From e9f8e8c55cc28ff105faedda77afef57daeb89a7 Mon Sep 17 00:00:00 2001 From: Praveen Potturi Date: Mon, 11 Sep 2023 18:08:48 +0100 Subject: [PATCH 1/2] Enable AAD authentication --- .../flexible-server/README.md | 57 ++--- .../flexible-server/administrator/README.md | 53 +++++ .../flexible-server/administrator/main.bicep | 65 ++++++ .../administrator/version.json | 7 + .../flexible-server/main.bicep | 48 +++- .../flexible-server/main.json | 221 ++++++++++++++++-- 6 files changed, 405 insertions(+), 46 deletions(-) create mode 100644 modules/db-for-postgre-sql/flexible-server/administrator/README.md create mode 100644 modules/db-for-postgre-sql/flexible-server/administrator/main.bicep create mode 100644 modules/db-for-postgre-sql/flexible-server/administrator/version.json diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md index 404f60141f..93d9c6bb02 100644 --- a/modules/db-for-postgre-sql/flexible-server/README.md +++ b/modules/db-for-postgre-sql/flexible-server/README.md @@ -17,6 +17,7 @@ This module deploys a DBforPostgreSQL Flexible Server. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DBforPostgreSQL/flexibleServers` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers) | +| `Microsoft.DBforPostgreSQL/flexibleServers/administrators` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/administrators) | | `Microsoft.DBforPostgreSQL/flexibleServers/configurations` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/configurations) | | `Microsoft.DBforPostgreSQL/flexibleServers/databases` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/databases) | | `Microsoft.DBforPostgreSQL/flexibleServers/firewallRules` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/firewallRules) | @@ -28,8 +29,6 @@ This module deploys a DBforPostgreSQL Flexible Server. | Parameter Name | Type | Allowed Values | Description | | :-- | :-- | :-- | :-- | -| `administratorLogin` | string | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | -| `administratorLoginPassword` | securestring | | The administrator login password. | | `name` | string | | The name of the PostgreSQL flexible server. | | `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | | `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | @@ -48,6 +47,10 @@ This module deploys a DBforPostgreSQL Flexible Server. | Parameter Name | Type | Default Value | Allowed Values | Description | | :-- | :-- | :-- | :-- | :-- | +| `activeDirectoryAuth` | string | `'Enabled'` | `[Disabled, Enabled]` | If Enabled, Azure Active Directory authentication is enabled. | +| `administratorLogin` | string | `''` | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | +| `administratorLoginPassword` | securestring | `''` | | The administrator login password. | +| `administrators` | array | `[]` | | The Azure AD administrators when AAD authentication enabled. | | `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. | | `backupRetentionDays` | int | `7` | | Backup retention days for the server. | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | @@ -70,10 +73,12 @@ This module deploys a DBforPostgreSQL Flexible Server. | `location` | string | `[resourceGroup().location]` | | Location for all resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | | `maintenanceWindow` | object | `{object}` | | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | +| `passwordAuth` | string | `'Disabled'` | `[Disabled, Enabled]` | If Enabled, password authentication is enabled. | | `privateDnsZoneArmResourceId` | string | `''` | | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `storageSizeGB` | int | `32` | `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. | | `tags` | object | `{object}` | | Tags of the resource. | +| `tenantId` | string | `''` | | Tenant id of the server. | | `version` | string | `'13'` | `[11, 12, 13, 14]` | PostgreSQL Server version. | @@ -384,12 +389,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsmin' params: { // Required parameters - administratorLogin: 'adminUserName' - administratorLoginPassword: '' name: 'dfpsfsmin001' skuName: 'Standard_B2s' tier: 'Burstable' // Non-required parameters + administratorLogin: 'adminUserName' + administratorLoginPassword: '' enableDefaultTelemetry: '' } } @@ -408,12 +413,6 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "administratorLogin": { - "value": "adminUserName" - }, - "administratorLoginPassword": { - "value": "" - }, "name": { "value": "dfpsfsmin001" }, @@ -424,6 +423,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "value": "Burstable" }, // Non-required parameters + "administratorLogin": { + "value": "adminUserName" + }, + "administratorLoginPassword": { + "value": "" + }, "enableDefaultTelemetry": { "value": "" } @@ -445,12 +450,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfspvt' params: { // Required parameters - administratorLogin: 'adminUserName' - administratorLoginPassword: '' name: 'dfpsfspvt001' skuName: 'Standard_D2s_v3' tier: 'GeneralPurpose' // Non-required parameters + administratorLogin: 'adminUserName' + administratorLoginPassword: '' configurations: [ { name: 'log_min_messages' @@ -503,12 +508,6 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "administratorLogin": { - "value": "adminUserName" - }, - "administratorLoginPassword": { - "value": "" - }, "name": { "value": "dfpsfspvt001" }, @@ -519,6 +518,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "value": "GeneralPurpose" }, // Non-required parameters + "administratorLogin": { + "value": "adminUserName" + }, + "administratorLoginPassword": { + "value": "" + }, "configurations": { "value": [ { @@ -594,12 +599,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsp' params: { // Required parameters - administratorLogin: 'adminUserName' - administratorLoginPassword: '' name: 'dfpsfsp001' skuName: 'Standard_D2s_v3' tier: 'GeneralPurpose' // Non-required parameters + administratorLogin: 'adminUserName' + administratorLoginPassword: '' availabilityZone: '1' backupRetentionDays: 20 cMKKeyName: '' @@ -674,12 +679,6 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "administratorLogin": { - "value": "adminUserName" - }, - "administratorLoginPassword": { - "value": "" - }, "name": { "value": "dfpsfsp001" }, @@ -690,6 +689,12 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { "value": "GeneralPurpose" }, // Non-required parameters + "administratorLogin": { + "value": "adminUserName" + }, + "administratorLoginPassword": { + "value": "" + }, "availabilityZone": { "value": "1" }, diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md new file mode 100644 index 0000000000..3ac6b792a3 --- /dev/null +++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md @@ -0,0 +1,53 @@ +# DBforPostgreSQL Flexible Server Administrators `[Microsoft.DBforPostgreSQL/flexibleServers/administrators]` + +This module deploys a DBforPostgreSQL Flexible Server Administrator. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.DBforPostgreSQL/flexibleServers/administrators` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/administrators) | + +## Parameters + +**Required parameters** + +| Parameter Name | Type | Allowed Values | Description | +| :-- | :-- | :-- | :-- | +| `objectId` | string | | The objectId of the Active Directory administrator. | +| `principalName` | string | | Active Directory administrator principal name. | +| `principalType` | string | `[Group, ServicePrincipal, Unknown, User]` | The principal type used to represent the type of Active Directory Administrator. | +| `tenantId` | string | | The tenantId of the Active Directory administrator. | + +**Conditional parameters** + +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| `location` | string | `[resourceGroup().location]` | Location for all resources. | + + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the deployed administrator. | +| `resourceGroupName` | string | The resource group of the deployed administrator. | +| `resourceId` | string | The resource ID of the deployed administrator. | + +## Cross-referenced modules + +_None_ diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep b/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep new file mode 100644 index 0000000000..cdca462ea8 --- /dev/null +++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep @@ -0,0 +1,65 @@ +metadata name = 'DBforPostgreSQL Flexible Server Administrators ' +metadata description = 'This module deploys a DBforPostgreSQL Flexible Server Administrator.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment.') +param flexibleServerName string + +@description('Required. The objectId of the Active Directory administrator.') +param objectId string + +@description('Required. Active Directory administrator principal name.') +param principalName string + +@allowed([ + 'Group' + 'ServicePrincipal' + 'Unknown' + 'User' +]) +@description('Required. The principal type used to represent the type of Active Directory Administrator.') +param principalType string + +@description('Required. The tenantId of the Active Directory administrator.') +param tenantId string + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' existing = { + name: flexibleServerName +} + +resource administrator 'Microsoft.DBforPostgreSQL/flexibleServers/administrators@2022-12-01' = { + name: objectId + parent: flexibleServer + properties: { + principalName: principalName + principalType: principalType + tenantId: tenantId + } +} + +@description('The name of the deployed administrator.') +output name string = administrator.name + +@description('The resource ID of the deployed administrator.') +output resourceId string = administrator.id + +@description('The resource group of the deployed administrator.') +output resourceGroupName string = resourceGroup().name diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/version.json b/modules/db-for-postgre-sql/flexible-server/administrator/version.json new file mode 100644 index 0000000000..7fa401bdf7 --- /dev/null +++ b/modules/db-for-postgre-sql/flexible-server/administrator/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} diff --git a/modules/db-for-postgre-sql/flexible-server/main.bicep b/modules/db-for-postgre-sql/flexible-server/main.bicep index ce8495ec2a..ee4aecd811 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/main.bicep @@ -5,12 +5,32 @@ metadata owner = 'Azure/module-maintainers' @description('Required. The name of the PostgreSQL flexible server.') param name string -@description('Required. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created.') -param administratorLogin string +@description('Optional. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created.') +param administratorLogin string = '' -@description('Required. The administrator login password.') +@description('Optional. The administrator login password.') @secure() -param administratorLoginPassword string +param administratorLoginPassword string = '' + +@allowed([ + 'Disabled' + 'Enabled' +]) +@description('Optional. If Enabled, Azure Active Directory authentication is enabled.') +param activeDirectoryAuth string = 'Enabled' + +@allowed([ + 'Disabled' + 'Enabled' +]) +@description('Optional. If Enabled, password authentication is enabled.') +param passwordAuth string = 'Disabled' + +@description('Optional. Tenant id of the server.') +param tenantId string = '' + +@description('Optional. The Azure AD administrators when AAD authentication enabled.') +param administrators array = [] @description('Optional. Location for all resources.') param location string = resourceGroup().location @@ -232,8 +252,13 @@ resource flexibleServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-12-01' = userAssignedIdentities: !empty(userAssignedIdentities) ? userAssignedIdentities : {} } properties: { - administratorLogin: administratorLogin - administratorLoginPassword: administratorLoginPassword + administratorLogin: !empty(administratorLogin) ? administratorLogin : null + administratorLoginPassword: !empty(administratorLoginPassword) ? administratorLoginPassword : null + authConfig: { + activeDirectoryAuth: activeDirectoryAuth + passwordAuth: passwordAuth + tenantId: !empty(tenantId) ? tenantId : null + } availabilityZone: availabilityZone backup: { backupRetentionDays: backupRetentionDays @@ -329,6 +354,17 @@ module flexibleServer_configurations 'configuration/main.bicep' = [for (configur ] }] +module flexibleServer_administrators 'administrator/main.bicep' = [for (administrator, index) in administrators: { + name: '${uniqueString(deployment().name, location)}-PostgreSQL-Administrators-${index}' + params: { + flexibleServerName: flexibleServer.name + objectId: administrator.objectId + principalName: administrator.principalName + principalType: administrator.principalType + tenantId: administrator.tenantId + } +}] + resource flexibleServer_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if ((!empty(diagnosticStorageAccountId)) || (!empty(diagnosticWorkspaceId)) || (!empty(diagnosticEventHubAuthorizationRuleId)) || (!empty(diagnosticEventHubName))) { name: !empty(diagnosticSettingsName) ? diagnosticSettingsName : '${name}-diagnosticSettings' properties: { diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index 64868b74c1..63bace9c7d 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1801764410852262795" + "version": "0.21.1.54444", + "templateHash": "13627047057909579503" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", @@ -20,14 +20,52 @@ }, "administratorLogin": { "type": "string", + "defaultValue": "", "metadata": { - "description": "Required. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created." + "description": "Optional. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created." } }, "administratorLoginPassword": { "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. The administrator login password." + } + }, + "activeDirectoryAuth": { + "type": "string", + "defaultValue": "Enabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. If Enabled, Azure Active Directory authentication is enabled." + } + }, + "passwordAuth": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], "metadata": { - "description": "Required. The administrator login password." + "description": "Optional. If Enabled, password authentication is enabled." + } + }, + "tenantId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Tenant id of the server." + } + }, + "administrators": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The Azure AD administrators when AAD authentication enabled." } }, "location": { @@ -388,8 +426,13 @@ "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), createObject())]" }, "properties": { - "administratorLogin": "[parameters('administratorLogin')]", - "administratorLoginPassword": "[parameters('administratorLoginPassword')]", + "administratorLogin": "[if(not(empty(parameters('administratorLogin'))), parameters('administratorLogin'), null())]", + "administratorLoginPassword": "[if(not(empty(parameters('administratorLoginPassword'))), parameters('administratorLoginPassword'), null())]", + "authConfig": { + "activeDirectoryAuth": "[parameters('activeDirectoryAuth')]", + "passwordAuth": "[parameters('passwordAuth')]", + "tenantId": "[if(not(empty(parameters('tenantId'))), parameters('tenantId'), null())]" + }, "availabilityZone": "[parameters('availabilityZone')]", "backup": { "backupRetentionDays": "[parameters('backupRetentionDays')]", @@ -477,8 +520,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11735622953674778447" + "version": "0.21.1.54444", + "templateHash": "4898014763123062752" } }, "parameters": { @@ -623,8 +666,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7432917940199201712" + "version": "0.21.1.54444", + "templateHash": "16660732763595780206" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", @@ -762,8 +805,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3071080362723739241" + "version": "0.21.1.54444", + "templateHash": "7935033505380784919" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", @@ -889,8 +932,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5586008567080780040" + "version": "0.21.1.54444", + "templateHash": "10954863077388190830" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", @@ -992,6 +1035,156 @@ "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", "flexibleServer_firewallRules" ] + }, + { + "copy": { + "name": "flexibleServer_administrators", + "count": "[length(parameters('administrators'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-Administrators-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "flexibleServerName": { + "value": "[parameters('name')]" + }, + "objectId": { + "value": "[parameters('administrators')[copyIndex()].objectId]" + }, + "principalName": { + "value": "[parameters('administrators')[copyIndex()].principalName]" + }, + "principalType": { + "value": "[parameters('administrators')[copyIndex()].principalType]" + }, + "tenantId": { + "value": "[parameters('administrators')[copyIndex()].tenantId]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "5950920282464628930" + }, + "name": "DBforPostgreSQL Flexible Server Administrators ", + "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } + }, + "objectId": { + "type": "string", + "metadata": { + "description": "Required. The objectId of the Active Directory administrator." + } + }, + "principalName": { + "type": "string", + "metadata": { + "description": "Required. Active Directory administrator principal name." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Group", + "ServicePrincipal", + "Unknown", + "User" + ], + "metadata": { + "description": "Required. The principal type used to represent the type of Active Directory Administrator." + } + }, + "tenantId": { + "type": "string", + "metadata": { + "description": "Required. The tenantId of the Active Directory administrator." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers/administrators", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('objectId'))]", + "properties": { + "principalName": "[parameters('principalName')]", + "principalType": "[parameters('principalType')]", + "tenantId": "[parameters('tenantId')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed administrator." + }, + "value": "[parameters('objectId')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed administrator." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/administrators', parameters('flexibleServerName'), parameters('objectId'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed administrator." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] } ], "outputs": { From 3139d068ce1b2acaf2cb4926c20a2b9a6add735c Mon Sep 17 00:00:00 2001 From: Praveen Potturi Date: Mon, 11 Sep 2023 23:11:33 +0100 Subject: [PATCH 2/2] Regenerated ARM and Readme --- .../flexible-server/administrator/README.md | 2 +- .../flexible-server/administrator/main.bicep | 2 +- .../flexible-server/administrator/main.json | 115 + .../flexible-server/main.json | 2334 ++++++++--------- 4 files changed, 1284 insertions(+), 1169 deletions(-) create mode 100644 modules/db-for-postgre-sql/flexible-server/administrator/main.json diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md index 3ac6b792a3..803bb1fa0e 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/README.md +++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md @@ -1,4 +1,4 @@ -# DBforPostgreSQL Flexible Server Administrators `[Microsoft.DBforPostgreSQL/flexibleServers/administrators]` +# DBforPostgreSQL Flexible Server Administrators `[Microsoft.DBforPostgreSQL/flexibleServers/administrators]` This module deploys a DBforPostgreSQL Flexible Server Administrator. diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep b/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep index cdca462ea8..8d94625866 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep +++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.bicep @@ -1,4 +1,4 @@ -metadata name = 'DBforPostgreSQL Flexible Server Administrators ' +metadata name = 'DBforPostgreSQL Flexible Server Administrators' metadata description = 'This module deploys a DBforPostgreSQL Flexible Server Administrator.' metadata owner = 'Azure/module-maintainers' diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.json b/modules/db-for-postgre-sql/flexible-server/administrator/main.json new file mode 100644 index 0000000000..a1f4cb6be6 --- /dev/null +++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.json @@ -0,0 +1,115 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "15603250169041540085" + }, + "name": "DBforPostgreSQL Flexible Server Administrators", + "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } + }, + "objectId": { + "type": "string", + "metadata": { + "description": "Required. The objectId of the Active Directory administrator." + } + }, + "principalName": { + "type": "string", + "metadata": { + "description": "Required. Active Directory administrator principal name." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Group", + "ServicePrincipal", + "Unknown", + "User" + ], + "metadata": { + "description": "Required. The principal type used to represent the type of Active Directory Administrator." + } + }, + "tenantId": { + "type": "string", + "metadata": { + "description": "Required. The tenantId of the Active Directory administrator." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers/administrators", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('objectId'))]", + "properties": { + "principalName": "[parameters('principalName')]", + "principalType": "[parameters('principalType')]", + "tenantId": "[parameters('tenantId')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed administrator." + }, + "value": "[parameters('objectId')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed administrator." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/administrators', parameters('flexibleServerName'), parameters('objectId'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed administrator." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index 72138103f9..7c78c5e4b5 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -1,1221 +1,1221 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13627047057909579503" - }, - "name": "DBforPostgreSQL Flexible Servers", - "description": "This module deploys a DBforPostgreSQL Flexible Server.", - "owner": "Azure/module-maintainers" + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "12855050974164502649" }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the PostgreSQL flexible server." - } - }, - "administratorLogin": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created." - } - }, - "administratorLoginPassword": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. The administrator login password." - } - }, - "activeDirectoryAuth": { - "type": "string", - "defaultValue": "Enabled", - "allowedValues": [ - "Disabled", - "Enabled" - ], - "metadata": { - "description": "Optional. If Enabled, Azure Active Directory authentication is enabled." - } - }, - "passwordAuth": { - "type": "string", - "defaultValue": "Disabled", - "allowedValues": [ - "Disabled", - "Enabled" - ], - "metadata": { - "description": "Optional. If Enabled, password authentication is enabled." - } - }, - "tenantId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Tenant id of the server." - } - }, - "administrators": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The Azure AD administrators when AAD authentication enabled." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "skuName": { - "type": "string", - "metadata": { - "description": "Required. The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3." - } - }, - "tier": { - "type": "string", - "allowedValues": [ - "GeneralPurpose", - "Burstable", - "MemoryOptimized" - ], - "metadata": { - "description": "Required. The tier of the particular SKU. Tier must align with the \"skuName\" property. Example, tier cannot be \"Burstable\" if skuName is \"Standard_D4s_v3\"." - } - }, - "availabilityZone": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "1", - "2", - "3" - ], - "metadata": { - "description": "Optional. Availability zone information of the server. Default will have no preference set." - } - }, - "backupRetentionDays": { - "type": "int", - "defaultValue": 7, - "minValue": 7, - "maxValue": 35, - "metadata": { - "description": "Optional. Backup retention days for the server." - } - }, - "geoRedundantBackup": { - "type": "string", - "defaultValue": "Disabled", - "allowedValues": [ - "Disabled", - "Enabled" - ], - "metadata": { - "description": "Optional. A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty." - } - }, - "storageSizeGB": { - "type": "int", - "defaultValue": 32, - "allowedValues": [ - 32, - 64, - 128, - 256, - 512, - 1024, - 2048, - 4096, - 8192, - 16384 - ], - "metadata": { - "description": "Optional. Max storage allowed for a server." - } + "name": "DBforPostgreSQL Flexible Servers", + "description": "This module deploys a DBforPostgreSQL Flexible Server.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the PostgreSQL flexible server." + } + }, + "administratorLogin": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The administrator login name of a server. Can only be specified when the PostgreSQL server is being created." + } + }, + "administratorLoginPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. The administrator login password." + } + }, + "activeDirectoryAuth": { + "type": "string", + "defaultValue": "Enabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. If Enabled, Azure Active Directory authentication is enabled." + } + }, + "passwordAuth": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. If Enabled, password authentication is enabled." + } + }, + "tenantId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Tenant id of the server." + } + }, + "administrators": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The Azure AD administrators when AAD authentication enabled." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "skuName": { + "type": "string", + "metadata": { + "description": "Required. The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3." + } + }, + "tier": { + "type": "string", + "allowedValues": [ + "GeneralPurpose", + "Burstable", + "MemoryOptimized" + ], + "metadata": { + "description": "Required. The tier of the particular SKU. Tier must align with the \"skuName\" property. Example, tier cannot be \"Burstable\" if skuName is \"Standard_D4s_v3\"." + } + }, + "availabilityZone": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "1", + "2", + "3" + ], + "metadata": { + "description": "Optional. Availability zone information of the server. Default will have no preference set." + } + }, + "backupRetentionDays": { + "type": "int", + "defaultValue": 7, + "minValue": 7, + "maxValue": 35, + "metadata": { + "description": "Optional. Backup retention days for the server." + } + }, + "geoRedundantBackup": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty." + } + }, + "storageSizeGB": { + "type": "int", + "defaultValue": 32, + "allowedValues": [ + 32, + 64, + 128, + 256, + 512, + 1024, + 2048, + 4096, + 8192, + 16384 + ], + "metadata": { + "description": "Optional. Max storage allowed for a server." + } + }, + "version": { + "type": "string", + "defaultValue": "15", + "allowedValues": [ + "11", + "12", + "13", + "14", + "15" + ], + "metadata": { + "description": "Optional. PostgreSQL Server version." + } + }, + "highAvailability": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "SameZone", + "ZoneRedundant" + ], + "metadata": { + "description": "Optional. The mode for high availability." + } + }, + "createMode": { + "type": "string", + "defaultValue": "Default", + "allowedValues": [ + "Create", + "Default", + "PointInTimeRestore", + "Update" + ], + "metadata": { + "description": "Optional. The mode to create a new PostgreSQL server." + } + }, + "userAssignedIdentities": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Conditional. The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty." + } + }, + "cMKKeyVaultResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty." + } + }, + "cMKKeyName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the customer managed key to use for encryption." + } + }, + "cMKKeyVersion": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used." + } + }, + "cMKUserAssignedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty." + } + }, + "maintenanceWindow": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Properties for the maintenence window. If provided, \"customWindow\" property must exist and set to \"Enabled\"." + } + }, + "pointInTimeUTC": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Required if \"createMode\" is set to \"PointInTimeRestore\"." + } + }, + "sourceServerResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Required if \"createMode\" is set to \"PointInTimeRestore\"." + } + }, + "delegatedSubnetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Delegated subnet arm resource ID. Used when the desired connectivity mode is \"Private Access\" - virtual network integration." + } + }, + "privateDnsZoneArmResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Private dns zone arm resource ID. Used when the desired connectivity mode is \"Private Access\" and required when \"delegatedSubnetResourceId\" is used. The Private DNS Zone must be lined to the Virtual Network referenced in \"delegatedSubnetResourceId\"." + } + }, + "firewallRules": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The firewall rules to create in the PostgreSQL flexible server." + } + }, + "databases": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The databases to create in the server." + } + }, + "configurations": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The configurations to create in the server." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "", + "allLogs", + "PostgreSQLLogs", + "PostgreSQLFlexSessions", + "PostgreSQLFlexQueryStoreRuntime", + "PostgreSQLFlexQueryStoreWaitStats", + "PostgreSQLFlexTableStats", + "PostgreSQLFlexDatabaseXacts" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), ''))))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), '')))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ], + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers", + "apiVersion": "2022-12-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('skuName')]", + "tier": "[parameters('tier')]" + }, + "identity": { + "type": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", + "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), createObject())]" + }, + "properties": { + "administratorLogin": "[if(not(empty(parameters('administratorLogin'))), parameters('administratorLogin'), null())]", + "administratorLoginPassword": "[if(not(empty(parameters('administratorLoginPassword'))), parameters('administratorLoginPassword'), null())]", + "authConfig": { + "activeDirectoryAuth": "[parameters('activeDirectoryAuth')]", + "passwordAuth": "[parameters('passwordAuth')]", + "tenantId": "[if(not(empty(parameters('tenantId'))), parameters('tenantId'), null())]" }, - "version": { - "type": "string", - "defaultValue": "15", - "allowedValues": [ - "11", - "12", - "13", - "14", - "15" - ], - "metadata": { - "description": "Optional. PostgreSQL Server version." - } + "availabilityZone": "[parameters('availabilityZone')]", + "backup": { + "backupRetentionDays": "[parameters('backupRetentionDays')]", + "geoRedundantBackup": "[parameters('geoRedundantBackup')]" }, + "createMode": "[parameters('createMode')]", + "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", "highAvailability": { - "type": "string", - "defaultValue": "Disabled", - "allowedValues": [ - "Disabled", - "SameZone", - "ZoneRedundant" - ], - "metadata": { - "description": "Optional. The mode for high availability." - } - }, - "createMode": { - "type": "string", - "defaultValue": "Default", - "allowedValues": [ - "Create", - "Default", - "PointInTimeRestore", - "Update" - ], - "metadata": { - "description": "Optional. The mode to create a new PostgreSQL server." - } - }, - "userAssignedIdentities": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Conditional. The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty." - } + "mode": "[parameters('highAvailability')]", + "standbyAvailabilityZone": "[if(equals(parameters('highAvailability'), 'SameZone'), parameters('availabilityZone'), null())]" }, - "cMKKeyVaultResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Conditional. The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty." - } - }, - "cMKKeyName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The name of the customer managed key to use for encryption." - } - }, - "cMKKeyVersion": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The version of the customer managed key to reference for encryption. If not provided, the latest key version is used." - } - }, - "cMKUserAssignedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Conditional. User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty." - } + "maintenanceWindow": "[if(not(empty(parameters('maintenanceWindow'))), createObject('customWindow', parameters('maintenanceWindow').customWindow, 'dayOfWeek', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').dayOfWeek, 0), 'startHour', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').startHour, 0), 'startMinute', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').startMinute, 0)), null())]", + "network": "[if(and(not(empty(parameters('delegatedSubnetResourceId'))), empty(parameters('firewallRules'))), createObject('delegatedSubnetResourceId', parameters('delegatedSubnetResourceId'), 'privateDnsZoneArmResourceId', parameters('privateDnsZoneArmResourceId')), null())]", + "pointInTimeUTC": "[if(equals(parameters('createMode'), 'PointInTimeRestore'), parameters('pointInTimeUTC'), null())]", + "sourceServerResourceId": "[if(equals(parameters('createMode'), 'PointInTimeRestore'), parameters('sourceServerResourceId'), null())]", + "storage": { + "storageSizeGB": "[parameters('storageSizeGB')]" }, - "maintenanceWindow": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Properties for the maintenence window. If provided, \"customWindow\" property must exist and set to \"Enabled\"." - } - }, - "pointInTimeUTC": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Conditional. Required if \"createMode\" is set to \"PointInTimeRestore\"." - } - }, - "sourceServerResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Conditional. Required if \"createMode\" is set to \"PointInTimeRestore\"." - } - }, - "delegatedSubnetResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Delegated subnet arm resource ID. Used when the desired connectivity mode is \"Private Access\" - virtual network integration." - } - }, - "privateDnsZoneArmResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Private dns zone arm resource ID. Used when the desired connectivity mode is \"Private Access\" and required when \"delegatedSubnetResourceId\" is used. The Private DNS Zone must be lined to the Virtual Network referenced in \"delegatedSubnetResourceId\"." - } + "version": "[parameters('version')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] + }, + { + "copy": { + "name": "flexibleServer_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "firewallRules": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The firewall rules to create in the PostgreSQL flexible server." - } + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + } }, - "databases": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The databases to create in the server." + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4898014763123062752" } - }, - "configurations": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The configurations to create in the server." + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } } - }, - "lock": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." + }, + "variables": { + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" } - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] + }, + { + "copy": { + "name": "flexibleServer_databases", + "count": "[length(parameters('databases'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-DB-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('databases')[copyIndex()].name]" + }, + "flexibleServerName": { + "value": "[parameters('name')]" + }, + "collation": "[if(contains(parameters('databases')[copyIndex()], 'collation'), createObject('value', parameters('databases')[copyIndex()].collation), createObject('value', ''))]", + "charset": "[if(contains(parameters('databases')[copyIndex()], 'charset'), createObject('value', parameters('databases')[copyIndex()].charset), createObject('value', ''))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "16660732763595780206" + }, + "name": "DBforPostgreSQL Flexible Server Databases", + "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the database." + } + }, + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } + }, + "collation": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The collation of the database." + } + }, + "charset": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The charset of the database." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } } - }, - "diagnosticStorageAccountId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account." - } - }, - "diagnosticWorkspaceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace." - } - }, - "diagnosticEventHubAuthorizationRuleId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "diagnosticEventHubName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." - } - }, - "diagnosticLogCategoriesToEnable": { - "type": "array", - "defaultValue": [ - "allLogs" - ], - "allowedValues": [ - "", - "allLogs", - "PostgreSQLLogs", - "PostgreSQLFlexSessions", - "PostgreSQLFlexQueryStoreRuntime", - "PostgreSQLFlexQueryStoreWaitStats", - "PostgreSQLFlexTableStats", - "PostgreSQLFlexDatabaseXacts" - ], - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "diagnosticMetricsToEnable": { - "type": "array", - "defaultValue": [ - "AllMetrics" - ], - "allowedValues": [ - "AllMetrics" - ], - "metadata": { - "description": "Optional. The name of metrics that will be streamed." - } - }, - "diagnosticSettingsName": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." - } - } - }, - "variables": { - "copy": [ + }, + "resources": [ { - "name": "diagnosticsLogsSpecified", - "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), ''))))))]", - "input": { - "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', and(not(equals(lambdaVariables('item'), 'allLogs')), not(equals(lambdaVariables('item'), '')))))[copyIndex('diagnosticsLogsSpecified')]]", - "enabled": true + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } + } }, { - "name": "diagnosticsMetrics", - "count": "[length(parameters('diagnosticMetricsToEnable'))]", - "input": { - "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", - "timeGrain": null, - "enabled": true - } + "type": "Microsoft.DBforPostgreSQL/flexibleServers/databases", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", + "properties": { + "collation": "[if(not(empty(parameters('collation'))), parameters('collation'), null())]", + "charset": "[if(not(empty(parameters('charset'))), parameters('charset'), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed database." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed database." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/databases', parameters('flexibleServerName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed database." + }, + "value": "[resourceGroup().name]" } - ], - "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), if(contains(parameters('diagnosticLogCategoriesToEnable'), ''), createArray(), variables('diagnosticsLogsSpecified')))]", - "enableReferencedModulesTelemetry": false + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { + { + "copy": { + "name": "flexibleServer_firewallRules", + "count": "[length(parameters('firewallRules'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-FirewallRules-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('firewallRules')[copyIndex()].name]" + }, + "flexibleServerName": { + "value": "[parameters('name')]" + }, + "startIpAddress": { + "value": "[parameters('firewallRules')[copyIndex()].startIpAddress]" + }, + "endIpAddress": { + "value": "[parameters('firewallRules')[copyIndex()].endIpAddress]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "7935033505380784919" + }, + "name": "DBforPostgreSQL Flexible Server Firewall Rules", + "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the PostgreSQL flexible server Firewall Rule." + } + }, + "startIpAddress": { + "type": "string", + "metadata": { + "description": "Required. The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses." + } + }, + "endIpAddress": { + "type": "string", + "metadata": { + "description": "Required. The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses." + } + }, + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { "mode": "Incremental", "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } + } + }, + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", + "properties": { + "endIpAddress": "[parameters('endIpAddress')]", + "startIpAddress": "[parameters('startIpAddress')]" + } } - }, - { - "type": "Microsoft.DBforPostgreSQL/flexibleServers", - "apiVersion": "2022-12-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "sku": { - "name": "[parameters('skuName')]", - "tier": "[parameters('tier')]" + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed firewall rule." + }, + "value": "[parameters('name')]" }, - "identity": { - "type": "[if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None')]", - "userAssignedIdentities": "[if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), createObject())]" + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed firewall rule." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/firewallRules', parameters('flexibleServerName'), parameters('name'))]" }, - "properties": { - "administratorLogin": "[if(not(empty(parameters('administratorLogin'))), parameters('administratorLogin'), null())]", - "administratorLoginPassword": "[if(not(empty(parameters('administratorLoginPassword'))), parameters('administratorLoginPassword'), null())]", - "authConfig": { - "activeDirectoryAuth": "[parameters('activeDirectoryAuth')]", - "passwordAuth": "[parameters('passwordAuth')]", - "tenantId": "[if(not(empty(parameters('tenantId'))), parameters('tenantId'), null())]" - }, - "availabilityZone": "[parameters('availabilityZone')]", - "backup": { - "backupRetentionDays": "[parameters('backupRetentionDays')]", - "geoRedundantBackup": "[parameters('geoRedundantBackup')]" - }, - "createMode": "[parameters('createMode')]", - "dataEncryption": "[if(not(empty(parameters('cMKKeyName'))), createObject('primaryKeyURI', if(not(empty(parameters('cMKKeyVersion'))), format('{0}/{1}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUri, parameters('cMKKeyVersion')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('cMKKeyVaultResourceId'), '/')[2], split(parameters('cMKKeyVaultResourceId'), '/')[4]), 'Microsoft.KeyVault/vaults/keys', split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[0], split(format('{0}/{1}', last(split(parameters('cMKKeyVaultResourceId'), '/')), parameters('cMKKeyName')), '/')[1]), '2022-07-01').keyUriWithVersion), 'primaryUserAssignedIdentityId', parameters('cMKUserAssignedIdentityResourceId'), 'type', 'AzureKeyVault'), null())]", - "highAvailability": { - "mode": "[parameters('highAvailability')]", - "standbyAvailabilityZone": "[if(equals(parameters('highAvailability'), 'SameZone'), parameters('availabilityZone'), null())]" - }, - "maintenanceWindow": "[if(not(empty(parameters('maintenanceWindow'))), createObject('customWindow', parameters('maintenanceWindow').customWindow, 'dayOfWeek', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').dayOfWeek, 0), 'startHour', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').startHour, 0), 'startMinute', if(equals(parameters('maintenanceWindow').customWindow, 'Enabled'), parameters('maintenanceWindow').startMinute, 0)), null())]", - "network": "[if(and(not(empty(parameters('delegatedSubnetResourceId'))), empty(parameters('firewallRules'))), createObject('delegatedSubnetResourceId', parameters('delegatedSubnetResourceId'), 'privateDnsZoneArmResourceId', parameters('privateDnsZoneArmResourceId')), null())]", - "pointInTimeUTC": "[if(equals(parameters('createMode'), 'PointInTimeRestore'), parameters('pointInTimeUTC'), null())]", - "sourceServerResourceId": "[if(equals(parameters('createMode'), 'PointInTimeRestore'), parameters('sourceServerResourceId'), null())]", - "storage": { - "storageSizeGB": "[parameters('storageSizeGB')]" - }, - "version": "[parameters('version')]" + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed firewall rule." + }, + "value": "[resourceGroup().name]" } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", + "flexibleServer_databases" + ] + }, + { + "copy": { + "name": "flexibleServer_configurations", + "count": "[length(parameters('configurations'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-Configurations-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - ] + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('configurations')[copyIndex()].name]" + }, + "flexibleServerName": { + "value": "[parameters('name')]" + }, + "source": "[if(contains(parameters('configurations')[copyIndex()], 'source'), createObject('value', parameters('configurations')[copyIndex()].source), createObject('value', ''))]", + "value": "[if(contains(parameters('configurations')[copyIndex()], 'value'), createObject('value', parameters('configurations')[copyIndex()].value), createObject('value', ''))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } }, - { - "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", - "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", - "properties": { - "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", - "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", - "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", - "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", - "metrics": "[variables('diagnosticsMetrics')]", - "logs": "[variables('diagnosticsLogs')]" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "10954863077388190830" }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - ] - }, - { - "copy": { - "name": "flexibleServer_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" + "name": "DBforPostgreSQL Flexible Server Configurations", + "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the configuration." + } }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PostgreSQL-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4898014763123062752" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - ] - }, - { - "copy": { - "name": "flexibleServer_databases", - "count": "[length(parameters('databases'))]" + "source": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Source of the configuration." + } }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PostgreSQL-DB-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('databases')[copyIndex()].name]" - }, - "flexibleServerName": { - "value": "[parameters('name')]" - }, - "collation": "[if(contains(parameters('databases')[copyIndex()], 'collation'), createObject('value', parameters('databases')[copyIndex()].collation), createObject('value', ''))]", - "charset": "[if(contains(parameters('databases')[copyIndex()], 'charset'), createObject('value', parameters('databases')[copyIndex()].charset), createObject('value', ''))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16660732763595780206" - }, - "name": "DBforPostgreSQL Flexible Server Databases", - "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the database." - } - }, - "flexibleServerName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." - } - }, - "collation": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The collation of the database." - } - }, - "charset": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The charset of the database." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.DBforPostgreSQL/flexibleServers/databases", - "apiVersion": "2022-12-01", - "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", - "properties": { - "collation": "[if(not(empty(parameters('collation'))), parameters('collation'), null())]", - "charset": "[if(not(empty(parameters('charset'))), parameters('charset'), null())]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployed database." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployed database." - }, - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/databases', parameters('flexibleServerName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group of the deployed database." - }, - "value": "[resourceGroup().name]" - } - } - } + "value": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Value of the configuration." + } }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - ] - }, - { - "copy": { - "name": "flexibleServer_firewallRules", - "count": "[length(parameters('firewallRules'))]" + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PostgreSQL-FirewallRules-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('firewallRules')[copyIndex()].name]" - }, - "flexibleServerName": { - "value": "[parameters('name')]" - }, - "startIpAddress": { - "value": "[parameters('firewallRules')[copyIndex()].startIpAddress]" - }, - "endIpAddress": { - "value": "[parameters('firewallRules')[copyIndex()].endIpAddress]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7935033505380784919" - }, - "name": "DBforPostgreSQL Flexible Server Firewall Rules", - "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the PostgreSQL flexible server Firewall Rule." - } - }, - "startIpAddress": { - "type": "string", - "metadata": { - "description": "Required. The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses." - } - }, - "endIpAddress": { - "type": "string", - "metadata": { - "description": "Required. The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses." - } - }, - "flexibleServerName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules", - "apiVersion": "2022-12-01", - "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", - "properties": { - "endIpAddress": "[parameters('endIpAddress')]", - "startIpAddress": "[parameters('startIpAddress')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployed firewall rule." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployed firewall rule." - }, - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/firewallRules', parameters('flexibleServerName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group of the deployed firewall rule." - }, - "value": "[resourceGroup().name]" - } - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } + } }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", - "flexibleServer_databases" - ] - }, - { - "copy": { - "name": "flexibleServer_configurations", - "count": "[length(parameters('configurations'))]" + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", + "properties": { + "source": "[if(not(empty(parameters('source'))), parameters('source'), null())]", + "value": "[if(not(empty(parameters('value'))), parameters('value'), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed configuration." + }, + "value": "[parameters('name')]" }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PostgreSQL-Configurations-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('configurations')[copyIndex()].name]" - }, - "flexibleServerName": { - "value": "[parameters('name')]" - }, - "source": "[if(contains(parameters('configurations')[copyIndex()], 'source'), createObject('value', parameters('configurations')[copyIndex()].source), createObject('value', ''))]", - "value": "[if(contains(parameters('configurations')[copyIndex()], 'value'), createObject('value', parameters('configurations')[copyIndex()].value), createObject('value', ''))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10954863077388190830" - }, - "name": "DBforPostgreSQL Flexible Server Configurations", - "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the configuration." - } - }, - "flexibleServerName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." - } - }, - "source": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Source of the configuration." - } - }, - "value": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Value of the configuration." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.DBforPostgreSQL/flexibleServers/configurations", - "apiVersion": "2022-12-01", - "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('name'))]", - "properties": { - "source": "[if(not(empty(parameters('source'))), parameters('source'), null())]", - "value": "[if(not(empty(parameters('value'))), parameters('value'), null())]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployed configuration." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployed configuration." - }, - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/configurations', parameters('flexibleServerName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group of the deployed configuration." - }, - "value": "[resourceGroup().name]" - } - } - } + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed configuration." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/configurations', parameters('flexibleServerName'), parameters('name'))]" }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", - "flexibleServer_firewallRules" - ] + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed configuration." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]", + "flexibleServer_firewallRules" + ] + }, + { + "copy": { + "name": "flexibleServer_administrators", + "count": "[length(parameters('administrators'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PostgreSQL-Administrators-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "flexibleServerName": { + "value": "[parameters('name')]" + }, + "objectId": { + "value": "[parameters('administrators')[copyIndex()].objectId]" + }, + "principalName": { + "value": "[parameters('administrators')[copyIndex()].principalName]" + }, + "principalType": { + "value": "[parameters('administrators')[copyIndex()].principalType]" + }, + "tenantId": { + "value": "[parameters('administrators')[copyIndex()].tenantId]" + } }, - { - "copy": { - "name": "flexibleServer_administrators", - "count": "[length(parameters('administrators'))]" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "5950920282464628930" }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PostgreSQL-Administrators-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, + "name": "DBforPostgreSQL Flexible Server Administrators ", + "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "flexibleServerName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." + } + }, + "objectId": { + "type": "string", + "metadata": { + "description": "Required. The objectId of the Active Directory administrator." + } + }, + "principalName": { + "type": "string", + "metadata": { + "description": "Required. Active Directory administrator principal name." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Group", + "ServicePrincipal", + "Unknown", + "User" + ], + "metadata": { + "description": "Required. The principal type used to represent the type of Active Directory Administrator." + } + }, + "tenantId": { + "type": "string", + "metadata": { + "description": "Required. The tenantId of the Active Directory administrator." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { "mode": "Incremental", - "parameters": { - "flexibleServerName": { - "value": "[parameters('name')]" - }, - "objectId": { - "value": "[parameters('administrators')[copyIndex()].objectId]" - }, - "principalName": { - "value": "[parameters('administrators')[copyIndex()].principalName]" - }, - "principalType": { - "value": "[parameters('administrators')[copyIndex()].principalType]" - }, - "tenantId": { - "value": "[parameters('administrators')[copyIndex()].tenantId]" - } - }, "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5950920282464628930" - }, - "name": "DBforPostgreSQL Flexible Server Administrators ", - "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "flexibleServerName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment." - } - }, - "objectId": { - "type": "string", - "metadata": { - "description": "Required. The objectId of the Active Directory administrator." - } - }, - "principalName": { - "type": "string", - "metadata": { - "description": "Required. Active Directory administrator principal name." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Group", - "ServicePrincipal", - "Unknown", - "User" - ], - "metadata": { - "description": "Required. The principal type used to represent the type of Active Directory Administrator." - } - }, - "tenantId": { - "type": "string", - "metadata": { - "description": "Required. The tenantId of the Active Directory administrator." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.DBforPostgreSQL/flexibleServers/administrators", - "apiVersion": "2022-12-01", - "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('objectId'))]", - "properties": { - "principalName": "[parameters('principalName')]", - "principalType": "[parameters('principalType')]", - "tenantId": "[parameters('tenantId')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployed administrator." - }, - "value": "[parameters('objectId')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployed administrator." - }, - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/administrators', parameters('flexibleServerName'), parameters('objectId'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group of the deployed administrator." - }, - "value": "[resourceGroup().name]" - } - } + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] } + } }, - "dependsOn": [ - "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - ] - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the deployed PostgreSQL Flexible server." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the deployed PostgreSQL Flexible server." + { + "type": "Microsoft.DBforPostgreSQL/flexibleServers/administrators", + "apiVersion": "2022-12-01", + "name": "[format('{0}/{1}', parameters('flexibleServerName'), parameters('objectId'))]", + "properties": { + "principalName": "[parameters('principalName')]", + "principalType": "[parameters('principalType')]", + "tenantId": "[parameters('tenantId')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed administrator." + }, + "value": "[parameters('objectId')]" }, - "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group of the deployed PostgreSQL Flexible server." + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed administrator." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers/administrators', parameters('flexibleServerName'), parameters('objectId'))]" }, - "value": "[resourceGroup().name]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name')), '2022-12-01', 'full').location]" + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed administrator." + }, + "value": "[resourceGroup().name]" + } + } } + }, + "dependsOn": [ + "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed PostgreSQL Flexible server." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed PostgreSQL Flexible server." + }, + "value": "[resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed PostgreSQL Flexible server." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name')), '2022-12-01', 'full').location]" } -} + } +} \ No newline at end of file