From 6262909475f2f5ad368d93846c1b5f133a474d63 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 11:33:06 +0100 Subject: [PATCH 01/16] Moved several scripts into shared folder & renamed dependenciesConstruct folder --- docs/wiki/The library - Module design.md | 8 +- .../.scripts/Copy-VhdToStorageAccount.ps1 | 0 .../.test => .shared}/.scripts/New-SSHKey.ps1 | 0 .../.scripts/Set-BlobContent.ps1 | 0 .../.scripts/Start-ImageTemplate.ps1 | 0 .../diagnostic.dependencies.bicep | 0 .../.test/.scripts/New-Certificate.ps1 | 31 ----- .../.test/common/dependencies.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../servers/.test/common/deploy.test.bicep | 2 +- .../servers/.test/max/deploy.test.bicep | 2 +- .../service/.test/max/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../redis/.test/common/deploy.test.bicep | 2 +- .../accounts/.test/common/deploy.test.bicep | 2 +- .../disks/.test/import/dependencies.bicep | 4 +- .../.scripts/Copy-VhdToStorageAccount.ps1 | 124 ------------------ .../.test/.scripts/Start-ImageTemplate.ps1 | 79 ----------- .../images/.test/common/dependencies.bicep | 4 +- .../.test/linux.min/dependencies.bicep | 2 +- .../.test/linux.ssecmk/dependencies.bicep | 2 +- .../.test/linux/dependencies.bicep | 4 +- .../.test/linux/deploy.test.bicep | 2 +- .../.test/windows/dependencies.bicep | 2 +- .../.test/windows/deploy.test.bicep | 2 +- .../.test/.scripts/New-SSHKey.ps1 | 19 --- .../.test/.scripts/Set-BlobContent.ps1 | 15 --- .../.test/linux.atmg/dependencies.bicep | 2 +- .../.test/linux.min/dependencies.bicep | 2 +- .../.test/linux/dependencies.bicep | 4 +- .../.test/linux/deploy.test.bicep | 2 +- .../.test/windows/dependencies.bicep | 2 +- .../.test/windows/deploy.test.bicep | 2 +- .../registries/.test/common/deploy.test.bicep | 2 +- .../.test/azure/deploy.test.bicep | 2 +- .../.test/kubenet/deploy.test.bicep | 2 +- .../.test/private/deploy.test.bicep | 2 +- .../.test/public/deploy.test.bicep | 2 +- .../factories/.test/common/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../hostpools/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../.test/gremlindb/deploy.test.bicep | 2 +- .../.test/mongodb/deploy.test.bicep | 2 +- .../.test/plain/deploy.test.bicep | 2 +- .../.test/sqldb/deploy.test.bicep | 2 +- .../domains/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../systemTopics/.test/min/deploy.test.bicep | 2 +- .../topics/.test/common/deploy.test.bicep | 2 +- .../namespaces/.test/common/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../vaults/.test/common/deploy.test.bicep | 2 +- .../workflows/.test/common/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/internal/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/aadvpn/deploy.test.bicep | 2 +- .../.test/expressRoute/deploy.test.bicep | 2 +- .../.test/vpn/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../accounts/.test/common/deploy.test.bicep | 2 +- .../vaults/.test/common/deploy.test.bicep | 2 +- .../namespaces/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../servers/.test/common/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/nfs/deploy.test.bicep | 2 +- .../workspaces/.test/common/deploy.test.bicep | 2 +- .../.test/asev2/deploy.test.bicep | 2 +- .../.test/asev3/deploy.test.bicep | 2 +- .../.test/common/deploy.test.bicep | 2 +- .../.test/functionAppCommon/deploy.test.bicep | 2 +- .../.test/webAppCommon/deploy.test.bicep | 2 +- 90 files changed, 87 insertions(+), 355 deletions(-) rename modules/{Microsoft.Compute/disks/.test => .shared}/.scripts/Copy-VhdToStorageAccount.ps1 (100%) rename modules/{Microsoft.Compute/virtualMachineScaleSets/.test => .shared}/.scripts/New-SSHKey.ps1 (100%) rename modules/{Microsoft.Compute/virtualMachineScaleSets/.test => .shared}/.scripts/Set-BlobContent.ps1 (100%) rename modules/{Microsoft.Compute/disks/.test => .shared}/.scripts/Start-ImageTemplate.ps1 (100%) rename modules/.shared/{dependencyConstructs => .templates}/diagnostic.dependencies.bicep (100%) delete mode 100644 modules/Microsoft.AAD/DomainServices/.test/.scripts/New-Certificate.ps1 delete mode 100644 modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 delete mode 100644 modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1 delete mode 100644 modules/Microsoft.Compute/virtualMachines/.test/.scripts/New-SSHKey.ps1 delete mode 100644 modules/Microsoft.Compute/virtualMachines/.test/.scripts/Set-BlobContent.ps1 diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 473495b7e5..c597d24ce0 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -463,7 +463,7 @@ Within a bicep file, use the following conventions: ## Modules -- Module symbolic names are in camel_Snake_Case, following the schema `_` e.g., `storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_roleAssignments`. +- Module symbolic names are in camel*Snake_Case, following the schema `*`e.g.,`storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_roleAssignments`. - Modules enable you to reuse code from a Bicep file in other Bicep files. As such, they're normally leveraged for deploying child resources (e.g., file services in a storage account), cross referenced resources (e.g., network interface in a virtual machine) or extension resources (e.g., role assignment in a resource group). - When a module requires to deploy a resource whose resource type is outside of the main module's provider namespace, the module of this additional resource is referenced locally. For example, when extending the Key Vault module with Private Endpoints, instead of including in the Key Vault module an ad hoc implementation of a Private Endpoint, the Key Vault directly references the Private Endpoint module (i.e., `module privateEndpoint 'https://github.com/Azure/ResourceModules/blob/main/Microsoft.Network/privateEndpoints/deploy.bicep'`). Major benefits of this implementation are less code duplication, more consistency throughout the module library and allowing the consumer to leverage the full interface provided by the referenced module. > **Note**: Cross-referencing modules from the local repository creates a dependency for the modules applying this technique on the referenced modules being part of the local repository. Reusing the example from above, the Key Vault module has a dependency on the referenced Private Endpoint module, meaning that the repository from which the Key Vault module is deployed also requires the Private Endpoint module to be present. For this reason, we provide a utility to check for any local module references in a given path. This can be useful to determine which module folders you'd need if you don't want to keep the entire library. For further information on how to use the tool, please refer to the tool-specific [documentation](./Getting%20started%20-%20Get%20module%20cross-references). @@ -577,21 +577,21 @@ Test file (`deploy.test.bicep`) guidelines: - For the substring, we recommend to take the first character and subsequent upper-case characters from the resource type identifier and combine them into one string. Following you can find a few examples for reference: - `Microsoft.DBforPostgreSQL/flexibleServers` with a test folder `common` could be: `dfpsfscom` - `Microsoft.Storage/storageAccounts` with a test folder `min` could be: `ssamin` - > **Note:** If the combination of the `servicesShort` with the rest of a resource name becomes too long, it may be necessary to bend the above recommendations and shorten the name. This can especially happen when deploying resources such as Virtual Machines or Storage Accounts that only allow comparatively short names. + > **Note:** If the combination of the `servicesShort` with the rest of a resource name becomes too long, it may be necessary to bend the above recommendations and shorten the name. This can especially happen when deploying resources such as Virtual Machines or Storage Accounts that only allow comparatively short names. - If the module deploys a resource group level resource, the template should further have a `resourceGroupName` parameter and subsequent resource deployment. As a reference for the default name you can use `ms..-${serviceShort}-test-rg`. - Each file should also provide a `location` parameter that may default to the deployments default location - It is recommended to define all major resource names in the `deploy.test.bicep` file as it makes later maintenance easier. To implement this, make sure to pass all resource names to any referenced module. - Further, for any test file (including the `dependencies.bicep` file), the usage of variables should be reduced to the absolute minimum. In other words: You should only use variables if you must use them in more than one place. The idea is to keep the test files as simple as possible - References to dependencies should be implemented using resource references in combination with outputs. In other words: You should not hardcode any references into the module template's deployment. Instead use references such as `nestedDependencies.outputs.managedIdentityPrincipalId` -- If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need. +- If any diagnostic resources (e.g., a Log Analytics workspace) are required for a test scenario, you can reference the centralized `modules/.shared/.templates/diagnostic.dependencies.bicep` template. It will also provide you with all outputs you'd need. > :scroll: [Example of test file](https://github.com/Azure/ResourceModules/blob/main/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep) - Dependency file (`dependencies.bicep`) guidelines: - The `dependencies.bicep` should optionally be used if any additional dependencies must be deployed into a nested scope (e.g. into a deployed Resource Group). - Note that you can reuse many of the assets implemented in other modules. For example, there are many recurring implementations for Managed Identities, Key Vaults, Virtual Network deployments, etc. + - A special case to point out is the implementation of Key Vaults that require purge protection (for example, for Customer Managed Keys). As this implies that we cannot fully clean up a test deployment, it is recommended to generate a new name for this resource upon each pipeline run using the output of the `utcNow()` function at the time. > :scroll: [Example of test using purge protected Key Vault dependency](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts/.test/encr) diff --git a/modules/Microsoft.Compute/disks/.test/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 similarity index 100% rename from modules/Microsoft.Compute/disks/.test/.scripts/Copy-VhdToStorageAccount.ps1 rename to modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/.scripts/New-SSHKey.ps1 b/modules/.shared/.scripts/New-SSHKey.ps1 similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.test/.scripts/New-SSHKey.ps1 rename to modules/.shared/.scripts/New-SSHKey.ps1 diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/.scripts/Set-BlobContent.ps1 b/modules/.shared/.scripts/Set-BlobContent.ps1 similarity index 100% rename from modules/Microsoft.Compute/virtualMachineScaleSets/.test/.scripts/Set-BlobContent.ps1 rename to modules/.shared/.scripts/Set-BlobContent.ps1 diff --git a/modules/Microsoft.Compute/disks/.test/.scripts/Start-ImageTemplate.ps1 b/modules/.shared/.scripts/Start-ImageTemplate.ps1 similarity index 100% rename from modules/Microsoft.Compute/disks/.test/.scripts/Start-ImageTemplate.ps1 rename to modules/.shared/.scripts/Start-ImageTemplate.ps1 diff --git a/modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep b/modules/.shared/.templates/diagnostic.dependencies.bicep similarity index 100% rename from modules/.shared/dependencyConstructs/diagnostic.dependencies.bicep rename to modules/.shared/.templates/diagnostic.dependencies.bicep diff --git a/modules/Microsoft.AAD/DomainServices/.test/.scripts/New-Certificate.ps1 b/modules/Microsoft.AAD/DomainServices/.test/.scripts/New-Certificate.ps1 deleted file mode 100644 index 427b821e50..0000000000 --- a/modules/Microsoft.AAD/DomainServices/.test/.scripts/New-Certificate.ps1 +++ /dev/null @@ -1,31 +0,0 @@ -param( - [string] $KeyVaultName, - [string] $ResourceGroupName, - [string] $CertPWSecretName, - [string] $CertSecretName -) - -$password = ConvertTo-SecureString -String "$ResourceGroupName/$KeyVaultName/$CertSecretName" -AsPlainText -Force - -# Install open-ssl if not available -apt-get install openssl - -# Generate certificate -openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout './privateKey.key' -out './certificate.crt' -subj '/CN=*.contoso.onmicrosoft.com/O=contoso/C=US' - -# Sign certificate -openssl pkcs12 -export -out 'aadds.pfx' -inkey './privateKey.key' -in './certificate.crt' -passout pass:$password - -# Convert certificate to string -$rawCertByteStream = Get-Content './aadds.pfx' -AsByteStream -Write-Verbose 'Convert to secure string' -Verbose -$pfxCertificate = ConvertTo-SecureString -String ([System.Convert]::ToBase64String($rawCertByteStream)) -AsPlainText -Force - -# Set values -@( - @{ name = $CertPWSecretName; secretValue = $password } - @{ name = $CertSecretName; secretValue = $pfxCertificate } -) | ForEach-Object { - $null = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $_.name -SecretValue $_.secretValue - Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose -} diff --git a/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep b/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep index 6347cdb897..bfe2a4eddf 100644 --- a/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep +++ b/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep @@ -84,7 +84,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '3.0' retentionInterval: 'P1D' arguments: ' -KeyVaultName "${keyVault.name}" -ResourceGroupName "${resourceGroup().name}" -CertPWSecretName "${certPWSecretName}" -CertSecretName "${certSecretName}"' - scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-Certificate.ps1') } } diff --git a/modules/Microsoft.AAD/DomainServices/.test/common/deploy.test.bicep b/modules/Microsoft.AAD/DomainServices/.test/common/deploy.test.bicep index 2782cc2a43..8776faeda5 100644 --- a/modules/Microsoft.AAD/DomainServices/.test/common/deploy.test.bicep +++ b/modules/Microsoft.AAD/DomainServices/.test/common/deploy.test.bicep @@ -41,7 +41,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep b/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep index b791e749b8..74b2148efd 100644 --- a/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep +++ b/modules/Microsoft.AnalysisServices/servers/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep b/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep index 1a2474656d..435a947fe9 100644 --- a/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep +++ b/modules/Microsoft.AnalysisServices/servers/.test/max/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep b/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep index 0e0551cda1..3cbdeb846c 100644 --- a/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep +++ b/modules/Microsoft.ApiManagement/service/.test/max/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/common/deploy.test.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.test/common/deploy.test.bicep index 3183001652..ce274f85ba 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/common/deploy.test.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Automation/automationAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Automation/automationAccounts/.test/common/deploy.test.bicep index 924cf646f9..56a1ea2422 100644 --- a/modules/Microsoft.Automation/automationAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Automation/automationAccounts/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep index ee5ca55fe6..751d0f5d95 100644 --- a/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Batch/batchAccounts/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Cache/redis/.test/common/deploy.test.bicep b/modules/Microsoft.Cache/redis/.test/common/deploy.test.bicep index 09fef5daee..6fe0ca584d 100644 --- a/modules/Microsoft.Cache/redis/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Cache/redis/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.CognitiveServices/accounts/.test/common/deploy.test.bicep b/modules/Microsoft.CognitiveServices/accounts/.test/common/deploy.test.bicep index c03136e543..e3d69362d6 100644 --- a/modules/Microsoft.CognitiveServices/accounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Compute/disks/.test/import/dependencies.bicep b/modules/Microsoft.Compute/disks/.test/import/dependencies.bicep index b4956c7284..fe5c22c822 100644 --- a/modules/Microsoft.Compute/disks/.test/import/dependencies.bicep +++ b/modules/Microsoft.Compute/disks/.test/import/dependencies.bicep @@ -108,7 +108,7 @@ resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@202 azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"' - scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Start-ImageTemplate.ps1') cleanupPreference: 'OnSuccess' forceUpdateTag: baseTime } @@ -132,7 +132,7 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10- azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${storageAccount.name}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete' - scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Copy-VhdToStorageAccount.ps1') cleanupPreference: 'OnSuccess' forceUpdateTag: baseTime } diff --git a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 deleted file mode 100644 index ff8568b0a9..0000000000 --- a/modules/Microsoft.Compute/images/.test/.scripts/Copy-VhdToStorageAccount.ps1 +++ /dev/null @@ -1,124 +0,0 @@ -<# - .SYNOPSIS - Copy a VHD baked from a given image template to a given destination storage account blob container - - .DESCRIPTION - Copy a VHD baked from a given image template to a given destination storage account blob container - - .PARAMETER ImageTemplateName - Mandatory. The name of the image template - - .PARAMETER ImageTemplateResourceGroup - Mandatory. The resource group name of the image template - - .PARAMETER DestinationStorageAccountName - Mandatory. The name of the destination storage account - - .PARAMETER DestinationContainerName - Optional. The name of the existing destination blob container - - .PARAMETER VhdName - Optional. Specify a different name for the destination VHD file - - .PARAMETER WaitForComplete - Optional. Run the command synchronously. Wait for the completion of the copy. - - .EXAMPLE - Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' - - Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'. - - .EXAMPLE - Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete - - Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'. -#> - -[CmdletBinding(SupportsShouldProcess)] -param ( - [Parameter(Mandatory = $true)] - [string] $ImageTemplateName, - - [Parameter(Mandatory = $true)] - [string] $ImageTemplateResourceGroup, - - [Parameter(Mandatory = $true)] - [string] $DestinationStorageAccountName, - - [Parameter(Mandatory = $false)] - [string] $DestinationContainerName = 'vhds', - - [Parameter(Mandatory = $false)] - [string] $VhdName = $ImageTemplateName, - - [Parameter(Mandatory = $false)] - [switch] $WaitForComplete -) - -begin { - Write-Debug ('{0} entered' -f $MyInvocation.MyCommand) - - # Install required modules - $currentVerbosePreference = $VerbosePreference - $VerbosePreference = 'SilentlyContinue' - $requiredModules = @( - 'Az.ImageBuilder', - 'Az.Storage' - ) - foreach ($moduleName in $requiredModules) { - if (-not ($installedModule = Get-Module $moduleName -ListAvailable)) { - Install-Module $moduleName -Repository 'PSGallery' -Force -Scope 'CurrentUser' - if ($installed = Get-Module -Name $moduleName -ListAvailable) { - Write-Verbose ('Installed module [{0}] with version [{1}]' -f $installed.Name, $installed.Version) -Verbose - } - } else { - Write-Verbose ('Module [{0}] already installed in version [{1}]' -f $installedModule[0].Name, $installedModule[0].Version) -Verbose - } - } - $VerbosePreference = $currentVerbosePreference -} - -process { - # Retrieving and initializing parameters before the blob copy - Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose - Write-Verbose ('Retrieving source storage account from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose - Get-InstalledModule - $imgtRunOutput = Get-AzImageBuilderTemplateRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null - $sourceUri = $imgtRunOutput.ArtifactUri - $sourceStorageAccountName = $sourceUri.Split('//')[1].Split('.')[0] - $storageAccountList = Get-AzStorageAccount - $sourceStorageAccount = $storageAccountList | Where-Object StorageAccountName -EQ $sourceStorageAccountName - $sourceStorageAccountContext = $sourceStorageAccount.Context - $sourceStorageAccountRGName = $sourceStorageAccount.ResourceGroupName - Write-Verbose ('Retrieving artifact uri [{0}] stored in resource group [{1}]' -f $sourceUri, $sourceStorageAccountRGName) -Verbose - - Write-Verbose 'Initializing destination storage account parameters before the blob copy' -Verbose - $destinationStorageAccount = $storageAccountList | Where-Object StorageAccountName -EQ $destinationStorageAccountName - $destinationStorageAccountContext = $destinationStorageAccount.Context - $destinationBlobName = "$vhdName.vhd" - Write-Verbose ('Planning for destination blob name [{0}] in container [{1}] and storage account [{2}]' -f $destinationBlobName, $destinationContainerName, $destinationStorageAccountName) -Verbose - - # Copying the VHD to a destination blob container - $resourceActionInputObject = @{ - AbsoluteUri = $sourceUri - Context = $sourceStorageAccountContext - DestContext = $destinationStorageAccountContext - DestBlob = $destinationBlobName - DestContainer = $destinationContainerName - Force = $true - } - - if ($PSCmdlet.ShouldProcess('Storage blob copy of VHD [{0}]' -f $destinationBlobName, 'Start')) { - $destBlob = Start-AzStorageBlobCopy @resourceActionInputObject - Write-Verbose ('Copied/initialized copy of VHD from URI [{0}] to container [{1}] in storage account [{2}]' -f $sourceUri, $destinationContainerName, $destinationStorageAccountName) -Verbose - } - - if ($WaitForComplete) { - $destBlob | Get-AzStorageBlobCopyState -WaitForComplete - } -} - -end { - Write-Debug ('{0} exited' -f $MyInvocation.MyCommand) -} - diff --git a/modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1 b/modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1 deleted file mode 100644 index 9118832ea3..0000000000 --- a/modules/Microsoft.Compute/images/.test/.scripts/Start-ImageTemplate.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -<# - .SYNOPSIS - Create image artifacts from a given image template - - .DESCRIPTION - Create image artifacts from a given image template - - .PARAMETER ImageTemplateName - Mandatory. The name of the image template - - .PARAMETER ImageTemplateResourceGroup - Mandatory. The resource group name of the image template - - .PARAMETER NoWait - Optional. Run the command asynchronously - - .EXAMPLE - Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' - - Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion - - .EXAMPLE - Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait - - Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion -#> - -[CmdletBinding(SupportsShouldProcess)] -param ( - [Parameter(Mandatory = $true)] - [string] $ImageTemplateName, - - [Parameter(Mandatory = $true)] - [string] $ImageTemplateResourceGroup, - - [Parameter(Mandatory = $false)] - [switch] $NoWait -) - -begin { - Write-Debug ('{0} entered' -f $MyInvocation.MyCommand) - - # Install required modules - $currentVerbosePreference = $VerbosePreference - $VerbosePreference = 'SilentlyContinue' - $requiredModules = @( - 'Az.ImageBuilder' - ) - foreach ($moduleName in $requiredModules) { - if (-not ($installedModule = Get-Module $moduleName -ListAvailable)) { - Install-Module $moduleName -Repository 'PSGallery' -Force -Scope 'CurrentUser' - if ($installed = Get-Module -Name $moduleName -ListAvailable) { - Write-Verbose ('Installed module [{0}] with version [{1}]' -f $installed.Name, $installed.Version) -Verbose - } - } else { - Write-Verbose ('Module [{0}] already installed in version [{1}]' -f $installedModule[0].Name, $installedModule[0].Version) -Verbose - } - } - $VerbosePreference = $currentVerbosePreference -} - -process { - # Create image artifacts from existing image template - $resourceActionInputObject = @{ - ImageTemplateName = $imageTemplateName - ResourceGroupName = $imageTemplateResourceGroup - } - if ($NoWait) { - $resourceActionInputObject['NoWait'] = $true - } - if ($PSCmdlet.ShouldProcess('Image template [{0}]' -f $imageTemplateName, 'Start')) { - $null = Start-AzImageBuilderTemplate @resourceActionInputObject - Write-Verbose ('Created/initialized creation of image artifacts from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose - } -} - -end { - Write-Debug ('{0} exited' -f $MyInvocation.MyCommand) -} diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep index 58e74012eb..edb03b134a 100644 --- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep +++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep @@ -115,7 +115,7 @@ resource triggerImageDeploymentScript 'Microsoft.Resources/deploymentScripts@202 azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\"' - scriptContent: loadTextContent('../.scripts/Start-ImageTemplate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Start-ImageTemplate.ps1') cleanupPreference: 'OnSuccess' forceUpdateTag: baseTime } @@ -139,7 +139,7 @@ resource copyVhdDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10- azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-ImageTemplateName \\"${imageTemplate.name}\\" -ImageTemplateResourceGroup \\"${resourceGroup().name}\\" -DestinationStorageAccountName \\"${storageAccount.name}\\" -VhdName \\"${imageTemplateNamePrefix}\\" -WaitForComplete' - scriptContent: loadTextContent('../.scripts/Copy-VhdToStorageAccount.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Copy-VhdToStorageAccount.ps1') cleanupPreference: 'OnSuccess' forceUpdateTag: baseTime } diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.min/dependencies.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.min/dependencies.bicep index 8bc6ecd52c..b422cdfbe5 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.min/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.min/dependencies.bicep @@ -64,7 +64,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.ssecmk/dependencies.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.ssecmk/dependencies.bicep index c151582fc4..4b1e9aa4f9 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.ssecmk/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux.ssecmk/dependencies.bicep @@ -123,7 +123,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/dependencies.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/dependencies.bicep index b0ba84ab0d..28cb5c9a71 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/dependencies.bicep @@ -126,7 +126,7 @@ resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = { azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"' - scriptContent: loadTextContent('../.scripts/Set-BlobContent.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-BlobContent.ps1') } dependsOn: [ msiRGContrRoleAssignment @@ -147,7 +147,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/deploy.test.bicep index 8864ad37ac..c932d9b022 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/deploy.test.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/linux/deploy.test.bicep @@ -44,7 +44,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/dependencies.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/dependencies.bicep index 0f3fee9ec9..dc24396d8c 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/dependencies.bicep @@ -123,7 +123,7 @@ resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = { azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"' - scriptContent: loadTextContent('../.scripts/Set-BlobContent.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-BlobContent.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/deploy.test.bicep index 0a299d546c..d33cdf0e50 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/deploy.test.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.test/windows/deploy.test.bicep @@ -47,7 +47,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Compute/virtualMachines/.test/.scripts/New-SSHKey.ps1 b/modules/Microsoft.Compute/virtualMachines/.test/.scripts/New-SSHKey.ps1 deleted file mode 100644 index d12de1c45b..0000000000 --- a/modules/Microsoft.Compute/virtualMachines/.test/.scripts/New-SSHKey.ps1 +++ /dev/null @@ -1,19 +0,0 @@ -param( - [string] $SSHKeyName, - [string] $ResourceGroupName -) - -if (-not ($sshKey = Get-AzSshKey -ResourceGroupName $ResourceGroupName | Where-Object { $_.Name -eq $SSHKeyName })) { - Write-Verbose "No SSH key [$SSHKeyName] found in Resource Group [$ResourceGroupName]. Generating new." -Verbose - $null = ssh-keygen -f generated -N (Get-Random -Maximum 99999) - $publicKey = Get-Content 'generated.pub' -Raw - # $privateKey = cat generated | Out-String -} else { - Write-Verbose "SSH key [$SSHKeyName] found in Resource Group [$ResourceGroupName]. Returning." -Verbose - $publicKey = $sshKey.publicKey -} -# Write into Deployment Script output stream -$DeploymentScriptOutputs = @{ - # Requires conversion as the script otherwise returns an object instead of the plain public key string - publicKey = $publicKey | Out-String -} diff --git a/modules/Microsoft.Compute/virtualMachines/.test/.scripts/Set-BlobContent.ps1 b/modules/Microsoft.Compute/virtualMachines/.test/.scripts/Set-BlobContent.ps1 deleted file mode 100644 index 06617105f7..0000000000 --- a/modules/Microsoft.Compute/virtualMachines/.test/.scripts/Set-BlobContent.ps1 +++ /dev/null @@ -1,15 +0,0 @@ -param( - [string] $StorageAccountName, - [string] $ResourceGroupName, - [string] $ContainerName, - [string] $FileName -) - -Write-Verbose "Create file [$FileName]" -Verbose -$file = New-Item -Value "Write-Host 'I am content'" -Path $FileName -Force - -Write-Verbose "Getting storage account [$StorageAccountName|$ResourceGroupName] context." -Verbose -$storageAccount = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -StorageAccountName $StorageAccountName -ErrorAction 'Stop' - -Write-Verbose 'Uploading file [$fileName]' -Verbose -Set-AzStorageBlobContent -File $file.FullName -Container $ContainerName -Context $storageAccount.Context -Force -ErrorAction 'Stop' | Out-Null diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep index b76dfdba8b..238e6cea30 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.atmg/dependencies.bicep @@ -64,7 +64,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: ' -SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep index 8a71742062..0b8a697f07 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/linux.min/dependencies.bicep @@ -64,7 +64,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep index 6ad3e8ae4a..f7a0ec63f7 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/linux/dependencies.bicep @@ -256,7 +256,7 @@ resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = { azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"' - scriptContent: loadTextContent('../.scripts/Set-BlobContent.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-BlobContent.ps1') } dependsOn: [ msiRGContrRoleAssignment @@ -277,7 +277,7 @@ resource sshDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-SSHKeyName "${sshKeyName}" -ResourceGroupName "${resourceGroup().name}"' - scriptContent: loadTextContent('../.scripts/New-SSHKey.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep index 1710a37d90..57c1d58a23 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/linux/deploy.test.bicep @@ -48,7 +48,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep index 4eaf427319..5c1df6361d 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/windows/dependencies.bicep @@ -253,7 +253,7 @@ resource storageUpload 'Microsoft.Resources/deploymentScripts@2020-10-01' = { azPowerShellVersion: '9.0' retentionInterval: 'P1D' arguments: '-StorageAccountName "${storageAccount.name}" -ResourceGroupName "${resourceGroup().name}" -ContainerName "${storageAccount::blobService::container.name}" -FileName "${storageAccountCSEFileName}"' - scriptContent: loadTextContent('../.scripts/Set-BlobContent.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-BlobContent.ps1') } dependsOn: [ msiRGContrRoleAssignment diff --git a/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep b/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep index a91fab1f31..f7ec4bd210 100644 --- a/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.test/windows/deploy.test.bicep @@ -51,7 +51,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/common/deploy.test.bicep b/modules/Microsoft.ContainerRegistry/registries/.test/common/deploy.test.bicep index 518cd8ae2a..156b63e93d 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.test/common/deploy.test.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep index a83f34c2aa..4e87a0921f 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.test/azure/deploy.test.bicep @@ -45,7 +45,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep index d88794cb7b..5809b221bf 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.test/kubenet/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/private/deploy.test.bicep b/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/private/deploy.test.bicep index b77055c37a..e5b7cc7abb 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/private/deploy.test.bicep +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/private/deploy.test.bicep @@ -43,7 +43,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/public/deploy.test.bicep b/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/public/deploy.test.bicep index f84bd599fd..3647876b36 100644 --- a/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/public/deploy.test.bicep +++ b/modules/Microsoft.DBforPostgreSQL/flexibleServers/.test/public/deploy.test.bicep @@ -47,7 +47,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DataFactory/factories/.test/common/deploy.test.bicep b/modules/Microsoft.DataFactory/factories/.test/common/deploy.test.bicep index 4d0a0396aa..8aec4229ce 100644 --- a/modules/Microsoft.DataFactory/factories/.test/common/deploy.test.bicep +++ b/modules/Microsoft.DataFactory/factories/.test/common/deploy.test.bicep @@ -41,7 +41,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Databricks/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.Databricks/workspaces/.test/common/deploy.test.bicep index ec861fe76b..b0ccbc85ec 100644 --- a/modules/Microsoft.Databricks/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Databricks/workspaces/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.test/common/deploy.test.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/.test/common/deploy.test.bicep index 072e4af93c..269779416d 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/.test/common/deploy.test.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.test/common/deploy.test.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/.test/common/deploy.test.bicep index 668ee3dd72..f2a92fb570 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/.test/common/deploy.test.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.test/common/deploy.test.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/.test/common/deploy.test.bicep index 90a3f62950..dc5f0b23d3 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/.test/common/deploy.test.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/.test/common/deploy.test.bicep index e869261d9f..67a5fa295d 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/gremlindb/deploy.test.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.test/gremlindb/deploy.test.bicep index 95636a80d8..669f4c94d9 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.test/gremlindb/deploy.test.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.test/gremlindb/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/mongodb/deploy.test.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.test/mongodb/deploy.test.bicep index 64b3a02990..273fea2087 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.test/mongodb/deploy.test.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.test/mongodb/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/plain/deploy.test.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.test/plain/deploy.test.bicep index 7756789a59..9b27dcb974 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.test/plain/deploy.test.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.test/plain/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.test/sqldb/deploy.test.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.test/sqldb/deploy.test.bicep index 0564b4a031..9b8cb74a8e 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.test/sqldb/deploy.test.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.test/sqldb/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep index b0642c4a19..feb139efae 100644 --- a/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/domains/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.EventGrid/systemTopics/.test/common/deploy.test.bicep b/modules/Microsoft.EventGrid/systemTopics/.test/common/deploy.test.bicep index 44f5955cf8..ab20fa898c 100644 --- a/modules/Microsoft.EventGrid/systemTopics/.test/common/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.EventGrid/systemTopics/.test/min/deploy.test.bicep b/modules/Microsoft.EventGrid/systemTopics/.test/min/deploy.test.bicep index 572713040c..62749649a1 100644 --- a/modules/Microsoft.EventGrid/systemTopics/.test/min/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/.test/min/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.EventGrid/topics/.test/common/deploy.test.bicep b/modules/Microsoft.EventGrid/topics/.test/common/deploy.test.bicep index fe9f117a4b..8fa6f33586 100644 --- a/modules/Microsoft.EventGrid/topics/.test/common/deploy.test.bicep +++ b/modules/Microsoft.EventGrid/topics/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.EventHub/namespaces/.test/common/deploy.test.bicep b/modules/Microsoft.EventHub/namespaces/.test/common/deploy.test.bicep index 009b288235..4aa4e39de0 100644 --- a/modules/Microsoft.EventHub/namespaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.EventHub/namespaces/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.HealthcareApis/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.HealthcareApis/workspaces/.test/common/deploy.test.bicep index 1f890480cd..99ab52cd4e 100644 --- a/modules/Microsoft.HealthcareApis/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.HealthcareApis/workspaces/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module resourceGroupResources 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Insights/diagnosticSettings/.test/common/deploy.test.bicep b/modules/Microsoft.Insights/diagnosticSettings/.test/common/deploy.test.bicep index 5a49f8f072..110ff98e67 100644 --- a/modules/Microsoft.Insights/diagnosticSettings/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Insights/diagnosticSettings/.test/common/deploy.test.bicep @@ -30,7 +30,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep index 25c1633772..fc0bec1fd6 100644 --- a/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep +++ b/modules/Microsoft.KeyVault/vaults/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Logic/workflows/.test/common/deploy.test.bicep b/modules/Microsoft.Logic/workflows/.test/common/deploy.test.bicep index 4fb65d9d9e..2311dafc47 100644 --- a/modules/Microsoft.Logic/workflows/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Logic/workflows/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep index a55201b9e6..cfee2dbd5b 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/.test/common/deploy.test.bicep @@ -42,7 +42,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index 2fc92eb815..659262c764 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -42,7 +42,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep index fe8d8582df..90e746454e 100644 --- a/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/bastionHosts/.test/common/deploy.test.bicep b/modules/Microsoft.Network/bastionHosts/.test/common/deploy.test.bicep index 963ac70953..e3f2a6fd22 100644 --- a/modules/Microsoft.Network/bastionHosts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/bastionHosts/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/expressRouteCircuits/.test/common/deploy.test.bicep b/modules/Microsoft.Network/expressRouteCircuits/.test/common/deploy.test.bicep index 7f8430045b..c6410743da 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep b/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep index 38abc7f51a..a73086d218 100644 --- a/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/loadBalancers/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep b/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep index 759c5b9dcd..e6081d4c0e 100644 --- a/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep +++ b/modules/Microsoft.Network/loadBalancers/.test/internal/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/natGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/natGateways/.test/common/deploy.test.bicep index 76af723f79..5ab7c4699e 100644 --- a/modules/Microsoft.Network/natGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/natGateways/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/networkInterfaces/.test/common/deploy.test.bicep b/modules/Microsoft.Network/networkInterfaces/.test/common/deploy.test.bicep index adf5e3877e..6a1f0e25a7 100644 --- a/modules/Microsoft.Network/networkInterfaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/networkInterfaces/.test/common/deploy.test.bicep @@ -41,7 +41,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/networkSecurityGroups/.test/common/deploy.test.bicep b/modules/Microsoft.Network/networkSecurityGroups/.test/common/deploy.test.bicep index f576ff6848..639109a202 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/networkWatchers/.test/common/deploy.test.bicep b/modules/Microsoft.Network/networkWatchers/.test/common/deploy.test.bicep index 98aea66019..09043ccc88 100644 --- a/modules/Microsoft.Network/networkWatchers/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/networkWatchers/.test/common/deploy.test.bicep @@ -43,7 +43,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/publicIPAddresses/.test/common/deploy.test.bicep b/modules/Microsoft.Network/publicIPAddresses/.test/common/deploy.test.bicep index 0cff390a2d..68087029ee 100644 --- a/modules/Microsoft.Network/publicIPAddresses/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.test/common/deploy.test.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.test/common/deploy.test.bicep index 68e1d174ab..1f0afd8647 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep index 060e5c3853..491465015a 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/aadvpn/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep index aa6497436d..ef09276a12 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/expressRoute/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep index 95fd6a73d4..f86577482f 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.test/vpn/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Network/virtualNetworks/.test/common/deploy.test.bicep b/modules/Microsoft.Network/virtualNetworks/.test/common/deploy.test.bicep index cae778e53c..e903cb7693 100644 --- a/modules/Microsoft.Network/virtualNetworks/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/virtualNetworks/.test/common/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.OperationalInsights/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.OperationalInsights/workspaces/.test/common/deploy.test.bicep index a8ed083c9a..85169b6984 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Purview/accounts/.test/common/deploy.test.bicep b/modules/Microsoft.Purview/accounts/.test/common/deploy.test.bicep index 45c3bbdc3b..41cd1826b9 100644 --- a/modules/Microsoft.Purview/accounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Purview/accounts/.test/common/deploy.test.bicep @@ -42,7 +42,7 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.RecoveryServices/vaults/.test/common/deploy.test.bicep b/modules/Microsoft.RecoveryServices/vaults/.test/common/deploy.test.bicep index a0a369d25e..54fa0dc784 100644 --- a/modules/Microsoft.RecoveryServices/vaults/.test/common/deploy.test.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.ServiceBus/namespaces/.test/common/deploy.test.bicep b/modules/Microsoft.ServiceBus/namespaces/.test/common/deploy.test.bicep index 64e87dcd82..9920fa3e59 100644 --- a/modules/Microsoft.ServiceBus/namespaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Sql/managedInstances/.test/common/deploy.test.bicep b/modules/Microsoft.Sql/managedInstances/.test/common/deploy.test.bicep index a98ccfe087..4ebe53d748 100644 --- a/modules/Microsoft.Sql/managedInstances/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Sql/managedInstances/.test/common/deploy.test.bicep @@ -47,7 +47,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Sql/servers/.test/common/deploy.test.bicep b/modules/Microsoft.Sql/servers/.test/common/deploy.test.bicep index 664ab25c92..d8aaeeac6a 100644 --- a/modules/Microsoft.Sql/servers/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Sql/servers/.test/common/deploy.test.bicep @@ -45,7 +45,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep index 3e32a40374..35955fecc7 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/common/deploy.test.bicep @@ -39,7 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Storage/storageAccounts/.test/nfs/deploy.test.bicep b/modules/Microsoft.Storage/storageAccounts/.test/nfs/deploy.test.bicep index f9c7a8cfb5..26a6ca4160 100644 --- a/modules/Microsoft.Storage/storageAccounts/.test/nfs/deploy.test.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.test/nfs/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Synapse/workspaces/.test/common/deploy.test.bicep b/modules/Microsoft.Synapse/workspaces/.test/common/deploy.test.bicep index e3cc01d3dc..f2d47d4e56 100644 --- a/modules/Microsoft.Synapse/workspaces/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Synapse/workspaces/.test/common/deploy.test.bicep @@ -37,7 +37,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep index 83d7e4b871..f430e57b75 100644 --- a/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev2/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep index 9964323dd1..9df7e8e8a6 100644 --- a/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/.test/asev3/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Web/serverfarms/.test/common/deploy.test.bicep b/modules/Microsoft.Web/serverfarms/.test/common/deploy.test.bicep index 30ef110cd4..9b16b6dcf0 100644 --- a/modules/Microsoft.Web/serverfarms/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Web/serverfarms/.test/common/deploy.test.bicep @@ -38,7 +38,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep index bd11f24d9c..362a380fbc 100644 --- a/modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/functionAppCommon/deploy.test.bicep @@ -42,7 +42,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { diff --git a/modules/Microsoft.Web/sites/.test/webAppCommon/deploy.test.bicep b/modules/Microsoft.Web/sites/.test/webAppCommon/deploy.test.bicep index a47577ba74..a583e4820a 100644 --- a/modules/Microsoft.Web/sites/.test/webAppCommon/deploy.test.bicep +++ b/modules/Microsoft.Web/sites/.test/webAppCommon/deploy.test.bicep @@ -40,7 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { // Diagnostics // =========== -module diagnosticDependencies '../../../../.shared/dependencyConstructs/diagnostic.dependencies.bicep' = { +module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' params: { From a1bdb5d0293cac6b81b6d78466c1c05c66a62fd3 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 11:34:13 +0100 Subject: [PATCH 02/16] Moved further scripts into shared folder --- .../.test => .shared}/.scripts/New-Certificate.ps1 | 0 .../applicationGateways/.test/common/dependencies.bicep | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename modules/{Microsoft.Network/applicationGateways/.test => .shared}/.scripts/New-Certificate.ps1 (100%) diff --git a/modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 b/modules/.shared/.scripts/New-Certificate.ps1 similarity index 100% rename from modules/Microsoft.Network/applicationGateways/.test/.scripts/New-Certificate.ps1 rename to modules/.shared/.scripts/New-Certificate.ps1 diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep index 36f9944f20..d63b8cecd5 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep @@ -97,7 +97,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-KeyVaultName "${keyVault.name}" -CertName "applicationGatewaySslCertificate"' - scriptContent: loadTextContent('../.scripts/New-Certificate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/New-Certificate.ps1') } } From a53fa9a75f22350526c1ef3d02b32b5e135b8a34 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 11:51:24 +0100 Subject: [PATCH 03/16] Recovered cert script --- ...cate.ps1 => Set-CertificateInKeyVault.ps1} | 2 +- .../.scripts/Set-PfxCertificateInKeyVault.ps1 | 31 +++++++++++++++++++ .../.test/common/dependencies.bicep | 2 +- .../.test/common/dependencies.bicep | 2 +- 4 files changed, 34 insertions(+), 3 deletions(-) rename modules/.shared/.scripts/{New-Certificate.ps1 => Set-CertificateInKeyVault.ps1} (96%) create mode 100644 modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 diff --git a/modules/.shared/.scripts/New-Certificate.ps1 b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 similarity index 96% rename from modules/.shared/.scripts/New-Certificate.ps1 rename to modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 index 8e723c072c..20d4d05b67 100644 --- a/modules/.shared/.scripts/New-Certificate.ps1 +++ b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 @@ -3,7 +3,7 @@ [string] $CertName ) -$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'Stop' +$certificate = Get-AzKeyVaultCertificate -VaultName $KeyVaultName -Name $CertName -ErrorAction 'SilentlyContinue' if (-not $certificate) { $policyInputObject = @{ diff --git a/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 b/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 new file mode 100644 index 0000000000..427b821e50 --- /dev/null +++ b/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 @@ -0,0 +1,31 @@ +param( + [string] $KeyVaultName, + [string] $ResourceGroupName, + [string] $CertPWSecretName, + [string] $CertSecretName +) + +$password = ConvertTo-SecureString -String "$ResourceGroupName/$KeyVaultName/$CertSecretName" -AsPlainText -Force + +# Install open-ssl if not available +apt-get install openssl + +# Generate certificate +openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout './privateKey.key' -out './certificate.crt' -subj '/CN=*.contoso.onmicrosoft.com/O=contoso/C=US' + +# Sign certificate +openssl pkcs12 -export -out 'aadds.pfx' -inkey './privateKey.key' -in './certificate.crt' -passout pass:$password + +# Convert certificate to string +$rawCertByteStream = Get-Content './aadds.pfx' -AsByteStream +Write-Verbose 'Convert to secure string' -Verbose +$pfxCertificate = ConvertTo-SecureString -String ([System.Convert]::ToBase64String($rawCertByteStream)) -AsPlainText -Force + +# Set values +@( + @{ name = $CertPWSecretName; secretValue = $password } + @{ name = $CertSecretName; secretValue = $pfxCertificate } +) | ForEach-Object { + $null = Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name $_.name -SecretValue $_.secretValue + Write-Verbose ('Added secret [{0}] to key vault [{1}]' -f $_.name, $keyVaultName) -Verbose +} diff --git a/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep b/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep index bfe2a4eddf..f8b131d624 100644 --- a/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep +++ b/modules/Microsoft.AAD/DomainServices/.test/common/dependencies.bicep @@ -84,7 +84,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '3.0' retentionInterval: 'P1D' arguments: ' -KeyVaultName "${keyVault.name}" -ResourceGroupName "${resourceGroup().name}" -CertPWSecretName "${certPWSecretName}" -CertSecretName "${certSecretName}"' - scriptContent: loadTextContent('../../../../.shared/.scripts/New-Certificate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-PfxCertificateInKeyVault.ps1') } } diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep index d63b8cecd5..46d1b47f0f 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/dependencies.bicep @@ -97,7 +97,7 @@ resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' azPowerShellVersion: '8.0' retentionInterval: 'P1D' arguments: '-KeyVaultName "${keyVault.name}" -CertName "applicationGatewaySslCertificate"' - scriptContent: loadTextContent('../../../../.shared/.scripts/New-Certificate.ps1') + scriptContent: loadTextContent('../../../../.shared/.scripts/Set-CertificateInKeyVault.ps1') } } From 1ddd4c2f7c163e4c5a0e08c410c4ff38415e1999 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:01:01 +0100 Subject: [PATCH 04/16] Formatted readme --- docs/wiki/The library - Module design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index c597d24ce0..7e493a17e6 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -577,7 +577,7 @@ Test file (`deploy.test.bicep`) guidelines: - For the substring, we recommend to take the first character and subsequent upper-case characters from the resource type identifier and combine them into one string. Following you can find a few examples for reference: - `Microsoft.DBforPostgreSQL/flexibleServers` with a test folder `common` could be: `dfpsfscom` - `Microsoft.Storage/storageAccounts` with a test folder `min` could be: `ssamin` - > **Note:** If the combination of the `servicesShort` with the rest of a resource name becomes too long, it may be necessary to bend the above recommendations and shorten the name. This can especially happen when deploying resources such as Virtual Machines or Storage Accounts that only allow comparatively short names. + > **Note:** If the combination of the `servicesShort` with the rest of a resource name becomes too long, it may be necessary to bend the above recommendations and shorten the name. This can especially happen when deploying resources such as Virtual Machines or Storage Accounts that only allow comparatively short names. - If the module deploys a resource group level resource, the template should further have a `resourceGroupName` parameter and subsequent resource deployment. As a reference for the default name you can use `ms..-${serviceShort}-test-rg`. - Each file should also provide a `location` parameter that may default to the deployments default location - It is recommended to define all major resource names in the `deploy.test.bicep` file as it makes later maintenance easier. To implement this, make sure to pass all resource names to any referenced module. From b754ae1df932143d5feb6fc072e1ebadfe630864 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:01:54 +0100 Subject: [PATCH 05/16] Update to latest --- docs/wiki/The library - Module design.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 7e493a17e6..8cac7ced49 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -591,7 +591,6 @@ Dependency file (`dependencies.bicep`) guidelines: - The `dependencies.bicep` should optionally be used if any additional dependencies must be deployed into a nested scope (e.g. into a deployed Resource Group). - Note that you can reuse many of the assets implemented in other modules. For example, there are many recurring implementations for Managed Identities, Key Vaults, Virtual Network deployments, etc. - - A special case to point out is the implementation of Key Vaults that require purge protection (for example, for Customer Managed Keys). As this implies that we cannot fully clean up a test deployment, it is recommended to generate a new name for this resource upon each pipeline run using the output of the `utcNow()` function at the time. > :scroll: [Example of test using purge protected Key Vault dependency](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts/.test/encr) From 76df5ed878b5066e2615abb23f64fe1a7b2507fe Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:02:45 +0100 Subject: [PATCH 06/16] Update to latest --- docs/wiki/The library - Module design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 8cac7ced49..5fb426d948 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -463,7 +463,7 @@ Within a bicep file, use the following conventions: ## Modules -- Module symbolic names are in camel*Snake_Case, following the schema `*`e.g.,`storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_roleAssignments`. +- Module symbolic names are in camel_Snake_Case, following the schema `_` e.g., `storageAccount_fileServices`, `virtualMachine_nic`, `resourceGroup_roleAssignments`. - Modules enable you to reuse code from a Bicep file in other Bicep files. As such, they're normally leveraged for deploying child resources (e.g., file services in a storage account), cross referenced resources (e.g., network interface in a virtual machine) or extension resources (e.g., role assignment in a resource group). - When a module requires to deploy a resource whose resource type is outside of the main module's provider namespace, the module of this additional resource is referenced locally. For example, when extending the Key Vault module with Private Endpoints, instead of including in the Key Vault module an ad hoc implementation of a Private Endpoint, the Key Vault directly references the Private Endpoint module (i.e., `module privateEndpoint 'https://github.com/Azure/ResourceModules/blob/main/Microsoft.Network/privateEndpoints/deploy.bicep'`). Major benefits of this implementation are less code duplication, more consistency throughout the module library and allowing the consumer to leverage the full interface provided by the referenced module. > **Note**: Cross-referencing modules from the local repository creates a dependency for the modules applying this technique on the referenced modules being part of the local repository. Reusing the example from above, the Key Vault module has a dependency on the referenced Private Endpoint module, meaning that the repository from which the Key Vault module is deployed also requires the Private Endpoint module to be present. For this reason, we provide a utility to check for any local module references in a given path. This can be useful to determine which module folders you'd need if you don't want to keep the entire library. For further information on how to use the tool, please refer to the tool-specific [documentation](./Getting%20started%20-%20Get%20module%20cross-references). From 80c9a68aefd2ffe4bdd684c6ca7ea1ec3908a331 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:05:09 +0100 Subject: [PATCH 07/16] Update to latest --- modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 index ff8568b0a9..ad007b3be0 100644 --- a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 +++ b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 @@ -25,12 +25,10 @@ .EXAMPLE Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' - Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'. .EXAMPLE Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete - Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'. #> @@ -121,4 +119,3 @@ process { end { Write-Debug ('{0} exited' -f $MyInvocation.MyCommand) } - From 4dd9cbb105f83644af3608f4aab502aff0c2794c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:06:14 +0100 Subject: [PATCH 08/16] Update to latest --- modules/.shared/.scripts/Start-ImageTemplate.ps1 | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/.shared/.scripts/Start-ImageTemplate.ps1 b/modules/.shared/.scripts/Start-ImageTemplate.ps1 index 9118832ea3..5f510cb420 100644 --- a/modules/.shared/.scripts/Start-ImageTemplate.ps1 +++ b/modules/.shared/.scripts/Start-ImageTemplate.ps1 @@ -16,12 +16,10 @@ .EXAMPLE Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' - Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion .EXAMPLE Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait - Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion #> @@ -62,8 +60,8 @@ begin { process { # Create image artifacts from existing image template $resourceActionInputObject = @{ - ImageTemplateName = $imageTemplateName - ResourceGroupName = $imageTemplateResourceGroup + ImageTemplateName = $imageTemplateName + ResourceGroupName = $imageTemplateResourceGroup } if ($NoWait) { $resourceActionInputObject['NoWait'] = $true From 189c19efbdf98dfa8f3a4d9e24fcfb039bae28fb Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:08:52 +0100 Subject: [PATCH 09/16] Update to latest --- modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 index ad007b3be0..e00a3b4d71 100644 --- a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 +++ b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 @@ -25,10 +25,12 @@ .EXAMPLE Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' + Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'. .EXAMPLE Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete + Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'. #> From 1c2bfd8bf187c0ee5e64da8712213c325a023927 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 12:09:30 +0100 Subject: [PATCH 10/16] Update to latest --- modules/.shared/.scripts/Start-ImageTemplate.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/.shared/.scripts/Start-ImageTemplate.ps1 b/modules/.shared/.scripts/Start-ImageTemplate.ps1 index 5f510cb420..a17f2643f6 100644 --- a/modules/.shared/.scripts/Start-ImageTemplate.ps1 +++ b/modules/.shared/.scripts/Start-ImageTemplate.ps1 @@ -16,10 +16,12 @@ .EXAMPLE Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' + Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion .EXAMPLE Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait + Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion #> From 8d45b31778386c21c03a145f68691c8fce9817a0 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 13:18:28 +0100 Subject: [PATCH 11/16] Added docs --- .../.scripts/Copy-VhdToStorageAccount.ps1 | 46 +++++++++---------- modules/.shared/.scripts/New-SSHKey.ps1 | 23 +++++++++- modules/.shared/.scripts/Set-BlobContent.ps1 | 33 ++++++++++++- .../.scripts/Set-CertificateInKeyVault.ps1 | 23 +++++++++- .../.scripts/Set-PfxCertificateInKeyVault.ps1 | 33 ++++++++++++- .../.shared/.scripts/Start-ImageTemplate.ps1 | 32 ++++++------- 6 files changed, 147 insertions(+), 43 deletions(-) diff --git a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 index e00a3b4d71..2a353dd74f 100644 --- a/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 +++ b/modules/.shared/.scripts/Copy-VhdToStorageAccount.ps1 @@ -1,37 +1,37 @@ <# - .SYNOPSIS - Copy a VHD baked from a given image template to a given destination storage account blob container +.SYNOPSIS +Copy a VHD baked from a given Image Template to a given destination storage account blob container - .DESCRIPTION - Copy a VHD baked from a given image template to a given destination storage account blob container +.DESCRIPTION +Copy a VHD baked from a given Image Template to a given destination storage account blob container - .PARAMETER ImageTemplateName - Mandatory. The name of the image template +.PARAMETER ImageTemplateName +Mandatory. The name of the Image Template - .PARAMETER ImageTemplateResourceGroup - Mandatory. The resource group name of the image template +.PARAMETER ImageTemplateResourceGroup +Mandatory. The resource group name of the Image Template - .PARAMETER DestinationStorageAccountName - Mandatory. The name of the destination storage account +.PARAMETER DestinationStorageAccountName +Mandatory. The name of the destination storage account - .PARAMETER DestinationContainerName - Optional. The name of the existing destination blob container +.PARAMETER DestinationContainerName +Optional. The name of the existing destination blob container - .PARAMETER VhdName - Optional. Specify a different name for the destination VHD file +.PARAMETER VhdName +Optional. Specify a different name for the destination VHD file - .PARAMETER WaitForComplete - Optional. Run the command synchronously. Wait for the completion of the copy. +.PARAMETER WaitForComplete +Optional. Run the command synchronously. Wait for the completion of the copy. - .EXAMPLE - Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' +.EXAMPLE +./Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' - Copy a VHD created by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'. +Copy a VHD created by Image Template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in blob container named 'vhds'. Save the VHD file as 'vhd-img-template-001-2022-07-29-15-54-01.vhd'. - .EXAMPLE - Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete +.EXAMPLE +./Copy-VhdToStorageAccount -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -DestinationStorageAccountName 'vhdstorage001' -VhdName 'vhd-img-template-001' -WaitForComplete - Copy a VHD baked by image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'. +Copy a VHD baked by Image Template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' to destination storage account 'vhdstorage001' in a blob container named 'vhds' and wait for the completion of the copy. Save the VHD file as 'vhd-img-template-001.vhd'. #> [CmdletBinding(SupportsShouldProcess)] @@ -81,7 +81,7 @@ begin { process { # Retrieving and initializing parameters before the blob copy Write-Verbose 'Initializing source storage account parameters before the blob copy' -Verbose - Write-Verbose ('Retrieving source storage account from image template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose + Write-Verbose ('Retrieving source storage account from Image Template [{0}] in resource group [{1}]' -f $imageTemplateName, $imageTemplateResourceGroup) -Verbose Get-InstalledModule $imgtRunOutput = Get-AzImageBuilderTemplateRunOutput -ImageTemplateName $imageTemplateName -ResourceGroupName $imageTemplateResourceGroup | Where-Object ArtifactUri -NE $null $sourceUri = $imgtRunOutput.ArtifactUri diff --git a/modules/.shared/.scripts/New-SSHKey.ps1 b/modules/.shared/.scripts/New-SSHKey.ps1 index d12de1c45b..3e5c532388 100644 --- a/modules/.shared/.scripts/New-SSHKey.ps1 +++ b/modules/.shared/.scripts/New-SSHKey.ps1 @@ -1,5 +1,26 @@ -param( +<# +.SYNOPSIS +Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource. + +.DESCRIPTION +Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource. + +.PARAMETER SSHKeyName +Mandatory. The name of the Public SSH Key Resource as it would be deployed in Azure + +.PARAMETER ResourceGroupName +Mandatory. The resource group name of the Public SSH Key Resource as it would be deployed in Azure + +.EXAMPLE +./New-SSHKey.ps1 -SSHKeyName 'myKeyResource' -ResourceGroupName 'ssh-rg' + +Generate a new Public SSH Key or fetch it from an existing Public SSH Key resource 'myKeyResource' in Resource Group 'ssh-rg' +#> +param( + [Parameter(Mandatory = $true)] [string] $SSHKeyName, + + [Parameter(Mandatory = $true)] [string] $ResourceGroupName ) diff --git a/modules/.shared/.scripts/Set-BlobContent.ps1 b/modules/.shared/.scripts/Set-BlobContent.ps1 index 06617105f7..394bbd6b38 100644 --- a/modules/.shared/.scripts/Set-BlobContent.ps1 +++ b/modules/.shared/.scripts/Set-BlobContent.ps1 @@ -1,7 +1,38 @@ -param( +<# +.SYNOPSIS +Upload a test file to the given Storage Account Container. + +.DESCRIPTION +Upload a test file to the given Storage Account Container. + +.PARAMETER StorageAccountName +Mandatory. The name of the Storage Account to upload the file to + +.PARAMETER ResourceGroupName +Mandatory. The name of the Resource Group containing the Storage Account to upload the file to + +.PARAMETER ContainerName +Mandatory. The name of the Storage Account Container to upload the file to + +.PARAMETER FileName +Mandatory. The name of the file of the file to create in the container + +.EXAMPLE +./Set-BlobContent.ps1 -StorageAccountName 'mystorage' -ResourceGroupName 'storage-rg' -ContainerName 'mycontainer' -FileName 'testCSE.ps1' + +Generate a dummy file 'testCSE.ps1' to the Storage Account 'mystorage' Container 'mycontainer' in Resource Group 'storage-rg' +#> +param( + [Parameter(Mandatory = $true)] [string] $StorageAccountName, + + [Parameter(Mandatory = $true)] [string] $ResourceGroupName, + + [Parameter(Mandatory = $true)] [string] $ContainerName, + + [Parameter(Mandatory = $true)] [string] $FileName ) diff --git a/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 index 20d4d05b67..18028cc9ea 100644 --- a/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 +++ b/modules/.shared/.scripts/Set-CertificateInKeyVault.ps1 @@ -1,5 +1,26 @@ -param( +<# +.SYNOPSIS +Generate a new Key Vault Certificate or fetch its secret reference if already existing. + +.DESCRIPTION +Generate a new Key Vault Certificate or fetch its secret reference if already existing. + +.PARAMETER KeyVaultName +Mandatory. The name of the Key Vault to add a new certificate to, or fetch the secret reference it from + +.PARAMETER CertName +Mandatory. The name of the certificate to generate or fetch the secret reference from + +.EXAMPLE +./Set-CertificateInKeyVault.ps1 -KeyVaultName 'myVault' -CertName 'myCert' + +Generate a new Key Vault Certificate or fetch its secret reference if already existing as 'myCert' in Key Vault 'myVault' +#> +param( + [Parameter(Mandatory = $true)] [string] $KeyVaultName, + + [Parameter(Mandatory = $true)] [string] $CertName ) diff --git a/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 b/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 index 427b821e50..fd88a2243e 100644 --- a/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 +++ b/modules/.shared/.scripts/Set-PfxCertificateInKeyVault.ps1 @@ -1,7 +1,38 @@ -param( +<# +.SYNOPSIS +Generate a new PFX Certificate and store it alongside its password as Secrets in the given Key Vault. + +.DESCRIPTION +Generate a new PFX Certificate and store it alongside its password as Secrets in the given Key Vault. + +.PARAMETER KeyVaultName +Mandatory. The name of the Key Vault to store the Certificate & Password in + +.PARAMETER ResourceGroupName +Mandatory. The name of the Resource Group containing the Key Vault to store the Certificate & Password in + +.PARAMETER CertPWSecretName +Mandatory. The name of the Secret to store the Certificate's password in + +.PARAMETER CertSecretName +Mandatory. The name of the Secret to store the Secret in + +.EXAMPLE +./Set-PfxCertificateInKeyVault.ps1 -KeyVaultName 'myVault' -ResourceGroupName 'vault-rg' -CertPWSecretName 'pfxCertificatePassword' -CertSecretName 'pfxBase64Certificate' + +Generate a Certificate and store it as the Secret 'pfxCertificatePassword' in the Key Vault 'vault-rg' of Resource Group 'storage-rg' alongside its password as the Secret 'pfxCertificatePassword' +#> +param( + [Parameter(Mandatory = $true)] [string] $KeyVaultName, + + [Parameter(Mandatory = $true)] [string] $ResourceGroupName, + + [Parameter(Mandatory = $true)] [string] $CertPWSecretName, + + [Parameter(Mandatory = $true)] [string] $CertSecretName ) diff --git a/modules/.shared/.scripts/Start-ImageTemplate.ps1 b/modules/.shared/.scripts/Start-ImageTemplate.ps1 index a17f2643f6..798f799a75 100644 --- a/modules/.shared/.scripts/Start-ImageTemplate.ps1 +++ b/modules/.shared/.scripts/Start-ImageTemplate.ps1 @@ -1,28 +1,28 @@ <# - .SYNOPSIS - Create image artifacts from a given image template +.SYNOPSIS +Create image artifacts from a given image template - .DESCRIPTION - Create image artifacts from a given image template +.DESCRIPTION +Create image artifacts from a given image template - .PARAMETER ImageTemplateName - Mandatory. The name of the image template +.PARAMETER ImageTemplateName +Mandatory. The name of the image template - .PARAMETER ImageTemplateResourceGroup - Mandatory. The resource group name of the image template +.PARAMETER ImageTemplateResourceGroup +Mandatory. The resource group name of the image template - .PARAMETER NoWait - Optional. Run the command asynchronously +.PARAMETER NoWait +Optional. Run the command asynchronously - .EXAMPLE - Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' +.EXAMPLE +./Start-ImageTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' - Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion +Create image artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and wait for their completion - .EXAMPLE - Start-AzImageBuilderTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait +.EXAMPLE +./Start-ImageTemplate -ImageTemplateName 'vhd-img-template-001-2022-07-29-15-54-01' -ImageTemplateResourceGroup 'validation-rg' -NoWait - Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion +Start the creation of artifacts from image template 'vhd-img-template-001-2022-07-29-15-54-01' in resource group 'validation-rg' and do not wait for their completion #> [CmdletBinding(SupportsShouldProcess)] From d69f46427846ca1612ae60ae08b5b14c2caed8df Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 13:31:26 +0100 Subject: [PATCH 12/16] Added docs --- docs/wiki/The library - Module design.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 5fb426d948..02136c469e 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -594,6 +594,7 @@ Dependency file (`dependencies.bicep`) guidelines: - A special case to point out is the implementation of Key Vaults that require purge protection (for example, for Customer Managed Keys). As this implies that we cannot fully clean up a test deployment, it is recommended to generate a new name for this resource upon each pipeline run using the output of the `utcNow()` function at the time. > :scroll: [Example of test using purge protected Key Vault dependency](https://github.com/Azure/ResourceModules/tree/main/modules/Microsoft.Batch/batchAccounts/.test/encr) + - If you need a Deployment Script to set additional non-template resources up (for example certificates/files, etc.), we recommend to store it as a file in the shared `modules/.shared/.scripts` folder and load it using the template function `loadTextContent()` (for example: `scriptContent: loadTextContent('../../../../.shared/.scripts/New-SSHKey.ps1')`). This approach makes it easier to test & validate the logic and further allows reusing the same logic accross multiple test cases. # Telemetry From 984603043694c4a0f6d748a598980fbb62966102 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Fri, 10 Feb 2023 13:42:43 +0100 Subject: [PATCH 13/16] Update to latest --- modules/Microsoft.AAD/DomainServices/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md index bddb5fb45b..2d78a24a52 100644 --- a/modules/Microsoft.AAD/DomainServices/readme.md +++ b/modules/Microsoft.AAD/DomainServices/readme.md @@ -32,8 +32,8 @@ This template deploys Azure Active Directory Domain Services (AADDS). | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | -| `pfxCertificate` | secureString | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | secureString | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | +| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | **Optional parameters** From 50c6ef75950d666ca4510ec7332121aa673cc838 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 12 Feb 2023 07:30:40 +0100 Subject: [PATCH 14/16] Updated AppGw API version --- .../.bicep/nested_roleAssignments.bicep | 4 ++-- .../.test/common/deploy.test.bicep | 9 +++++++++ .../applicationGateways/deploy.bicep | 16 ++++++++++++++-- .../applicationGateways/readme.md | 17 ++++++++++++++++- 4 files changed, 41 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep index 69cbc8b86b..236ac7a25b 100644 --- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep @@ -74,8 +74,8 @@ var builtInRoleNames = { 'Windows Admin Center Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f') } -resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' existing = { - name: last(split(resourceId, '/')) +resource applicationGateway 'Microsoft.Network/applicationGateways@2022-07-01' existing = { + name: last(split(resourceId, '/'))! } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index 659262c764..2421b64308 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -112,6 +112,15 @@ module testDeployment '../../deploy.bicep' = { requestTimeout: 30 } } + ] + backendSettingsCollection: [ + + ] + listeners: [ + + ] + routingRules: [ + ] diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId diff --git a/modules/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep index fe12b41ab9..6021d9eed2 100644 --- a/modules/Microsoft.Network/applicationGateways/deploy.bicep +++ b/modules/Microsoft.Network/applicationGateways/deploy.bicep @@ -259,6 +259,15 @@ param roleAssignments array = [] @description('Optional. Resource tags.') param tags object = {} +@description('Optional. Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits).') +param backendSettingsCollection array = [] + +@description('Optional. Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits).') +param listeners array = [] + +@description('Optional. Routing rules of the application gateway resource.') +param routingRules array = [] + @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') param enableDefaultTelemetry bool = true @@ -274,7 +283,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = { +resource applicationGateway 'Microsoft.Network/applicationGateways@2022-07-01' = { name: name location: location tags: tags @@ -287,6 +296,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = } : null backendAddressPools: backendAddressPools backendHttpSettingsCollection: backendHttpSettingsCollection + backendSettingsCollection: backendSettingsCollection customErrorConfigurations: customErrorConfigurations enableHttp2: enableHttp2 firewallPolicy: !empty(firewallPolicyId) ? { @@ -302,10 +312,12 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = } httpListeners: httpListeners loadDistributionPolicies: loadDistributionPolicies + listeners: listeners privateLinkConfigurations: privateLinkConfigurations probes: probes redirectConfigurations: redirectConfigurations requestRoutingRules: requestRoutingRules + routingRules: routingRules rewriteRuleSets: rewriteRuleSets sku: { name: sku @@ -326,7 +338,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' = }, (enableFips ? { enableFips: enableFips } : {}), - (!empty(webApplicationFirewallConfiguration) ? { webApplicationFirewallConfiguration: webApplicationFirewallConfiguration }: {}) + (!empty(webApplicationFirewallConfiguration) ? { webApplicationFirewallConfiguration: webApplicationFirewallConfiguration } : {}) ) zones: zones } diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 71fcb1cea4..e9952e440d 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -17,7 +17,7 @@ This module deploys Network ApplicationGateways. | `Microsoft.Authorization/locks` | [2020-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/applicationGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/applicationGateways) | +| `Microsoft.Network/applicationGateways` | [2022-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-07-01/applicationGateways) | ## Parameters @@ -36,6 +36,7 @@ This module deploys Network ApplicationGateways. | `autoscaleMinCapacity` | int | `-1` | | Lower bound on number of Application Gateway capacity. | | `backendAddressPools` | array | `[]` | | Backend address pool of the application gateway resource. | | `backendHttpSettingsCollection` | array | `[]` | | Backend http settings of the application gateway resource. | +| `backendSettingsCollection` | array | `[]` | | Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | | `capacity` | int | `2` | | The number of Application instances to be configured. | | `customErrorConfigurations` | array | `[]` | | Custom error configurations of the application gateway resource. | | `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | @@ -56,6 +57,7 @@ This module deploys Network ApplicationGateways. | `frontendPorts` | array | `[]` | | Frontend ports of the application gateway resource. | | `gatewayIPConfigurations` | array | `[]` | | Subnets of the application gateway resource. | | `httpListeners` | array | `[]` | | Http listeners of the application gateway resource. | +| `listeners` | array | `[]` | | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | | `loadDistributionPolicies` | array | `[]` | | Load distribution policies of the application gateway resource. | | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | @@ -65,6 +67,7 @@ This module deploys Network ApplicationGateways. | `requestRoutingRules` | array | `[]` | | Request routing rules of the application gateway resource. | | `rewriteRuleSets` | array | `[]` | | Rewrite rules for the application gateway resource. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `routingRules` | array | `[]` | | Routing rules of the application gateway resource. | | `sku` | string | `'WAF_Medium'` | `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` | The name of the SKU for the Application Gateway. | | `sslCertificates` | array | `[]` | | SSL certificates of the application gateway resource. | | `sslPolicyCipherSuites` | array | `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` | `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` | Ssl cipher suites to be enabled in the specified order to application gateway. | @@ -294,6 +297,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } } ] + backendSettingsCollection: [] diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 @@ -422,6 +426,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } } ] + listeners: [] lock: 'CanNotDelete' probes: [ { @@ -547,6 +552,7 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep roleDefinitionIdOrName: 'Reader' } ] + routingRules: [] sku: 'WAF_v2' sslCertificates: [ { @@ -641,6 +647,9 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, + "backendSettingsCollection": { + "value": [] + }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, @@ -791,6 +800,9 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, + "listeners": { + "value": [] + }, "lock": { "value": "CanNotDelete" }, @@ -926,6 +938,9 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, + "routingRules": { + "value": [] + }, "sku": { "value": "WAF_v2" }, From c743055927eca9c5d1bd07ec0b6de3ab5dbb32f7 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 12 Feb 2023 08:53:41 +0100 Subject: [PATCH 15/16] Updated test cases --- .../.test/common/deploy.test.bicep | 58 +++++++-- .../applicationGateways/readme.md | 112 +++++++++++++++--- 2 files changed, 146 insertions(+), 24 deletions(-) diff --git a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep index 2421b64308..44360f1dbf 100644 --- a/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep +++ b/modules/Microsoft.Network/applicationGateways/.test/common/deploy.test.bicep @@ -112,15 +112,6 @@ module testDeployment '../../deploy.bicep' = { requestTimeout: 30 } } - ] - backendSettingsCollection: [ - - ] - listeners: [ - - ] - routingRules: [ - ] diagnosticLogsRetentionInDays: 7 diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId @@ -362,6 +353,9 @@ module testDeployment '../../deploy.bicep' = { id: '${appGWExpectedResourceID}/redirectConfigurations/httpRedirect8080' } ruleType: 'Basic' + rewriteRuleSet: { + id: '${appGWExpectedResourceID}/rewriteRuleSets/customRewrite' + } } } ] @@ -386,8 +380,34 @@ module testDeployment '../../deploy.bicep' = { userAssignedIdentities: { '${nestedDependencies.outputs.managedIdentityResourceId}': {} } + rewriteRuleSets: [ + { + name: 'customRewrite' + id: '${appGWExpectedResourceID}/rewriteRuleSets/customRewrite' + properties: { + rewriteRules: [ + { + ruleSequence: 100 + conditions: [] + name: 'NewRewrite' + actionSet: { + requestHeaderConfigurations: [ + { + headerName: 'Content-Type' + headerValue: 'JSON' + } + { + headerName: 'someheader' + } + ] + responseHeaderConfigurations: [] + } + } + ] + } + } + ] webApplicationFirewallConfiguration: { - disabledRuleGroups: [] enabled: true fileUploadLimitInMb: 100 firewallMode: 'Detection' @@ -395,6 +415,24 @@ module testDeployment '../../deploy.bicep' = { requestBodyCheck: true ruleSetType: 'OWASP' ruleSetVersion: '3.0' + disabledRuleGroups: [ + { + ruleGroupName: 'Known-CVEs' + } + { + ruleGroupName: 'REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION' + } + { + ruleGroupName: 'REQUEST-941-APPLICATION-ATTACK-XSS' + } + ] + exclusions: [ + { + matchVariable: 'RequestHeaderNames' + selectorMatchOperator: 'StartsWith' + selector: 'hola' + } + ] } } } diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index e9952e440d..c1a33ddbd5 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -297,7 +297,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } } ] - backendSettingsCollection: [] diagnosticEventHubAuthorizationRuleId: '' diagnosticEventHubName: '' diagnosticLogsRetentionInDays: 7 @@ -426,7 +425,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } } ] - listeners: [] lock: 'CanNotDelete' probes: [ { @@ -539,10 +537,40 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep redirectConfiguration: { id: '' } + rewriteRuleSet: { + id: '' + } ruleType: 'Basic' } } ] + rewriteRuleSets: [ + { + id: '' + name: 'customRewrite' + properties: { + rewriteRules: [ + { + actionSet: { + requestHeaderConfigurations: [ + { + headerName: 'Content-Type' + headerValue: 'JSON' + } + { + headerName: 'someheader' + } + ] + responseHeaderConfigurations: [] + } + conditions: [] + name: 'NewRewrite' + ruleSequence: 100 + } + ] + } + } + ] roleAssignments: [ { principalIds: [ @@ -552,7 +580,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep roleDefinitionIdOrName: 'Reader' } ] - routingRules: [] sku: 'WAF_v2' sslCertificates: [ { @@ -566,8 +593,25 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep '': {} } webApplicationFirewallConfiguration: { - disabledRuleGroups: [] + disabledRuleGroups: [ + { + ruleGroupName: 'Known-CVEs' + } + { + ruleGroupName: 'REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION' + } + { + ruleGroupName: 'REQUEST-941-APPLICATION-ATTACK-XSS' + } + ] enabled: true + exclusions: [ + { + matchVariable: 'RequestHeaderNames' + selector: 'hola' + selectorMatchOperator: 'StartsWith' + } + ] fileUploadLimitInMb: 100 firewallMode: 'Detection' maxRequestBodySizeInKb: 128 @@ -647,9 +691,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, - "backendSettingsCollection": { - "value": [] - }, "diagnosticEventHubAuthorizationRuleId": { "value": "" }, @@ -800,9 +841,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, - "listeners": { - "value": [] - }, "lock": { "value": "CanNotDelete" }, @@ -922,11 +960,43 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep "redirectConfiguration": { "id": "" }, + "rewriteRuleSet": { + "id": "" + }, "ruleType": "Basic" } } ] }, + "rewriteRuleSets": { + "value": [ + { + "id": "", + "name": "customRewrite", + "properties": { + "rewriteRules": [ + { + "actionSet": { + "requestHeaderConfigurations": [ + { + "headerName": "Content-Type", + "headerValue": "JSON" + }, + { + "headerName": "someheader" + } + ], + "responseHeaderConfigurations": [] + }, + "conditions": [], + "name": "NewRewrite", + "ruleSequence": 100 + } + ] + } + } + ] + }, "roleAssignments": { "value": [ { @@ -938,9 +1008,6 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep } ] }, - "routingRules": { - "value": [] - }, "sku": { "value": "WAF_v2" }, @@ -961,8 +1028,25 @@ module applicationGateways './Microsoft.Network/applicationGateways/deploy.bicep }, "webApplicationFirewallConfiguration": { "value": { - "disabledRuleGroups": [], + "disabledRuleGroups": [ + { + "ruleGroupName": "Known-CVEs" + }, + { + "ruleGroupName": "REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" + }, + { + "ruleGroupName": "REQUEST-941-APPLICATION-ATTACK-XSS" + } + ], "enabled": true, + "exclusions": [ + { + "matchVariable": "RequestHeaderNames", + "selector": "hola", + "selectorMatchOperator": "StartsWith" + } + ], "fileUploadLimitInMb": 100, "firewallMode": "Detection", "maxRequestBodySizeInKb": 128, From 14f5c488d0c188210c757e866e4eb5a1b0c88005 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 12 Feb 2023 09:02:42 +0100 Subject: [PATCH 16/16] Updated disk encryption's identity to user assigned as it will otherwise always fail on first run --- .../images/.test/common/dependencies.bicep | 30 +++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep index edb03b134a..c87e714368 100644 --- a/modules/Microsoft.Compute/images/.test/common/dependencies.bicep +++ b/modules/Microsoft.Compute/images/.test/common/dependencies.bicep @@ -172,11 +172,24 @@ resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = { } } -resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2021-04-01' = { +resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid('msi-${keyVault::key.id}-${location}-${managedIdentity.id}-Key-Reader-RoleAssignment') + scope: keyVault::key + properties: { + principalId: managedIdentity.properties.principalId + roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') // Key Vault Crypto User + principalType: 'ServicePrincipal' + } +} + +resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2022-07-02' = { name: diskEncryptionSetName location: location identity: { - type: 'SystemAssigned' + type: 'UserAssigned' + userAssignedIdentities: { + '${managedIdentity.id}': {} + } } properties: { activeKey: { @@ -187,16 +200,9 @@ resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2021-04-01' = { } encryptionType: 'EncryptionAtRestWithCustomerKey' } -} - -resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${keyVault.id}-${location}-${managedIdentity.id}-KeyVault-Key-Read-RoleAssignment') - scope: keyVault - properties: { - principalId: diskEncryptionSet.identity.principalId - roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'e147488a-f6f5-4113-8e2d-b22465e65bf6') // Key Vault Crypto Service Encryption User - principalType: 'ServicePrincipal' - } + dependsOn: [ + keyPermissions + ] } @description('The URI of the created VHD.')