sehr --- .../Microsoft.EventGrid/domains/.test/common/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep index 2c9249b269..c4d9640171 100644 --- a/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/common/dependencies.bicep @@ -22,7 +22,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: '10.0.0.0/24' + addressPrefix: addressPrefix } } ] From a912ff827bff05abc5c0bec946ed2ed02d52f410 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:42:49 +0530 Subject: [PATCH 20/23] Update modules/Microsoft.EventGrid/domains/readme.md Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/readme.md b/modules/Microsoft.EventGrid/domains/readme.md index cbaa29210b..b57754daa6 100644 --- a/modules/Microsoft.EventGrid/domains/readme.md +++ b/modules/Microsoft.EventGrid/domains/readme.md @@ -1,7 +1,6 @@ # EventGrid Domains `[Microsoft.EventGrid/domains]` This module deploys EventGrid Domains. -// TODO: Replace Resource and fill in description ## Navigation From be7fac9d788d67c33813e31ae59c0aed803fc3c5 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:44:18 +0530 Subject: [PATCH 21/23] Update modules/Microsoft.EventGrid/domains/readme.md Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/readme.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/Microsoft.EventGrid/domains/readme.md b/modules/Microsoft.EventGrid/domains/readme.md index b57754daa6..276c6111a9 100644 --- a/modules/Microsoft.EventGrid/domains/readme.md +++ b/modules/Microsoft.EventGrid/domains/readme.md @@ -52,11 +52,6 @@ This module deploys EventGrid Domains. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | - -### Parameter Usage: `` - -// TODO: Fill in Parameter usage - ### Parameter Usage: `privateEndpoints` To use Private Endpoint the following dependencies must be deployed: From d28387e5570a12322c06b7c64b77bd4680e15564 Mon Sep 17 00:00:00 2001 From: Shaban Khan <69453316+shaban-khan@users.noreply.github.com> Date: Mon, 9 Jan 2023 22:44:31 +0530 Subject: [PATCH 22/23] Update modules/Microsoft.EventGrid/domains/deploy.bicep Co-authored-by: Alexander Sehr --- modules/Microsoft.EventGrid/domains/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.EventGrid/domains/deploy.bicep b/modules/Microsoft.EventGrid/domains/deploy.bicep index d42fd85462..0a2baa2a2f 100644 --- a/modules/Microsoft.EventGrid/domains/deploy.bicep +++ b/modules/Microsoft.EventGrid/domains/deploy.bicep @@ -129,7 +129,7 @@ resource domain 'Microsoft.EventGrid/domains@2022-06-15' = { tags: tags properties: { publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(inboundIpRules) ? 'Disabled' : null) - inboundIpRules: (empty(inboundIpRules) ? null : inboundIpRules) + inboundIpRules: !empty(inboundIpRules) ? inboundIpRules : null autoCreateTopicWithFirstSubscription: autoCreateTopicWithFirstSubscription autoDeleteTopicWithLastSubscription: autoDeleteTopicWithLastSubscription } From 3561025e5a7f9f685ac09d5113a140a611448ea2 Mon Sep 17 00:00:00 2001 From: Shaban Khan Date: Tue, 10 Jan 2023 07:09:11 +0530 Subject: [PATCH 23/23] Readme file updated --- modules/Microsoft.EventGrid/domains/readme.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/modules/Microsoft.EventGrid/domains/readme.md b/modules/Microsoft.EventGrid/domains/readme.md index 276c6111a9..d295d25e45 100644 --- a/modules/Microsoft.EventGrid/domains/readme.md +++ b/modules/Microsoft.EventGrid/domains/readme.md @@ -52,6 +52,7 @@ This module deploys EventGrid Domains. | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `tags` | object | `{object}` | | Tags of the resource. | + ### Parameter Usage: `privateEndpoints` To use Private Endpoint the following dependencies must be deployed: @@ -284,10 +285,10 @@ The following module usage examples are retrieved from the content of the files ```bicep module domains './Microsoft.EventGrid/domains/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-egtcom' + name: '${uniqueString(deployment().name)}-test-egdcom' params: { // Required parameters - name: '<>egtcom001' + name: '<>egdcom001' // Non-required parameters diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' @@ -340,7 +341,7 @@ module domains './Microsoft.EventGrid/domains/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>egtcom001" + "value": "<>egdcom001" }, // Non-required parameters "diagnosticEventHubAuthorizationRuleId": { @@ -411,10 +412,10 @@ module domains './Microsoft.EventGrid/domains/deploy.bicep' = { ```bicep module domains './Microsoft.EventGrid/domains/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-egtmin' + name: '${uniqueString(deployment().name)}-test-egdmin' params: { // Required parameters - name: '<>egtmin001' + name: '<>egdmin001' // Non-required parameters enableDefaultTelemetry: '' } @@ -435,7 +436,7 @@ module domains './Microsoft.EventGrid/domains/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>egtmin001" + "value": "<>egdmin001" }, // Non-required parameters "enableDefaultTelemetry": { @@ -456,10 +457,10 @@ module domains './Microsoft.EventGrid/domains/deploy.bicep' = { ```bicep module domains './Microsoft.EventGrid/domains/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-test-egtpe' + name: '${uniqueString(deployment().name)}-test-egdpe' params: { // Required parameters - name: '<>egtpe001' + name: '<>egdpe001' // Non-required parameters enableDefaultTelemetry: '' privateEndpoints: [ @@ -491,7 +492,7 @@ module domains './Microsoft.EventGrid/domains/deploy.bicep' = { "parameters": { // Required parameters "name": { - "value": "<>egtpe001" + "value": "<>egdpe001" }, // Non-required parameters "enableDefaultTelemetry": {