From 5e48c1d10da5841309742cb8f00b29147eef6c18 Mon Sep 17 00:00:00 2001 From: Robbert Bonefaas Date: Wed, 19 Apr 2023 20:08:05 +0200 Subject: [PATCH 1/4] conditional nfsv3 --- modules/Microsoft.Storage/storageAccounts/deploy.bicep | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index beeecfb2d3..89c3092d21 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -251,7 +251,8 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { } identity: identity tags: tags - properties: { + properties: union( + { allowSharedKeyAccess: allowSharedKeyAccess defaultToOAuthAuthentication: defaultToOAuthAuthentication allowCrossTenantReplication: allowCrossTenantReplication @@ -308,7 +309,10 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { allowBlobPublicAccess: allowBlobPublicAccess publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null - } + }, + enableNfsV3 ? {isNfsV3Enabled: enableNfsV3} : {} + ) + } resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { From 1abc1fca73631359fd087a0353716c0ddc493b99 Mon Sep 17 00:00:00 2001 From: Robbert Bonefaas Date: Wed, 19 Apr 2023 20:26:37 +0200 Subject: [PATCH 2/4] format --- .../storageAccounts/deploy.bicep | 105 +++++++++--------- 1 file changed, 52 insertions(+), 53 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 89c3092d21..8a48923de4 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -253,64 +253,63 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { tags: tags properties: union( { - allowSharedKeyAccess: allowSharedKeyAccess - defaultToOAuthAuthentication: defaultToOAuthAuthentication - allowCrossTenantReplication: allowCrossTenantReplication - allowedCopyScope: !empty(allowedCopyScope) ? allowedCopyScope : null - customDomain: { - name: customDomainName - useSubDomainName: customDomainUseSubDomainName - } - dnsEndpointType: !empty(dnsEndpointType) ? dnsEndpointType : null - isLocalUserEnabled: isLocalUserEnabled - encryption: { - keySource: !empty(cMKKeyName) ? 'Microsoft.Keyvault' : 'Microsoft.Storage' - services: { - blob: supportsBlobService ? { - enabled: true + allowSharedKeyAccess: allowSharedKeyAccess + defaultToOAuthAuthentication: defaultToOAuthAuthentication + allowCrossTenantReplication: allowCrossTenantReplication + allowedCopyScope: !empty(allowedCopyScope) ? allowedCopyScope : null + customDomain: { + name: customDomainName + useSubDomainName: customDomainUseSubDomainName + } + dnsEndpointType: !empty(dnsEndpointType) ? dnsEndpointType : null + isLocalUserEnabled: isLocalUserEnabled + encryption: { + keySource: !empty(cMKKeyName) ? 'Microsoft.Keyvault' : 'Microsoft.Storage' + services: { + blob: supportsBlobService ? { + enabled: true + } : null + file: supportsFileService ? { + enabled: true + } : null + table: { + enabled: true + } + queue: { + enabled: true + } + } + requireInfrastructureEncryption: kind != 'Storage' ? requireInfrastructureEncryption : null + keyvaultproperties: !empty(cMKKeyName) ? { + keyname: cMKKeyName + keyvaulturi: keyVault.properties.vaultUri + keyversion: !empty(cMKKeyVersion) ? cMKKeyVersion : null } : null - file: supportsFileService ? { - enabled: true + identity: !empty(cMKKeyName) ? { + userAssignedIdentity: cMKUserAssignedIdentityResourceId } : null - table: { - enabled: true - } - queue: { - enabled: true - } } - requireInfrastructureEncryption: kind != 'Storage' ? requireInfrastructureEncryption : null - keyvaultproperties: !empty(cMKKeyName) ? { - keyname: cMKKeyName - keyvaulturi: keyVault.properties.vaultUri - keyversion: !empty(cMKKeyVersion) ? cMKKeyVersion : null + accessTier: kind != 'Storage' ? accessTier : null + sasPolicy: !empty(sasExpirationPeriod) ? { + expirationAction: 'Log' + sasExpirationPeriod: sasExpirationPeriod } : null - identity: !empty(cMKKeyName) ? { - userAssignedIdentity: cMKUserAssignedIdentityResourceId + supportsHttpsTrafficOnly: supportsHttpsTrafficOnly + isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null + isSftpEnabled: enableSftp + largeFileSharesState: (skuName == 'Standard_LRS') || (skuName == 'Standard_ZRS') ? largeFileSharesState : null + minimumTlsVersion: minimumTlsVersion + networkAcls: !empty(networkAcls) ? { + bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null + defaultAction: contains(networkAcls, 'defaultAction') ? networkAcls.defaultAction : null + virtualNetworkRules: contains(networkAcls, 'virtualNetworkRules') ? networkAcls.virtualNetworkRules : [] + ipRules: contains(networkAcls, 'ipRules') ? networkAcls.ipRules : [] } : null - } - accessTier: kind != 'Storage' ? accessTier : null - sasPolicy: !empty(sasExpirationPeriod) ? { - expirationAction: 'Log' - sasExpirationPeriod: sasExpirationPeriod - } : null - supportsHttpsTrafficOnly: supportsHttpsTrafficOnly - isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null - isSftpEnabled: enableSftp - isNfsV3Enabled: enableNfsV3 - largeFileSharesState: (skuName == 'Standard_LRS') || (skuName == 'Standard_ZRS') ? largeFileSharesState : null - minimumTlsVersion: minimumTlsVersion - networkAcls: !empty(networkAcls) ? { - bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null - defaultAction: contains(networkAcls, 'defaultAction') ? networkAcls.defaultAction : null - virtualNetworkRules: contains(networkAcls, 'virtualNetworkRules') ? networkAcls.virtualNetworkRules : [] - ipRules: contains(networkAcls, 'ipRules') ? networkAcls.ipRules : [] - } : null - allowBlobPublicAccess: allowBlobPublicAccess - publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) - azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null - }, - enableNfsV3 ? {isNfsV3Enabled: enableNfsV3} : {} + allowBlobPublicAccess: allowBlobPublicAccess + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) + azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null + }, + enableNfsV3 ? { isNfsV3Enabled: enableNfsV3 } : {} ) } From 580306ad767f97c10a14efd363eac34e4765f2f8 Mon Sep 17 00:00:00 2001 From: Robbert Bonefaas Date: Tue, 2 May 2023 09:29:48 +0200 Subject: [PATCH 3/4] making nfsv3 conditional the same as isHnsEnabled --- .../Microsoft.Storage/storageAccounts/deploy.bicep | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 8a48923de4..f5b7f4322e 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -251,8 +251,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { } identity: identity tags: tags - properties: union( - { + properties: { allowSharedKeyAccess: allowSharedKeyAccess defaultToOAuthAuthentication: defaultToOAuthAuthentication allowCrossTenantReplication: allowCrossTenantReplication @@ -297,6 +296,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { supportsHttpsTrafficOnly: supportsHttpsTrafficOnly isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null isSftpEnabled: enableSftp + isNfsV3Enabled: enableNfsV3 ? enableNfsV3 : null largeFileSharesState: (skuName == 'Standard_LRS') || (skuName == 'Standard_ZRS') ? largeFileSharesState : null minimumTlsVersion: minimumTlsVersion networkAcls: !empty(networkAcls) ? { @@ -308,11 +308,8 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { allowBlobPublicAccess: allowBlobPublicAccess publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null - }, - enableNfsV3 ? { isNfsV3Enabled: enableNfsV3 } : {} - ) - -} + } + } resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings' From b6048a41f9c0514172d9b0a9231027ea456b6c71 Mon Sep 17 00:00:00 2001 From: Robbert Bonefaas Date: Tue, 2 May 2023 09:30:51 +0200 Subject: [PATCH 4/4] format --- .../storageAccounts/deploy.bicep | 102 +++++++++--------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index f5b7f4322e..b25f4fde95 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -252,64 +252,64 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' = { identity: identity tags: tags properties: { - allowSharedKeyAccess: allowSharedKeyAccess - defaultToOAuthAuthentication: defaultToOAuthAuthentication - allowCrossTenantReplication: allowCrossTenantReplication - allowedCopyScope: !empty(allowedCopyScope) ? allowedCopyScope : null - customDomain: { - name: customDomainName - useSubDomainName: customDomainUseSubDomainName - } - dnsEndpointType: !empty(dnsEndpointType) ? dnsEndpointType : null - isLocalUserEnabled: isLocalUserEnabled - encryption: { - keySource: !empty(cMKKeyName) ? 'Microsoft.Keyvault' : 'Microsoft.Storage' - services: { - blob: supportsBlobService ? { - enabled: true - } : null - file: supportsFileService ? { - enabled: true - } : null - table: { - enabled: true - } - queue: { - enabled: true - } - } - requireInfrastructureEncryption: kind != 'Storage' ? requireInfrastructureEncryption : null - keyvaultproperties: !empty(cMKKeyName) ? { - keyname: cMKKeyName - keyvaulturi: keyVault.properties.vaultUri - keyversion: !empty(cMKKeyVersion) ? cMKKeyVersion : null + allowSharedKeyAccess: allowSharedKeyAccess + defaultToOAuthAuthentication: defaultToOAuthAuthentication + allowCrossTenantReplication: allowCrossTenantReplication + allowedCopyScope: !empty(allowedCopyScope) ? allowedCopyScope : null + customDomain: { + name: customDomainName + useSubDomainName: customDomainUseSubDomainName + } + dnsEndpointType: !empty(dnsEndpointType) ? dnsEndpointType : null + isLocalUserEnabled: isLocalUserEnabled + encryption: { + keySource: !empty(cMKKeyName) ? 'Microsoft.Keyvault' : 'Microsoft.Storage' + services: { + blob: supportsBlobService ? { + enabled: true } : null - identity: !empty(cMKKeyName) ? { - userAssignedIdentity: cMKUserAssignedIdentityResourceId + file: supportsFileService ? { + enabled: true } : null + table: { + enabled: true + } + queue: { + enabled: true + } } - accessTier: kind != 'Storage' ? accessTier : null - sasPolicy: !empty(sasExpirationPeriod) ? { - expirationAction: 'Log' - sasExpirationPeriod: sasExpirationPeriod + requireInfrastructureEncryption: kind != 'Storage' ? requireInfrastructureEncryption : null + keyvaultproperties: !empty(cMKKeyName) ? { + keyname: cMKKeyName + keyvaulturi: keyVault.properties.vaultUri + keyversion: !empty(cMKKeyVersion) ? cMKKeyVersion : null } : null - supportsHttpsTrafficOnly: supportsHttpsTrafficOnly - isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null - isSftpEnabled: enableSftp - isNfsV3Enabled: enableNfsV3 ? enableNfsV3 : null - largeFileSharesState: (skuName == 'Standard_LRS') || (skuName == 'Standard_ZRS') ? largeFileSharesState : null - minimumTlsVersion: minimumTlsVersion - networkAcls: !empty(networkAcls) ? { - bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null - defaultAction: contains(networkAcls, 'defaultAction') ? networkAcls.defaultAction : null - virtualNetworkRules: contains(networkAcls, 'virtualNetworkRules') ? networkAcls.virtualNetworkRules : [] - ipRules: contains(networkAcls, 'ipRules') ? networkAcls.ipRules : [] + identity: !empty(cMKKeyName) ? { + userAssignedIdentity: cMKUserAssignedIdentityResourceId } : null - allowBlobPublicAccess: allowBlobPublicAccess - publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) - azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null } + accessTier: kind != 'Storage' ? accessTier : null + sasPolicy: !empty(sasExpirationPeriod) ? { + expirationAction: 'Log' + sasExpirationPeriod: sasExpirationPeriod + } : null + supportsHttpsTrafficOnly: supportsHttpsTrafficOnly + isHnsEnabled: enableHierarchicalNamespace ? enableHierarchicalNamespace : null + isSftpEnabled: enableSftp + isNfsV3Enabled: enableNfsV3 ? enableNfsV3 : null + largeFileSharesState: (skuName == 'Standard_LRS') || (skuName == 'Standard_ZRS') ? largeFileSharesState : null + minimumTlsVersion: minimumTlsVersion + networkAcls: !empty(networkAcls) ? { + bypass: contains(networkAcls, 'bypass') ? networkAcls.bypass : null + defaultAction: contains(networkAcls, 'defaultAction') ? networkAcls.defaultAction : null + virtualNetworkRules: contains(networkAcls, 'virtualNetworkRules') ? networkAcls.virtualNetworkRules : [] + ipRules: contains(networkAcls, 'ipRules') ? networkAcls.ipRules : [] + } : null + allowBlobPublicAccess: allowBlobPublicAccess + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkAcls) ? 'Disabled' : null) + azureFilesIdentityBasedAuthentication: !empty(azureFilesIdentityBasedAuthentication) ? azureFilesIdentityBasedAuthentication : null } +} resource storageAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings'