From 73bc02ccb4362a8fd530aa11aa347c804e77e745 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 22:33:25 +0200 Subject: [PATCH 1/7] Tested logic & added depth param --- .../authorization/role-definition/README.md | 200 +++++-- .../automation/automation-account/README.md | 384 ++++++++++--- modules/batch/batch-account/README.md | 348 +++++++++--- modules/cache/redis-enterprise/README.md | 431 -------------- modules/cache/redis-enterprise/main.json | 24 +- modules/cache/redis/README.md | 371 +++++++++--- modules/cdn/profile/README.md | 441 --------------- modules/cognitive-services/account/README.md | 535 ------------------ modules/cognitive-services/account/main.json | 20 +- modules/compute/availability-set/README.md | 192 ------- modules/compute/availability-set/main.json | 8 +- modules/compute/disk/README.md | 429 -------------- modules/compute/disk/main.json | 8 +- utilities/tools/Set-Module.ps1 | 38 +- 14 files changed, 1092 insertions(+), 2337 deletions(-) delete mode 100644 modules/cache/redis-enterprise/README.md delete mode 100644 modules/cdn/profile/README.md delete mode 100644 modules/cognitive-services/account/README.md delete mode 100644 modules/compute/availability-set/README.md delete mode 100644 modules/compute/disk/README.md diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md index 35163be1ba..ca8b5c2988 100644 --- a/modules/authorization/role-definition/README.md +++ b/modules/authorization/role-definition/README.md @@ -4,71 +4,43 @@ This module deploys a Role Definition at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleDefinitions` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `''` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | -| `subscriptionId` | string | `''` | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Definition. | -| `resourceId` | string | The resource ID of the Role Definition. | -| `scope` | string | The scope this Role Definition applies to. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgcom' params: { // Required parameters @@ -140,14 +112,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgmin' params: { // Required parameters @@ -195,14 +167,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgcom' params: { // Required parameters @@ -290,14 +262,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgmin' params: { // Required parameters @@ -345,14 +317,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubcom' params: { // Required parameters @@ -440,14 +412,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubmin' params: { // Required parameters @@ -500,6 +472,126 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Definition. | +| `resourceId` | string | The resource ID of the Role Definition. | +| `scope` | string | The scope this Role Definition applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 92619970e8..5124c0d274 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Automation Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -29,90 +29,27 @@ This module deploys an Azure Automation Account. | `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | | `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Automation Account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | Disable local authentication profile used within the resource. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the linked log analytics workspace. | -| `jobSchedules` | array | `[]` | | List of jobSchedules to be created in the automation account. | -| `linkedWorkspaceResourceId` | string | `''` | | ID of the log analytics workspace to be linked to the deployed automation account. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `modules` | array | `[]` | | List of modules to be created in the automation account. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `runbooks` | array | `[]` | | List of runbooks to be created in the automation account. | -| `schedules` | array | `[]` | | List of schedules to be created in the automation account. | -| `skuName` | string | `'Basic'` | `[Basic, Free]` | SKU name of the account. | -| `softwareUpdateConfigurations` | array | `[]` | | List of softwareUpdateConfigurations to be created in the automation account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Automation Account resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `variables` | array | `[]` | | List of variables to be created in the automation account. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed automation account. | -| `resourceGroupName` | string | The resource group of the deployed automation account. | -| `resourceId` | string | The resource ID of the deployed automation account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | -| `operational-insights/workspace/linked-service` | Local reference | -| `operations-management/solution` | Local reference | +## Usage examples -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/automation.automation-account:1.0.0`. + +- [Common](#example-1-common) +- [Encr](#example-2-encr) +- [Min](#example-3-min) + +### Example 1: _Common_
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aacom' params: { // Required parameters @@ -548,14 +485,14 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaencr' params: { // Required parameters @@ -613,14 +550,14 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Min_
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aamin' params: { // Required parameters @@ -657,3 +594,294 @@ module automationAccount './automation/automation-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disable local authentication profile used within the resource. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the linked log analytics workspace. | +| [`jobSchedules`](#parameter-jobschedules) | array | List of jobSchedules to be created in the automation account. | +| [`linkedWorkspaceResourceId`](#parameter-linkedworkspaceresourceid) | string | ID of the log analytics workspace to be linked to the deployed automation account. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`modules`](#parameter-modules) | array | List of modules to be created in the automation account. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`runbooks`](#parameter-runbooks) | array | List of runbooks to be created in the automation account. | +| [`schedules`](#parameter-schedules) | array | List of schedules to be created in the automation account. | +| [`skuName`](#parameter-skuname) | string | SKU name of the account. | +| [`softwareUpdateConfigurations`](#parameter-softwareupdateconfigurations) | array | List of softwareUpdateConfigurations to be created in the automation account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`variables`](#parameter-variables) | array | List of variables to be created in the automation account. | + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disable local authentication profile used within the resource. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gallerySolutions` + +List of gallerySolutions to be created in the linked log analytics workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `jobSchedules` + +List of jobSchedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedWorkspaceResourceId` + +ID of the log analytics workspace to be linked to the deployed automation account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `modules` + +List of modules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the Automation Account. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `runbooks` + +List of runbooks to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +List of schedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +SKU name of the account. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Free]` + +### Parameter: `softwareUpdateConfigurations` + +List of softwareUpdateConfigurations to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `variables` + +List of variables to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed automation account. | +| `resourceGroupName` | string | The resource group of the deployed automation account. | +| `resourceId` | string | The resource ID of the deployed automation account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | +| `modules/operational-insights/workspace/linked-service` | Local reference | +| `modules/operations-management/solution` | Local reference | diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index cf3dd26a6c..9b8fc31728 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -4,13 +4,13 @@ This module deploys a Batch Account. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,83 +21,27 @@ This module deploys a Batch Account. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Batch. | -| `storageAccountId` | string | The resource ID of the storage account to be used for auto-storage account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `keyVaultReferenceResourceId` | string | `''` | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedAuthenticationModes` | array | `[]` | `[AAD, SharedKey, TaskAuthenticationToken]` | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ServiceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkProfileAllowedIpRanges` | array | `[]` | | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `networkProfileDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `poolAllocationMode` | string | `'BatchService'` | `[BatchService, UserSubscription]` | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | -| `storageAccessIdentity` | string | `''` | | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | -| `storageAuthenticationMode` | string | `'StorageKeys'` | `[BatchAccountManagedIdentity, StorageKeys]` | The authentication mode which the Batch service will use to manage the auto-storage account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the batch account. | -| `resourceGroupName` | string | The resource group the batch account was deployed into. | -| `resourceId` | string | The resource ID of the batch account. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/batch.batch-account:1.0.0`. + +- [Common](#example-1-common) +- [Encr](#example-2-encr) +- [Min](#example-3-min) + +### Example 1: _Common_
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbacom' params: { // Required parameters @@ -239,14 +183,14 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbaencr' params: { // Required parameters @@ -362,14 +306,14 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Min_
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbamin' params: { // Required parameters @@ -410,3 +354,261 @@ module batchAccount './batch/batch-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Batch. | +| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account to be used for auto-storage account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`keyVaultReferenceResourceId`](#parameter-keyvaultreferenceresourceid) | string | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedAuthenticationModes`](#parameter-allowedauthenticationmodes) | array | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkProfileAllowedIpRanges`](#parameter-networkprofileallowedipranges) | array | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`networkProfileDefaultAction`](#parameter-networkprofiledefaultaction) | string | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`poolAllocationMode`](#parameter-poolallocationmode) | string | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | +| [`storageAccessIdentity`](#parameter-storageaccessidentity) | string | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | +| [`storageAuthenticationMode`](#parameter-storageauthenticationmode) | string | The authentication mode which the Batch service will use to manage the auto-storage account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `allowedAuthenticationModes` + +List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[AAD, SharedKey, TaskAuthenticationToken]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ServiceLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultReferenceResourceId` + +The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Batch. +- Required: Yes +- Type: string + +### Parameter: `networkProfileAllowedIpRanges` + +Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkProfileDefaultAction` + +The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `poolAllocationMode` + +The allocation mode for creating pools in the Batch account. Determines which quota will be used. +- Required: No +- Type: string +- Default: `'BatchService'` +- Allowed: `[BatchService, UserSubscription]` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `storageAccessIdentity` + +The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountId` + +The resource ID of the storage account to be used for auto-storage account. +- Required: Yes +- Type: string + +### Parameter: `storageAuthenticationMode` + +The authentication mode which the Batch service will use to manage the auto-storage account. +- Required: No +- Type: string +- Default: `'StorageKeys'` +- Allowed: `[BatchAccountManagedIdentity, StorageKeys]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the batch account. | +| `resourceGroupName` | string | The resource group the batch account was deployed into. | +| `resourceId` | string | The resource ID of the batch account. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md deleted file mode 100644 index 4421956599..0000000000 --- a/modules/cache/redis-enterprise/README.md +++ /dev/null @@ -1,431 +0,0 @@ -# Redis Cache Enterprise `[Microsoft.Cache/redisEnterprise]` - -This module deploys a Redis Cache Enterprise. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Cache/redisEnterprise` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/2022-01-01/redisEnterprise) | -| `Microsoft.Cache/redisEnterprise/databases` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/2022-01-01/redisEnterprise/databases) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis Cache Enterprise resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `2` | | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | -| `databases` | array | `[]` | | The databases to create in the Redis Cache Enterprise Cluster. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[]` | `['', audit, ConnectionEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Enterprise_E10'` | `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` | The type of Redis Enterprise Cluster to deploy. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `True` | | When true, the cluster will be deployed across availability zones. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the redis cache enterprise. | -| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | -| `resourceId` | string | The resource ID of the redis cache enterprise. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-crecom' - params: { - // Required parameters - name: 'crecom001' - // Non-required parameters - capacity: 2 - databases: [ - { - clusteringPolicy: 'EnterpriseCluster' - evictionPolicy: 'AllKeysLFU' - modules: [ - { - name: 'RedisBloom' - } - { - args: 'RETENTION_POLICY 20' - name: 'RedisTimeSeries' - } - ] - persistenceAofEnabled: true - persistenceAofFrequency: '1s' - persistenceRdbEnabled: false - port: 10000 - } - ] - diagnosticEventHubAuthorizationRuleId: '' - diagnosticEventHubName: '' - diagnosticSettingsName: 'redisdiagnostics' - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - enableDefaultTelemetry: '' - lock: 'CanNotDelete' - minimumTlsVersion: '1.2' - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - service: 'redisEnterprise' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - 'hidden-title': 'This is visible in the resource name' - resourceType: 'Redis Cache Enterprise' - } - zoneRedundant: true - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "crecom001" - }, - // Non-required parameters - "capacity": { - "value": 2 - }, - "databases": { - "value": [ - { - "clusteringPolicy": "EnterpriseCluster", - "evictionPolicy": "AllKeysLFU", - "modules": [ - { - "name": "RedisBloom" - }, - { - "args": "RETENTION_POLICY 20", - "name": "RedisTimeSeries" - } - ], - "persistenceAofEnabled": true, - "persistenceAofFrequency": "1s", - "persistenceRdbEnabled": false, - "port": 10000 - } - ] - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticSettingsName": { - "value": "redisdiagnostics" - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticWorkspaceId": { - "value": "" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "minimumTlsVersion": { - "value": "1.2" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, - "service": "redisEnterprise", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "hidden-title": "This is visible in the resource name", - "resourceType": "Redis Cache Enterprise" - } - }, - "zoneRedundant": { - "value": true - } - } -} -``` - -
-

- -

Example 2: Geo

- -
- -via Bicep module - -```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cregeo' - params: { - // Required parameters - name: '' - // Non-required parameters - capacity: 2 - databases: [ - { - clusteringPolicy: 'EnterpriseCluster' - evictionPolicy: 'NoEviction' - geoReplication: { - groupNickname: '' - linkedDatabases: [ - { - id: '' - } - { - id: '' - } - ] - } - modules: [ - { - name: 'RediSearch' - } - { - name: 'RedisJSON' - } - ] - persistenceAofEnabled: false - persistenceRdbEnabled: false - port: 10000 - } - ] - enableDefaultTelemetry: '' - tags: { - 'hidden-title': 'This is visible in the resource name' - resourceType: 'Redis Cache Enterprise' - } - zoneRedundant: true - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "" - }, - // Non-required parameters - "capacity": { - "value": 2 - }, - "databases": { - "value": [ - { - "clusteringPolicy": "EnterpriseCluster", - "evictionPolicy": "NoEviction", - "geoReplication": { - "groupNickname": "", - "linkedDatabases": [ - { - "id": "" - }, - { - "id": "" - } - ] - }, - "modules": [ - { - "name": "RediSearch" - }, - { - "name": "RedisJSON" - } - ], - "persistenceAofEnabled": false, - "persistenceRdbEnabled": false, - "port": 10000 - } - ] - }, - "enableDefaultTelemetry": { - "value": "" - }, - "tags": { - "value": { - "hidden-title": "This is visible in the resource name", - "resourceType": "Redis Cache Enterprise" - } - }, - "zoneRedundant": { - "value": true - } - } -} -``` - -
-

- -

Example 3: Min

- -
- -via Bicep module - -```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cremin' - params: { - // Required parameters - name: 'cremin001' - // Non-required parameters - enableDefaultTelemetry: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cremin001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - } - } -} -``` - -
-

diff --git a/modules/cache/redis-enterprise/main.json b/modules/cache/redis-enterprise/main.json index acdc3aa903..0dae10b9b6 100644 --- a/modules/cache/redis-enterprise/main.json +++ b/modules/cache/redis-enterprise/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8401793883308983497" + "version": "0.22.6.54827", + "templateHash": "15719841187562389936" }, "name": "Redis Cache Enterprise", "description": "This module deploys a Redis Cache Enterprise.", @@ -296,8 +296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2462654739530119148" + "version": "0.22.6.54827", + "templateHash": "12607572296541142934" } }, "parameters": { @@ -451,8 +451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", @@ -689,8 +689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -889,8 +889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1027,8 +1027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 721d612132..18fbab8afe 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -5,10 +5,10 @@ This module deploys a Redis Cache. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -22,85 +22,26 @@ This module deploys a Redis Cache. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis cache resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `1` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ConnectedClientList]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | -| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | -| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | -| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | -| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | -| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `True` | | When true, replicas will be provisioned in availability zones specified in the zones parameter. | -| `zones` | array | `[]` | | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Redis Cache. | -| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | -| `resourceId` | string | The resource ID of the Redis Cache. | -| `sslPort` | int | Redis SSL port. | -| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +## Usage examples -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis:1.0.0`. + +- [Common](#example-1-common) +- [Min](#example-2-min) + +### Example 1: _Common_
via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crcom' params: { // Required parameters @@ -252,14 +193,14 @@ module redis './cache/redis/main.bicep' = {

-

Example 2: Min

+### Example 2: _Min_
via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crmin' params: { // Required parameters @@ -298,6 +239,294 @@ module redis './cache/redis/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis cache resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableNonSslPort`](#parameter-enablenonsslport) | bool | Specifies whether the non-ssl Redis server port (6379) is enabled. | +| [`location`](#parameter-location) | string | The location to deploy the Redis cache service. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`redisConfiguration`](#parameter-redisconfiguration) | object | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | +| [`redisVersion`](#parameter-redisversion) | string | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | +| [`replicasPerMaster`](#parameter-replicaspermaster) | int | The number of replicas to be created per primary. | +| [`replicasPerPrimary`](#parameter-replicasperprimary) | int | The number of replicas to be created per primary. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`shardCount`](#parameter-shardcount) | int | The number of shards to be created on a Premium Cluster Cache. | +| [`skuName`](#parameter-skuname) | string | The type of Redis cache to deploy. | +| [`staticIP`](#parameter-staticip) | string | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | +| [`subnetId`](#parameter-subnetid) | string | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tenantSettings`](#parameter-tenantsettings) | object | A dictionary of tenant settings. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, replicas will be provisioned in availability zones specified in the zones parameter. | +| [`zones`](#parameter-zones) | array | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | + +### Parameter: `capacity` + +The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). +- Required: No +- Type: int +- Default: `1` +- Allowed: `[0, 1, 2, 3, 4, 5, 6]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ConnectedClientList]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableNonSslPort` + +Specifies whether the non-ssl Redis server port (6379) is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +The location to deploy the Redis cache service. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis cache resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `redisConfiguration` + +All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `redisVersion` + +Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). +- Required: No +- Type: string +- Default: `'6'` +- Allowed: `[4, 6]` + +### Parameter: `replicasPerMaster` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `replicasPerPrimary` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `shardCount` + +The number of shards to be created on a Premium Cluster Cache. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The type of Redis cache to deploy. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `staticIP` + +Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subnetId` + +The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tenantSettings` + +A dictionary of tenant settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, replicas will be provisioned in availability zones specified in the zones parameter. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `zones` + +If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Redis Cache. | +| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | +| `resourceId` | string | The resource ID of the Redis Cache. | +| `sslPort` | int | Redis SSL port. | +| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `redisConfiguration` diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md deleted file mode 100644 index e3f4d453f2..0000000000 --- a/modules/cdn/profile/README.md +++ /dev/null @@ -1,441 +0,0 @@ -# CDN Profiles `[Microsoft.Cdn/profiles]` - -This module deploys a CDN Profile. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Cdn/profiles` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles) | -| `Microsoft.Cdn/profiles/afdEndpoints` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/afdEndpoints) | -| `Microsoft.Cdn/profiles/afdEndpoints/routes` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/afdEndpoints/routes) | -| `Microsoft.Cdn/profiles/customDomains` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/customDomains) | -| `Microsoft.Cdn/profiles/endpoints` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2021-06-01/profiles/endpoints) | -| `Microsoft.Cdn/profiles/endpoints/origins` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2021-06-01/profiles/endpoints/origins) | -| `Microsoft.Cdn/profiles/originGroups` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/originGroups) | -| `Microsoft.Cdn/profiles/originGroups/origins` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/originGroups/origins) | -| `Microsoft.Cdn/profiles/ruleSets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets) | -| `Microsoft.Cdn/profiles/ruleSets/rules` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets/rules) | -| `Microsoft.Cdn/profiles/secrets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/secrets) | - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the CDN profile. | -| `sku` | string | `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `origionGroups` | array | Array of origin group objects. Required if the afdEndpoints is specified. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `afdEndpoints` | array | `[]` | | Array of AFD endpoint objects. | -| `customDomains` | array | `[]` | | Array of custom domain objects. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endpointName` | string | `''` | | Name of the endpoint under the profile which is unique globally. | -| `endpointProperties` | object | `{object}` | | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `originResponseTimeoutSeconds` | int | `60` | | Send and receive timeout on forwarding request to the origin. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ruleSets` | array | `[]` | | Array of rule set objects. | -| `secrets` | array | `[]` | | Array of secret objects. | -| `tags` | object | `{object}` | | Endpoint tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the CDN profile. | -| `profileType` | string | The type of the CDN profile. | -| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | -| `resourceId` | string | The resource ID of the CDN profile. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Afd

- -
- -via Bicep module - -```bicep -module profile './cdn/profile/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdnpafd' - params: { - // Required parameters - name: 'dep-test-cdnpafd' - sku: 'Standard_AzureFrontDoor' - // Non-required parameters - afdEndpoints: [ - { - name: 'dep-test-cdnpafd-afd-endpoint' - routes: [ - { - customDomainName: 'dep-test-cdnpafd-custom-domain' - name: 'dep-test-cdnpafd-afd-route' - originGroupName: 'dep-test-cdnpafd-origin-group' - ruleSets: [ - { - name: 'deptestcdnpafdruleset' - } - ] - } - ] - } - ] - customDomains: [ - { - certificateType: 'ManagedCertificate' - hostName: 'dep-test-cdnpafd-custom-domain.azurewebsites.net' - name: 'dep-test-cdnpafd-custom-domain' - } - ] - enableDefaultTelemetry: '' - location: 'global' - lock: 'CanNotDelete' - originResponseTimeoutSeconds: 60 - origionGroups: [ - { - loadBalancingSettings: { - additionalLatencyInMilliseconds: 50 - sampleSize: 4 - successfulSamplesRequired: 3 - } - name: 'dep-test-cdnpafd-origin-group' - origins: [ - { - hostName: 'dep-test-cdnpafd-origin.azurewebsites.net' - name: 'dep-test-cdnpafd-origin' - } - ] - } - ] - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - ruleSets: [ - { - name: 'deptestcdnpafdruleset' - rules: [ - { - actions: [ - { - name: 'UrlRedirect' - parameters: { - customHostname: 'dev-etradefd.trade.azure.defra.cloud' - customPath: '/test123' - destinationProtocol: 'Https' - redirectType: 'PermanentRedirect' - typeName: 'DeliveryRuleUrlRedirectActionParameters' - } - } - ] - name: 'deptestcdnpafdrule' - order: 1 - } - ] - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "dep-test-cdnpafd" - }, - "sku": { - "value": "Standard_AzureFrontDoor" - }, - // Non-required parameters - "afdEndpoints": { - "value": [ - { - "name": "dep-test-cdnpafd-afd-endpoint", - "routes": [ - { - "customDomainName": "dep-test-cdnpafd-custom-domain", - "name": "dep-test-cdnpafd-afd-route", - "originGroupName": "dep-test-cdnpafd-origin-group", - "ruleSets": [ - { - "name": "deptestcdnpafdruleset" - } - ] - } - ] - } - ] - }, - "customDomains": { - "value": [ - { - "certificateType": "ManagedCertificate", - "hostName": "dep-test-cdnpafd-custom-domain.azurewebsites.net", - "name": "dep-test-cdnpafd-custom-domain" - } - ] - }, - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "global" - }, - "lock": { - "value": "CanNotDelete" - }, - "originResponseTimeoutSeconds": { - "value": 60 - }, - "origionGroups": { - "value": [ - { - "loadBalancingSettings": { - "additionalLatencyInMilliseconds": 50, - "sampleSize": 4, - "successfulSamplesRequired": 3 - }, - "name": "dep-test-cdnpafd-origin-group", - "origins": [ - { - "hostName": "dep-test-cdnpafd-origin.azurewebsites.net", - "name": "dep-test-cdnpafd-origin" - } - ] - } - ] - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "ruleSets": { - "value": [ - { - "name": "deptestcdnpafdruleset", - "rules": [ - { - "actions": [ - { - "name": "UrlRedirect", - "parameters": { - "customHostname": "dev-etradefd.trade.azure.defra.cloud", - "customPath": "/test123", - "destinationProtocol": "Https", - "redirectType": "PermanentRedirect", - "typeName": "DeliveryRuleUrlRedirectActionParameters" - } - } - ], - "name": "deptestcdnpafdrule", - "order": 1 - } - ] - } - ] - } - } -} -``` - -
-

- -

Example 2: Common

- -
- -via Bicep module - -```bicep -module profile './cdn/profile/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdnpcom' - params: { - // Required parameters - name: 'dep-test-cdnpcom' - sku: 'Standard_Verizon' - // Non-required parameters - enableDefaultTelemetry: '' - endpointProperties: { - contentTypesToCompress: [ - 'application/javascript' - 'application/json' - 'application/x-javascript' - 'application/xml' - 'text/css' - 'text/html' - 'text/javascript' - 'text/plain' - ] - geoFilters: [] - isCompressionEnabled: true - isHttpAllowed: true - isHttpsAllowed: true - originGroups: [] - originHostHeader: '' - origins: [ - { - name: 'dep-cdn-endpoint01' - properties: { - enabled: true - hostName: '' - httpPort: 80 - httpsPort: 443 - } - } - ] - queryStringCachingBehavior: 'IgnoreQueryString' - } - location: '' - lock: 'CanNotDelete' - originResponseTimeoutSeconds: 60 - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "dep-test-cdnpcom" - }, - "sku": { - "value": "Standard_Verizon" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "endpointProperties": { - "value": { - "contentTypesToCompress": [ - "application/javascript", - "application/json", - "application/x-javascript", - "application/xml", - "text/css", - "text/html", - "text/javascript", - "text/plain" - ], - "geoFilters": [], - "isCompressionEnabled": true, - "isHttpAllowed": true, - "isHttpsAllowed": true, - "originGroups": [], - "originHostHeader": "", - "origins": [ - { - "name": "dep-cdn-endpoint01", - "properties": { - "enabled": true, - "hostName": "", - "httpPort": 80, - "httpsPort": 443 - } - } - ], - "queryStringCachingBehavior": "IgnoreQueryString" - } - }, - "location": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "originResponseTimeoutSeconds": { - "value": 60 - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - } - } -} -``` - -
-

diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md deleted file mode 100644 index 93f229c9e9..0000000000 --- a/modules/cognitive-services/account/README.md +++ /dev/null @@ -1,535 +0,0 @@ -# Cognitive Services `[Microsoft.CognitiveServices/accounts]` - -This module deploys a Cognitive Service. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -- [Notes](#Notes) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.CognitiveServices/accounts` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2022-12-01/accounts) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `kind` | string | `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | -| `name` | string | | The name of Cognitive Services account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | -| `customSubDomainName` | string | `''` | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedFqdnList` | array | `[]` | | List of allowed FQDN. | -| `apiProperties` | object | `{object}` | | The API properties for special APIs. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, latest is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, RequestResponse]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | Allow only Azure AD authentication. Should be enabled for security reasons. | -| `dynamicThrottlingEnabled` | bool | `False` | | The flag to enable dynamic throttling. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `migrationToken` | string | `''` | | Resource migration token. | -| `networkAcls` | object | `{object}` | | A collection of rules governing the accessibility from specific network locations. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | -| `restore` | bool | `False` | | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. | -| `restrictOutboundNetworkAccess` | bool | `True` | | Restrict outbound network access. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'S0'` | `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]` | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userOwnedStorage` | array | `[]` | | The storage accounts for this resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `endpoint` | string | The service endpoint of the cognitive services account. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the cognitive services account. | -| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. | -| `resourceId` | string | The resource ID of the cognitive services account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module account './cognitive-services/account/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-csacom' - params: { - // Required parameters - kind: 'Face' - name: 'csacom001' - // Non-required parameters - customSubDomainName: 'xdomain' - diagnosticEventHubAuthorizationRuleId: '' - diagnosticEventHubName: '' - diagnosticStorageAccountId: '' - diagnosticWorkspaceId: '' - enableDefaultTelemetry: '' - lock: 'CanNotDelete' - networkAcls: { - defaultAction: 'Deny' - ipRules: [ - { - value: '40.74.28.0/23' - } - ] - virtualNetworkRules: [ - { - id: '' - ignoreMissingVnetServiceEndpoint: false - } - ] - } - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - service: 'account' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - sku: 'S0' - systemAssignedIdentity: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - userAssignedIdentities: { - '': {} - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "kind": { - "value": "Face" - }, - "name": { - "value": "csacom001" - }, - // Non-required parameters - "customSubDomainName": { - "value": "xdomain" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "" - }, - "diagnosticEventHubName": { - "value": "" - }, - "diagnosticStorageAccountId": { - "value": "" - }, - "diagnosticWorkspaceId": { - "value": "" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "networkAcls": { - "value": { - "defaultAction": "Deny", - "ipRules": [ - { - "value": "40.74.28.0/23" - } - ], - "virtualNetworkRules": [ - { - "id": "", - "ignoreMissingVnetServiceEndpoint": false - } - ] - } - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, - "service": "account", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "sku": { - "value": "S0" - }, - "systemAssignedIdentity": { - "value": true - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - "userAssignedIdentities": { - "value": { - "": {} - } - } - } -} -``` - -
-

- -

Example 2: Encr

- -
- -via Bicep module - -```bicep -module account './cognitive-services/account/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-csaencr' - params: { - // Required parameters - kind: 'SpeechServices' - name: 'csaencr001' - // Non-required parameters - cMKKeyName: '' - cMKKeyVaultResourceId: '' - cMKUserAssignedIdentityResourceId: '' - enableDefaultTelemetry: '' - publicNetworkAccess: 'Enabled' - restrictOutboundNetworkAccess: false - sku: 'S0' - userAssignedIdentities: { - '': {} - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "kind": { - "value": "SpeechServices" - }, - "name": { - "value": "csaencr001" - }, - // Non-required parameters - "cMKKeyName": { - "value": "" - }, - "cMKKeyVaultResourceId": { - "value": "" - }, - "cMKUserAssignedIdentityResourceId": { - "value": "" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "publicNetworkAccess": { - "value": "Enabled" - }, - "restrictOutboundNetworkAccess": { - "value": false - }, - "sku": { - "value": "S0" - }, - "userAssignedIdentities": { - "value": { - "": {} - } - } - } -} -``` - -
-

- -

Example 3: Min

- -
- -via Bicep module - -```bicep -module account './cognitive-services/account/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-csamin' - params: { - // Required parameters - kind: 'SpeechServices' - name: 'csamin001' - // Non-required parameters - enableDefaultTelemetry: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "kind": { - "value": "SpeechServices" - }, - "name": { - "value": "csamin001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - } - } -} -``` - -
-

- -

Example 4: Speech

- -
- -via Bicep module - -```bicep -module account './cognitive-services/account/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-csaspeech' - params: { - // Required parameters - kind: 'SpeechServices' - name: 'csaspeech001' - // Non-required parameters - customSubDomainName: 'speechdomain' - enableDefaultTelemetry: '' - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '' - ] - } - service: 'account' - subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - ] - sku: 'S0' - systemAssignedIdentity: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - userAssignedIdentities: { - '': {} - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "kind": { - "value": "SpeechServices" - }, - "name": { - "value": "csaspeech001" - }, - // Non-required parameters - "customSubDomainName": { - "value": "speechdomain" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "" - ] - }, - "service": "account", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - ] - }, - "sku": { - "value": "S0" - }, - "systemAssignedIdentity": { - "value": true - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - "userAssignedIdentities": { - "value": { - "": {} - } - } - } -} -``` - -
-

- - -## Notes - -Not all combinations of parameters `kind` and `SKU` are valid and they may vary in different Azure Regions. Please use PowerShell cmdlet `Get-AzCognitiveServicesAccountSku` or another methods to determine valid values in your region. diff --git a/modules/cognitive-services/account/main.json b/modules/cognitive-services/account/main.json index bf739e9b56..cbee7b00f2 100644 --- a/modules/cognitive-services/account/main.json +++ b/modules/cognitive-services/account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11205324681033433198" + "version": "0.22.6.54827", + "templateHash": "13442875800072342008" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", @@ -452,8 +452,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -652,8 +652,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -790,8 +790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1004,8 +1004,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8402203115964616978" + "version": "0.22.6.54827", + "templateHash": "2121072685211673304" } }, "parameters": { diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md deleted file mode 100644 index 795e47aef4..0000000000 --- a/modules/compute/availability-set/README.md +++ /dev/null @@ -1,192 +0,0 @@ -# Availability Sets `[Microsoft.Compute/availabilitySets]` - -This module deploys an Availability Set. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Compute/availabilitySets` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/availabilitySets) | - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the availability set that is being created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `platformFaultDomainCount` | int | `2` | | The number of fault domains to use. | -| `platformUpdateDomainCount` | int | `5` | | The number of update domains to use. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Aligned'` | | SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the availability set. | -| `resourceGroupName` | string | The resource group the availability set was deployed into. | -| `resourceId` | string | The resource ID of the availability set. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module availabilitySet './compute/availability-set/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cascom' - params: { - // Required parameters - name: 'cascom001' - // Non-required parameters - enableDefaultTelemetry: '' - lock: 'CanNotDelete' - proximityPlacementGroupResourceId: '' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cascom001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "proximityPlacementGroupResourceId": { - "value": "" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -

Example 2: Min

- -
- -via Bicep module - -```bicep -module availabilitySet './compute/availability-set/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-casmin' - params: { - // Required parameters - name: 'casmin001' - // Non-required parameters - enableDefaultTelemetry: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "casmin001" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - } - } -} -``` - -
-

diff --git a/modules/compute/availability-set/main.json b/modules/compute/availability-set/main.json index 0f7753fa37..19bcaa1b81 100644 --- a/modules/compute/availability-set/main.json +++ b/modules/compute/availability-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5171259001608994511" + "version": "0.22.6.54827", + "templateHash": "9507883477012630410" }, "name": "Availability Sets", "description": "This module deploys an Availability Set.", @@ -165,8 +165,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12543587259073888483" + "version": "0.22.6.54827", + "templateHash": "5622639352313082546" } }, "parameters": { diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md deleted file mode 100644 index 1c03c30837..0000000000 --- a/modules/compute/disk/README.md +++ /dev/null @@ -1,429 +0,0 @@ -# Compute Disks `[Microsoft.Compute/disks]` - -This module deploys a Compute Disk - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Compute/disks` | [2022-07-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-07-02/disks) | - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the disk that is being created. | -| `sku` | string | `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]` | The disks sku name. Can be . | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `diskSizeGB` | int | `0` | The size of the disk to create. Required if create option is Empty. | -| `storageAccountId` | string | `''` | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `acceleratedNetwork` | bool | `False` | | True if the image from which the OS disk is created supports accelerated networking. | -| `architecture` | string | `''` | `['', Arm64, x64]` | CPU architecture supported by an OS disk. | -| `burstingEnabled` | bool | `False` | | Set to true to enable bursting beyond the provisioned performance target of the disk. | -| `completionPercent` | int | `100` | | Percentage complete for the background copy when a resource is created via the CopyStart operation. | -| `createOption` | string | `'Empty'` | `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]` | Sources of a disk creation. | -| `diskIOPSReadWrite` | int | `0` | | The number of IOPS allowed for this disk; only settable for UltraSSD disks. | -| `diskMBpsReadWrite` | int | `0` | | The bandwidth allowed for this disk; only settable for UltraSSD disks. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hyperVGeneration` | string | `'V2'` | `[V1, V2]` | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | -| `imageReferenceId` | string | `''` | | A relative uri containing either a Platform Image Repository or user image reference. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logicalSectorSize` | int | `4096` | | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. | -| `maxShares` | int | `1` | | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. | -| `networkAccessPolicy` | string | `'DenyAll'` | `[AllowAll, AllowPrivate, DenyAll]` | Policy for accessing the disk via network. | -| `optimizedForFrequentAttach` | bool | `False` | | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | -| `osType` | string | `''` | `['', Linux, Windows]` | Sources of a disk creation. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Policy for controlling export on the disk. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityDataUri` | string | `''` | | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. | -| `sourceResourceId` | string | `''` | | If create option is Copy, this is the ARM ID of the source snapshot or disk. | -| `sourceUri` | string | `''` | | If create option is Import, this is the URI of a blob to be imported into a managed disk. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | -| `uploadSizeBytes` | int | `20972032` | | If create option is Upload, this is the size of the contents of the upload including the VHD footer. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the disk. | -| `resourceGroupName` | string | The resource group the disk was deployed into. | -| `resourceId` | string | The resource ID of the disk. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

- -
- -via Bicep module - -```bicep -module disk './compute/disk/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdcom' - params: { - // Required parameters - name: 'cdcom001' - sku: 'UltraSSD_LRS' - // Non-required parameters - diskIOPSReadWrite: 500 - diskMBpsReadWrite: 60 - diskSizeGB: 128 - enableDefaultTelemetry: '' - lock: 'CanNotDelete' - logicalSectorSize: 512 - osType: 'Windows' - publicNetworkAccess: 'Enabled' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cdcom001" - }, - "sku": { - "value": "UltraSSD_LRS" - }, - // Non-required parameters - "diskIOPSReadWrite": { - "value": 500 - }, - "diskMBpsReadWrite": { - "value": 60 - }, - "diskSizeGB": { - "value": 128 - }, - "enableDefaultTelemetry": { - "value": "" - }, - "lock": { - "value": "CanNotDelete" - }, - "logicalSectorSize": { - "value": 512 - }, - "osType": { - "value": "Windows" - }, - "publicNetworkAccess": { - "value": "Enabled" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -

Example 2: Image

- -
- -via Bicep module - -```bicep -module disk './compute/disk/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdimg' - params: { - // Required parameters - name: 'cdimg001' - sku: 'Standard_LRS' - // Non-required parameters - createOption: 'FromImage' - enableDefaultTelemetry: '' - imageReferenceId: '' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cdimg001" - }, - "sku": { - "value": "Standard_LRS" - }, - // Non-required parameters - "createOption": { - "value": "FromImage" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "imageReferenceId": { - "value": "" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -

Example 3: Import

- -
- -via Bicep module - -```bicep -module disk './compute/disk/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdimp' - params: { - // Required parameters - name: 'cdimp001' - sku: 'Standard_LRS' - // Non-required parameters - createOption: 'Import' - enableDefaultTelemetry: '' - roleAssignments: [ - { - principalIds: [ - '' - ] - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] - sourceUri: '' - storageAccountId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cdimp001" - }, - "sku": { - "value": "Standard_LRS" - }, - // Non-required parameters - "createOption": { - "value": "Import" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "roleAssignments": { - "value": [ - { - "principalIds": [ - "" - ], - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "sourceUri": { - "value": "" - }, - "storageAccountId": { - "value": "" - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - } -} -``` - -
-

- -

Example 4: Min

- -
- -via Bicep module - -```bicep -module disk './compute/disk/main.bicep' = { - name: '${uniqueString(deployment().name, location)}-test-cdmin' - params: { - // Required parameters - name: 'cdmin001' - sku: 'Standard_LRS' - // Non-required parameters - diskSizeGB: 1 - enableDefaultTelemetry: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "cdmin001" - }, - "sku": { - "value": "Standard_LRS" - }, - // Non-required parameters - "diskSizeGB": { - "value": 1 - }, - "enableDefaultTelemetry": { - "value": "" - } - } -} -``` - -
-

diff --git a/modules/compute/disk/main.json b/modules/compute/disk/main.json index 39c388e7bf..84ea41a567 100644 --- a/modules/compute/disk/main.json +++ b/modules/compute/disk/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5862388830070369227" + "version": "0.22.6.54827", + "templateHash": "12764361220335313353" }, "name": "Compute Disks", "description": "This module deploys a Compute Disk", @@ -353,8 +353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15033488944608271524" + "version": "0.22.6.54827", + "templateHash": "9743538331774034121" } }, "parameters": { diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index cd451ad8e0..1bf0f83ee4 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -67,7 +67,10 @@ function Set-Module { [switch] $SkipFileAndFolderSetup, [Parameter(Mandatory = $false)] - [int] $ThrottleLimit = 5 + [int] $ThrottleLimit = 5, + + [Parameter(Mandatory = $false)] + [int] $Depth ) # # Load helper scripts @@ -83,7 +86,16 @@ function Set-Module { # } if ($Recurse) { - $relevantTemplatePaths = (Get-ChildItem -Path $resolvedPath -Recurse -File -Filter 'main.bicep').FullName + $childInput = @{ + Path = $resolvedPath + Recurse = $Recurse + File = $true + Filter = 'main.bicep' + } + if ($Depth) { + $childInput.Depth = $Depth + } + $relevantTemplatePaths = (Get-ChildItem @childInput).FullName } else { $relevantTemplatePaths = Join-Path $resolvedPath 'main.bicep' } @@ -100,7 +112,8 @@ function Set-Module { # Using threading to speed up the process if ($PSCmdlet.ShouldProcess(('Building & generation of [{0}] modules in path [{1}]' -f $relevantTemplatePaths.Count, $resolvedPath), 'Execute')) { - $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -Parallel { + + $job = $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -AsJob -Parallel { $resourceTypeIdentifier = ((Split-Path $_) -split '[\/|\\]{1}modules[\/|\\]{1}')[1] # avm/res// . $using:ReadMeScriptFilePath @@ -125,5 +138,24 @@ function Set-Module { Set-ModuleReadMe -TemplateFilePath $readmeTemplateFilePath -CrossReferencedModuleList $using:crossReferencedModuleList } } + + do { + # Sleep a bit to allow the threads to run - adjust as desired. + Start-Sleep -Seconds 0.5 + + # Determine how many jobs have completed so far. + $completedJobsCount = ($job.ChildJobs | Where-Object { $_.State -notin @('NotStarted', 'Running') }).Count + + # Relay any pending output from the child jobs. + $job | Receive-Job + + # Update the progress display. + [int] $percent = ($completedJobsCount / $job.ChildJobs.Count) * 100 + Write-Progress -Activity ('Processed [{0}] files' -f $relevantTemplatePaths.Count) -Status "$percent% complete" -PercentComplete $percent + + } while ($completedJobsCount -lt $job.ChildJobs.Count) + + # Clean up the job. + $job | Remove-Job } } From 3df26b25f150d3dcf9e6618e2dbca90e1b1cd1eb Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 22:36:32 +0200 Subject: [PATCH 2/7] Added finally block --- utilities/tools/Set-Module.ps1 | 80 ++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 38 deletions(-) diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index 1bf0f83ee4..dd9fe696a9 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -112,50 +112,54 @@ function Set-Module { # Using threading to speed up the process if ($PSCmdlet.ShouldProcess(('Building & generation of [{0}] modules in path [{1}]' -f $relevantTemplatePaths.Count, $resolvedPath), 'Execute')) { - - $job = $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -AsJob -Parallel { - $resourceTypeIdentifier = ((Split-Path $_) -split '[\/|\\]{1}modules[\/|\\]{1}')[1] # avm/res// - - . $using:ReadMeScriptFilePath - - ############### - ## Build ## - ############### - if (-not $using:SkipBuild) { - Write-Output "Building [$resourceTypeIdentifier]" - bicep build $_ + try { + $job = $relevantTemplatePaths | ForEach-Object -ThrottleLimit $ThrottleLimit -AsJob -Parallel { + $resourceTypeIdentifier = ((Split-Path $_) -split '[\/|\\]{1}modules[\/|\\]{1}')[1] # avm/res// + + . $using:ReadMeScriptFilePath + + ############### + ## Build ## + ############### + if (-not $using:SkipBuild) { + Write-Output "Building [$resourceTypeIdentifier]" + bicep build $_ + } + + ################ + ## ReadMe ## + ################ + if (-not $using:SkipReadMe) { + Write-Output "Generating readme for [$resourceTypeIdentifier]" + + # If the template was just build, we can pass the JSON into the readme script to be more efficient + $readmeTemplateFilePath = (-not $using:SkipBuild) ? (Join-Path (Split-Path $_ -Parent) 'main.json') : $_ + + Set-ModuleReadMe -TemplateFilePath $readmeTemplateFilePath -CrossReferencedModuleList $using:crossReferencedModuleList + } } - ################ - ## ReadMe ## - ################ - if (-not $using:SkipReadMe) { - Write-Output "Generating readme for [$resourceTypeIdentifier]" + do { + # Sleep a bit to allow the threads to run - adjust as desired. + Start-Sleep -Seconds 0.5 - # If the template was just build, we can pass the JSON into the readme script to be more efficient - $readmeTemplateFilePath = (-not $using:SkipBuild) ? (Join-Path (Split-Path $_ -Parent) 'main.json') : $_ + # Determine how many jobs have completed so far. + $completedJobsCount = ($job.ChildJobs | Where-Object { $_.State -notin @('NotStarted', 'Running') }).Count - Set-ModuleReadMe -TemplateFilePath $readmeTemplateFilePath -CrossReferencedModuleList $using:crossReferencedModuleList - } - } + # Relay any pending output from the child jobs. + $job | Receive-Job - do { - # Sleep a bit to allow the threads to run - adjust as desired. - Start-Sleep -Seconds 0.5 + # Update the progress display. + [int] $percent = ($completedJobsCount / $job.ChildJobs.Count) * 100 + Write-Progress -Activity ('Processed [{0}] files' -f $relevantTemplatePaths.Count) -Status "$percent% complete" -PercentComplete $percent - # Determine how many jobs have completed so far. - $completedJobsCount = ($job.ChildJobs | Where-Object { $_.State -notin @('NotStarted', 'Running') }).Count + } while ($completedJobsCount -lt $job.ChildJobs.Count) - # Relay any pending output from the child jobs. - $job | Receive-Job - - # Update the progress display. - [int] $percent = ($completedJobsCount / $job.ChildJobs.Count) * 100 - Write-Progress -Activity ('Processed [{0}] files' -f $relevantTemplatePaths.Count) -Status "$percent% complete" -PercentComplete $percent - - } while ($completedJobsCount -lt $job.ChildJobs.Count) - - # Clean up the job. - $job | Remove-Job + # Clean up the job. + $job | Remove-Job + } finally { + # In case the user cancled the process, we need to make sure to stop all running jobs + $job | Stop-Job -ErrorAction 'SilentlyContinue' + } } } From 02cd49f31537671c223bd049a540adee6993515d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 23:01:47 +0200 Subject: [PATCH 3/7] Enabled cancel --- utilities/tools/Set-Module.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index dd9fe696a9..17acac4c47 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -159,7 +159,7 @@ function Set-Module { $job | Remove-Job } finally { # In case the user cancled the process, we need to make sure to stop all running jobs - $job | Stop-Job -ErrorAction 'SilentlyContinue' + $job | Remove-Job -Force } } } From dc361103c6d90d249ae4985403f75b843de753ba Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 23:06:09 +0200 Subject: [PATCH 4/7] ReadMe fallback --- .../.test/common/main.test.bicep | 3 + modules/aad/domain-service/README.md | 353 ++++-- modules/aad/domain-service/main.json | 8 +- .../server/.test/common/main.test.bicep | 3 + .../server/.test/min/main.test.bicep | 3 + modules/analysis-services/server/README.md | 225 +++- modules/analysis-services/server/main.json | 8 +- .../service/.test/common/main.test.bicep | 3 + .../service/.test/min/main.test.bicep | 3 + modules/api-management/service/README.md | 474 ++++++-- .../service/api-version-set/README.md | 43 +- .../service/api-version-set/main.json | 4 +- modules/api-management/service/api/README.md | 229 +++- modules/api-management/service/api/main.json | 8 +- .../service/api/policy/README.md | 62 +- .../service/api/policy/main.json | 4 +- .../service/authorization-server/README.md | 170 ++- .../service/authorization-server/main.json | 4 +- .../api-management/service/backend/README.md | 119 +- .../api-management/service/backend/main.json | 4 +- .../api-management/service/cache/README.md | 73 +- .../api-management/service/cache/main.json | 4 +- .../service/identity-provider/README.md | 137 ++- .../service/identity-provider/main.json | 4 +- modules/api-management/service/main.json | 64 +- .../service/named-value/README.md | 83 +- .../service/named-value/main.json | 4 +- .../api-management/service/policy/README.md | 54 +- .../api-management/service/policy/main.json | 4 +- .../service/portalsetting/README.md | 47 +- .../service/portalsetting/main.json | 4 +- .../api-management/service/product/README.md | 111 +- .../service/product/api/README.md | 43 +- .../service/product/api/main.json | 4 +- .../service/product/group/README.md | 43 +- .../service/product/group/main.json | 4 +- .../api-management/service/product/main.json | 12 +- .../service/subscription/README.md | 93 +- .../service/subscription/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../configuration-store/README.md | 305 ++++- .../configuration-store/key-value/README.md | 65 +- .../configuration-store/key-value/main.json | 4 +- .../configuration-store/main.json | 24 +- .../.test/common/main.test.bicep | 3 + .../container-app/.test/min/main.test.bicep | 3 + modules/app/container-app/README.md | 371 +++++- modules/app/container-app/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/app/managed-environment/README.md | 272 ++++- modules/app/managed-environment/main.json | 8 +- .../lock/.test/common/main.test.bicep | 3 + modules/authorization/lock/README.md | 118 +- modules/authorization/lock/main.json | 12 +- .../lock/resource-group/README.md | 46 +- .../lock/resource-group/main.json | 4 +- .../authorization/lock/subscription/README.md | 46 +- .../authorization/lock/subscription/main.json | 4 +- .../authorization/policy-assignment/README.md | 266 ++++- .../authorization/policy-assignment/main.json | 16 +- .../management-group/README.md | 161 ++- .../management-group/main.json | 4 +- .../resource-group/README.md | 170 ++- .../resource-group/main.json | 4 +- .../policy-assignment/subscription/README.md | 161 ++- .../policy-assignment/subscription/main.json | 4 +- .../authorization/policy-definition/README.md | 181 ++- .../authorization/policy-definition/main.json | 12 +- .../management-group/README.md | 88 +- .../management-group/main.json | 4 +- .../policy-definition/subscription/README.md | 88 +- .../policy-definition/subscription/main.json | 4 +- .../authorization/policy-exemption/README.md | 228 +++- .../authorization/policy-exemption/main.json | 16 +- .../management-group/README.md | 116 +- .../management-group/main.json | 4 +- .../policy-exemption/resource-group/README.md | 107 +- .../policy-exemption/resource-group/main.json | 4 +- .../policy-exemption/subscription/README.md | 116 +- .../policy-exemption/subscription/main.json | 4 +- .../policy-set-definition/README.md | 178 ++- .../policy-set-definition/main.json | 12 +- .../management-group/README.md | 87 +- .../management-group/main.json | 4 +- .../subscription/README.md | 87 +- .../subscription/main.json | 4 +- .../authorization/role-assignment/README.md | 201 +++- .../authorization/role-assignment/main.json | 16 +- .../management-group/README.md | 98 +- .../management-group/main.json | 4 +- .../role-assignment/resource-group/README.md | 98 +- .../role-assignment/resource-group/main.json | 4 +- .../role-assignment/subscription/README.md | 98 +- .../role-assignment/subscription/main.json | 4 +- .../authorization/role-definition/main.json | 16 +- .../management-group/README.md | 79 +- .../management-group/main.json | 4 +- .../role-definition/resource-group/README.md | 97 +- .../role-definition/resource-group/main.json | 4 +- .../role-definition/subscription/README.md | 97 +- .../role-definition/subscription/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../automation/automation-account/README.md | 14 +- .../automation-account/job-schedule/README.md | 74 +- .../automation-account/job-schedule/main.json | 4 +- .../automation/automation-account/main.json | 52 +- .../automation-account/module/README.md | 70 +- .../automation-account/module/main.json | 4 +- .../automation-account/runbook/README.md | 122 +- .../automation-account/runbook/main.json | 4 +- .../automation-account/schedule/README.md | 112 +- .../automation-account/schedule/main.json | 4 +- .../software-update-configuration/README.md | 324 +++++- .../software-update-configuration/main.json | 4 +- .../automation-account/variable/README.md | 61 +- .../automation-account/variable/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../batch-account/.test/min/main.test.bicep | 3 + modules/batch/batch-account/README.md | 14 +- modules/batch/batch-account/main.json | 16 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/cache/redis-enterprise/README.md | 581 ++++++++++ .../cache/redis-enterprise/database/README.md | 131 ++- .../cache/redis-enterprise/database/main.json | 4 +- .../cache/redis/.test/common/main.test.bicep | 3 + modules/cache/redis/.test/min/main.test.bicep | 3 + modules/cache/redis/README.md | 14 +- modules/cache/redis/main.json | 20 +- .../cdn/profile/.test/common/main.test.bicep | 3 + modules/cdn/profile/README.md | 555 +++++++++ modules/cdn/profile/afdEndpoint/README.md | 82 +- .../cdn/profile/afdEndpoint/route/README.md | 146 ++- modules/cdn/profile/customdomain/README.md | 102 +- modules/cdn/profile/endpoint/README.md | 61 +- modules/cdn/profile/endpoint/origin/README.md | 131 ++- modules/cdn/profile/origingroup/README.md | 78 +- .../cdn/profile/origingroup/origin/README.md | 122 +- modules/cdn/profile/ruleset/README.md | 44 +- modules/cdn/profile/ruleset/rule/README.md | 78 +- modules/cdn/profile/secret/README.md | 85 +- .../account/.test/common/main.test.bicep | 3 + .../account/.test/min/main.test.bicep | 3 + modules/cognitive-services/account/README.md | 783 +++++++++++++ .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/compute/availability-set/README.md | 274 +++++ .../.test/common/main.test.bicep | 3 + modules/compute/disk-encryption-set/README.md | 228 +++- modules/compute/disk-encryption-set/main.json | 20 +- .../compute/disk/.test/common/main.test.bicep | 3 + .../compute/disk/.test/min/main.test.bicep | 3 + modules/compute/disk/README.md | 645 +++++++++++ .../gallery/.test/common/main.test.bicep | 3 + .../compute/gallery/.test/min/main.test.bicep | 3 + modules/compute/gallery/README.md | 155 ++- modules/compute/gallery/application/README.md | 130 ++- modules/compute/gallery/application/main.json | 8 +- modules/compute/gallery/image/README.md | 270 ++++- modules/compute/gallery/image/main.json | 8 +- modules/compute/gallery/main.json | 24 +- .../image/.test/common/main.test.bicep | 3 + modules/compute/image/README.md | 237 +++- modules/compute/image/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../proximity-placement-group/README.md | 169 ++- .../proximity-placement-group/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../ssh-public-key/.test/min/main.test.bicep | 3 + modules/compute/ssh-public-key/README.md | 137 ++- modules/compute/ssh-public-key/main.json | 8 +- .../virtual-machine-scale-set/README.md | 783 +++++++++++-- .../extension/README.md | 111 +- .../extension/main.json | 4 +- .../virtual-machine-scale-set/main.json | 40 +- modules/compute/virtual-machine/README.md | 782 +++++++++++-- .../virtual-machine/extension/README.md | 129 ++- .../virtual-machine/extension/main.json | 4 +- modules/compute/virtual-machine/main.json | 68 +- .../budget/.test/common/main.test.bicep | 3 + .../budget/.test/min/main.test.bicep | 3 + modules/consumption/budget/README.md | 194 +++- modules/consumption/budget/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../container-group/.test/min/main.test.bicep | 3 + .../container-group/README.md | 329 ++++-- .../container-group/main.json | 4 +- .../registry/.test/common/main.test.bicep | 3 + .../registry/.test/min/main.test.bicep | 3 + modules/container-registry/registry/README.md | 483 ++++++-- .../registry/cache-rules/README.md | 60 +- .../registry/cache-rules/main.json | 4 +- modules/container-registry/registry/main.json | 32 +- .../registry/replication/README.md | 72 +- .../registry/replication/main.json | 4 +- .../registry/webhook/README.md | 99 +- .../registry/webhook/main.json | 4 +- .../managed-cluster/.test/min/main.test.bicep | 3 + .../managed-cluster/README.md | 1030 ++++++++++++++--- .../managed-cluster/agent-pool/README.md | 352 +++++- .../managed-cluster/agent-pool/main.json | 4 +- .../managed-cluster/main.json | 20 +- .../factory/.test/common/main.test.bicep | 3 + .../factory/.test/min/main.test.bicep | 3 + modules/data-factory/factory/README.md | 406 +++++-- .../factory/integration-runtime/README.md | 68 +- .../factory/integration-runtime/main.json | 4 +- modules/data-factory/factory/main.json | 32 +- .../factory/managed-virtual-network/README.md | 48 +- .../factory/managed-virtual-network/main.json | 8 +- .../managed-private-endpoint/README.md | 67 +- .../managed-private-endpoint/main.json | 4 +- .../backup-vault/.test/common/main.test.bicep | 3 + .../backup-vault/.test/min/main.test.bicep | 3 + .../data-protection/backup-vault/README.md | 195 +++- .../backup-vault/backup-policy/README.md | 43 +- .../backup-vault/backup-policy/main.json | 4 +- .../data-protection/backup-vault/main.json | 12 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/databricks/access-connector/README.md | 146 ++- modules/databricks/access-connector/main.json | 8 +- .../workspace/.test/common/main.test.bicep | 3 + .../workspace/.test/min/main.test.bicep | 3 + modules/databricks/workspace/README.md | 441 +++++-- modules/databricks/workspace/main.json | 20 +- .../flexible-server/.test/min/main.test.bicep | 3 + .../db-for-my-sql/flexible-server/README.md | 501 ++++++-- .../flexible-server/administrator/README.md | 69 +- .../flexible-server/administrator/main.json | 4 +- .../flexible-server/database/README.md | 62 +- .../flexible-server/database/main.json | 4 +- .../flexible-server/firewall-rule/README.md | 51 +- .../flexible-server/firewall-rule/main.json | 4 +- .../db-for-my-sql/flexible-server/main.json | 20 +- .../flexible-server/.test/min/main.test.bicep | 3 + .../flexible-server/README.md | 464 ++++++-- .../flexible-server/administrator/README.md | 72 +- .../flexible-server/administrator/main.json | 4 +- .../flexible-server/configuration/README.md | 62 +- .../flexible-server/configuration/main.json | 4 +- .../flexible-server/database/README.md | 62 +- .../flexible-server/database/main.json | 4 +- .../flexible-server/firewall-rule/README.md | 51 +- .../flexible-server/firewall-rule/main.json | 4 +- .../flexible-server/main.json | 28 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../application-group/README.md | 231 +++- .../application-group/application/README.md | 110 +- .../application-group/application/main.json | 4 +- .../application-group/main.json | 12 +- .../host-pool/.test/common/main.test.bicep | 3 + .../host-pool/.test/min/main.test.bicep | 3 + .../host-pool/README.md | 431 +++++-- .../scaling-plan/.test/common/main.test.bicep | 3 + .../scaling-plan/.test/min/main.test.bicep | 3 + .../scaling-plan/README.md | 228 +++- .../workspace/.test/common/main.test.bicep | 3 + .../workspace/.test/min/main.test.bicep | 3 + .../workspace/README.md | 214 +++- .../workspace/main.json | 8 +- .../lab/.test/common/main.test.bicep | 3 + .../lab/.test/min/main.test.bicep | 3 + modules/dev-test-lab/lab/README.md | 355 ++++-- .../dev-test-lab/lab/artifactsource/README.md | 119 +- .../dev-test-lab/lab/artifactsource/main.json | 4 +- modules/dev-test-lab/lab/cost/README.md | 195 +++- modules/dev-test-lab/lab/cost/main.json | 4 +- modules/dev-test-lab/lab/main.json | 32 +- .../lab/notificationchannel/README.md | 94 +- .../lab/notificationchannel/main.json | 4 +- .../lab/policyset/policy/README.md | 109 +- .../lab/policyset/policy/main.json | 4 +- modules/dev-test-lab/lab/schedule/README.md | 130 ++- modules/dev-test-lab/lab/schedule/main.json | 4 +- .../dev-test-lab/lab/virtualnetwork/README.md | 79 +- .../dev-test-lab/lab/virtualnetwork/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../digital-twins-instance/README.md | 267 ++++- .../endpoint--event-grid/README.md | 70 +- .../endpoint--event-hub/README.md | 118 +- .../endpoint--service-bus/README.md | 118 +- .../document-db/database-account/README.md | 397 +++++-- .../gremlin-database/README.md | 89 +- .../gremlin-database/graph/README.md | 70 +- .../gremlin-database/graph/main.json | 4 +- .../gremlin-database/main.json | 8 +- .../document-db/database-account/main.json | 44 +- .../mongodb-database/README.md | 62 +- .../mongodb-database/collection/README.md | 68 +- .../mongodb-database/collection/main.json | 4 +- .../mongodb-database/main.json | 8 +- .../database-account/sql-database/README.md | 71 +- .../sql-database/container/README.md | 134 ++- .../sql-database/container/main.json | 4 +- .../database-account/sql-database/main.json | 8 +- .../domain/.test/common/main.test.bicep | 3 + .../domain/.test/min/main.test.bicep | 3 + modules/event-grid/domain/README.md | 261 ++++- modules/event-grid/domain/main.json | 24 +- modules/event-grid/domain/topic/README.md | 44 +- modules/event-grid/domain/topic/main.json | 4 +- .../system-topic/.test/common/main.test.bicep | 3 + .../system-topic/.test/min/main.test.bicep | 3 + modules/event-grid/system-topic/README.md | 238 +++- .../system-topic/event-subscription/README.md | 123 +- .../system-topic/event-subscription/main.json | 4 +- modules/event-grid/system-topic/main.json | 12 +- .../topic/.test/common/main.test.bicep | 3 + .../topic/.test/min/main.test.bicep | 3 + modules/event-grid/topic/README.md | 243 +++- .../topic/event-subscription/README.md | 123 +- .../topic/event-subscription/main.json | 4 +- modules/event-grid/topic/main.json | 24 +- .../namespace/.test/common/main.test.bicep | 3 + .../namespace/.test/min/main.test.bicep | 3 + modules/event-hub/namespace/README.md | 415 +++++-- .../namespace/authorization-rule/README.md | 45 +- .../disaster-recovery-config/README.md | 44 +- .../event-hub/namespace/eventhub/README.md | 214 +++- .../eventhub/authorization-rule/README.md | 53 +- .../eventhub/consumergroup/README.md | 52 +- .../namespace/network-rule-set/README.md | 72 +- .../health-bot/.test/common/main.test.bicep | 3 + .../health-bot/.test/min/main.test.bicep | 3 + modules/health-bot/health-bot/README.md | 146 ++- modules/health-bot/health-bot/main.json | 8 +- .../workspace/.test/common/main.test.bicep | 3 + .../workspace/.test/min/main.test.bicep | 3 + modules/healthcare-apis/workspace/README.md | 262 ++--- .../workspace/dicomservice/README.md | 192 ++- .../workspace/dicomservice/main.json | 4 +- .../workspace/fhirservice/README.md | 330 +++++- .../workspace/fhirservice/main.json | 8 +- .../workspace/iotconnector/README.md | 191 ++- .../iotconnector/fhirdestination/README.md | 81 +- .../iotconnector/fhirdestination/main.json | 4 +- .../workspace/iotconnector/main.json | 8 +- modules/healthcare-apis/workspace/main.json | 28 +- .../action-group/.test/common/main.test.bicep | 3 + .../action-group/.test/min/main.test.bicep | 3 + modules/insights/action-group/README.md | 224 +++- .../.test/common/main.test.bicep | 3 + modules/insights/activity-log-alert/README.md | 154 ++- .../component/.test/common/main.test.bicep | 3 + .../component/.test/min/main.test.bicep | 3 + modules/insights/component/README.md | 253 +++- modules/insights/component/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../data-collection-endpoint/README.md | 148 ++- .../data-collection-endpoint/main.json | 8 +- .../.test/min/main.test.bicep | 3 + .../insights/data-collection-rule/README.md | 210 +++- .../insights/data-collection-rule/main.json | 8 +- .../.test/common/main.test.bicep | 3 + modules/insights/diagnostic-setting/README.md | 127 +- modules/insights/diagnostic-setting/main.json | 4 +- .../metric-alert/.test/common/main.test.bicep | 3 + modules/insights/metric-alert/README.md | 235 +++- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/insights/private-link-scope/README.md | 156 ++- modules/insights/private-link-scope/main.json | 24 +- .../scoped-resource/README.md | 43 +- .../scoped-resource/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../insights/scheduled-query-rule/README.md | 240 +++- .../insights/scheduled-query-rule/main.json | 8 +- .../webtest/.test/common/main.test.bicep | 3 + .../webtest/.test/min/main.test.bicep | 3 + modules/insights/webtest/README.md | 234 +++- modules/insights/webtest/main.json | 8 +- .../vault/.test/common/main.test.bicep | 3 + .../key-vault/vault/.test/min/main.test.bicep | 3 + modules/key-vault/vault/README.md | 354 ++++-- .../key-vault/vault/access-policy/README.md | 34 +- .../key-vault/vault/access-policy/main.json | 4 +- modules/key-vault/vault/key/README.md | 128 +- modules/key-vault/vault/key/main.json | 8 +- modules/key-vault/vault/main.json | 40 +- modules/key-vault/vault/secret/README.md | 97 +- modules/key-vault/vault/secret/main.json | 8 +- .../extension/.test/common/main.test.bicep | 3 + .../extension/.test/min/main.test.bicep | 3 + .../extension/README.md | 185 ++- .../extension/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../flux-configuration/README.md | 176 ++- .../flux-configuration/main.json | 4 +- .../workflow/.test/common/main.test.bicep | 3 + modules/logic/workflow/README.md | 344 +++++- modules/logic/workflow/main.json | 8 +- .../workspace/.test/common/main.test.bicep | 3 + .../workspace/.test/min/main.test.bicep | 3 + .../workspace/README.md | 417 +++++-- .../workspace/compute/README.md | 146 ++- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../maintenance-configuration/README.md | 184 ++- .../maintenance-configuration/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../user-assigned-identity/README.md | 136 ++- .../federated-identity-credential/README.md | 59 +- .../federated-identity-credential/main.json | 4 +- .../user-assigned-identity/main.json | 12 +- .../.test/common/main.test.bicep | 3 + .../registration-definition/README.md | 133 ++- .../registration-definition/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/management/management-group/README.md | 117 +- modules/management/management-group/main.json | 4 +- .../net-app-account/.test/min/main.test.bicep | 3 + modules/net-app/net-app-account/README.md | 206 +++- .../net-app-account/capacity-pool/README.md | 118 +- .../net-app-account/capacity-pool/main.json | 16 +- .../capacity-pool/volume/README.md | 114 +- .../capacity-pool/volume/main.json | 8 +- modules/net-app/net-app-account/main.json | 24 +- .../.test/common/main.test.bicep | 3 + .../README.md | 128 +- .../main.json | 4 +- .../.test/common/main.test.bicep | 3 + modules/network/application-gateway/README.md | 549 +++++++-- modules/network/application-gateway/main.json | 20 +- .../.test/common/main.test.bicep | 3 + .../application-security-group/README.md | 120 +- .../application-security-group/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../azure-firewall/.test/min/main.test.bicep | 3 + modules/network/azure-firewall/README.md | 396 +++++-- modules/network/azure-firewall/main.json | 24 +- 441 files changed, 28139 insertions(+), 6406 deletions(-) create mode 100644 modules/cache/redis-enterprise/README.md create mode 100644 modules/cdn/profile/README.md create mode 100644 modules/cognitive-services/account/README.md create mode 100644 modules/compute/availability-set/README.md create mode 100644 modules/compute/disk/README.md diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 45310e5723..6df70643ed 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index fca50dcd19..8803a840aa 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Active Directory Domain Services (AADDS). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,81 +20,28 @@ This module deploys an Azure Active Directory Domain Services (AADDS). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `domainName` | string | The domain name specific to the Azure ADDS service. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalRecipients` | array | `[]` | | The email recipient value to receive alerts. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainConfigurationType` | string | `'FullySynced'` | `[FullySynced, ResourceTrusting]` | The value is to provide domain configuration type. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | -| `filteredSync` | string | `'Enabled'` | | The value is to synchronize scoped users and groups. | -| `kerberosArmoring` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | -| `kerberosRc4Encryption` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable Kerberos requests that use RC4 encryption. | -| `ldaps` | string | `'Enabled'` | `[Disabled, Enabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Azure ADDS Services. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[parameters('domainName')]` | | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | -| `notifyDcAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the DC Admins. | -| `notifyGlobalAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the Global Admins. | -| `ntlmV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using NTLM v1. | -| `replicaSets` | array | `[]` | | Additional replica set for the managed domain. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Enterprise, Premium, Standard]` | The name of the SKU specific to Azure ADDS Services. | -| `syncNtlmPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable synchronized users to use NTLM authentication. | -| `syncOnPremPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable on-premises users to authenticate against managed domain. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tlsV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using TLSv1. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | -| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | -| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/aad.domain-service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module domainService './aad/domain-service/main.bicep' = { +module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaddscom' params: { // Required parameters @@ -203,6 +150,282 @@ module domainService './aad/domain-service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`domainName`](#parameter-domainname) | string | The domain name specific to the Azure ADDS service. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`pfxCertificate`](#parameter-pfxcertificate) | securestring | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| [`pfxCertificatePassword`](#parameter-pfxcertificatepassword) | securestring | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalRecipients`](#parameter-additionalrecipients) | array | The email recipient value to receive alerts. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`domainConfigurationType`](#parameter-domainconfigurationtype) | string | The value is to provide domain configuration type. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`externalAccess`](#parameter-externalaccess) | string | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | +| [`filteredSync`](#parameter-filteredsync) | string | The value is to synchronize scoped users and groups. | +| [`kerberosArmoring`](#parameter-kerberosarmoring) | string | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | +| [`kerberosRc4Encryption`](#parameter-kerberosrc4encryption) | string | The value is to enable Kerberos requests that use RC4 encryption. | +| [`ldaps`](#parameter-ldaps) | string | A flag to determine whether or not Secure LDAP is enabled or disabled. | +| [`location`](#parameter-location) | string | The location to deploy the Azure ADDS Services. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | +| [`notifyDcAdmins`](#parameter-notifydcadmins) | string | The value is to notify the DC Admins. | +| [`notifyGlobalAdmins`](#parameter-notifyglobaladmins) | string | The value is to notify the Global Admins. | +| [`ntlmV1`](#parameter-ntlmv1) | string | The value is to enable clients making request using NTLM v1. | +| [`replicaSets`](#parameter-replicasets) | array | Additional replica set for the managed domain. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The name of the SKU specific to Azure ADDS Services. | +| [`syncNtlmPasswords`](#parameter-syncntlmpasswords) | string | The value is to enable synchronized users to use NTLM authentication. | +| [`syncOnPremPasswords`](#parameter-synconprempasswords) | string | The value is to enable on-premises users to authenticate against managed domain. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tlsV1`](#parameter-tlsv1) | string | The value is to enable clients making request using TLSv1. | + +### Parameter: `additionalRecipients` + +The email recipient value to receive alerts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainConfigurationType` + +The value is to provide domain configuration type. +- Required: No +- Type: string +- Default: `'FullySynced'` +- Allowed: `[FullySynced, ResourceTrusting]` + +### Parameter: `domainName` + +The domain name specific to the Azure ADDS service. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalAccess` + +The value is to enable the Secure LDAP for external services of Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `filteredSync` + +The value is to synchronize scoped users and groups. +- Required: No +- Type: string +- Default: `'Enabled'` + +### Parameter: `kerberosArmoring` + +The value is to enable to provide a protected channel between the Kerberos client and the KDC. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `kerberosRc4Encryption` + +The value is to enable Kerberos requests that use RC4 encryption. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ldaps` + +A flag to determine whether or not Secure LDAP is enabled or disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location to deploy the Azure ADDS Services. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. +- Required: No +- Type: string +- Default: `[parameters('domainName')]` + +### Parameter: `notifyDcAdmins` + +The value is to notify the DC Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `notifyGlobalAdmins` + +The value is to notify the Global Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ntlmV1` + +The value is to enable clients making request using NTLM v1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `pfxCertificate` + +The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `pfxCertificatePassword` + +The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `replicaSets` + +Additional replica set for the managed domain. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the SKU specific to Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Enterprise, Premium, Standard]` + +### Parameter: `syncNtlmPasswords` + +The value is to enable synchronized users to use NTLM authentication. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `syncOnPremPasswords` + +The value is to enable on-premises users to authenticate against managed domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tlsV1` + +The value is to enable clients making request using TLSv1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | +| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | +| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | + +## Cross-referenced modules + +_None_ + ## Notes ### Network Security Group (NSG) requirements for AADDS diff --git a/modules/aad/domain-service/main.json b/modules/aad/domain-service/main.json index 3070f9df0a..0f206dd1ce 100644 --- a/modules/aad/domain-service/main.json +++ b/modules/aad/domain-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5043907679276521852" + "version": "0.22.6.54827", + "templateHash": "10694057578652449276" }, "name": "Azure Active Directory Domain Services", "description": "This module deploys an Azure Active Directory Domain Services (AADDS).", @@ -410,8 +410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4015790044658504688" + "version": "0.22.6.54827", + "templateHash": "4984019978971427023" } }, "parameters": { diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 0dcc74191b..527c3c1c71 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/.test/min/main.test.bicep b/modules/analysis-services/server/.test/min/main.test.bicep index 3c210ec288..e89ac48c07 100644 --- a/modules/analysis-services/server/.test/min/main.test.bicep +++ b/modules/analysis-services/server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 02f71b089c..e51e44040a 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -5,10 +5,10 @@ This module deploys an Analysis Services Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,63 +19,30 @@ This module deploys an Analysis Services Server. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Analysis Services server to create. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Engine, Service]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallSettings` | object | `{object}` | | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | The total number of query replica scale-out instances. | -| `skuName` | string | `'S0'` | | The SKU name of the Azure Analysis Services server to create. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the analysis service. | -| `resourceGroupName` | string | The resource group the analysis service was deployed into. | -| `resourceId` | string | The resource ID of the analysis service. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/analysis-services.server:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Max](#example-2-max) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-asscom' params: { // Required parameters @@ -169,14 +136,14 @@ module server './analysis-services/server/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name)}-test-assmax' params: { // Required parameters @@ -302,14 +269,17 @@ module server './analysis-services/server/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-assmin' params: { // Required parameters @@ -346,3 +316,160 @@ module server './analysis-services/server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Analysis Services server to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallSettings`](#parameter-firewallsettings) | object | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The total number of query replica scale-out instances. | +| [`skuName`](#parameter-skuname) | string | The SKU name of the Azure Analysis Services server to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Engine, Service]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallSettings` + +The inbound firewall rules to define on the server. If not specified, firewall is disabled. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Analysis Services server to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The total number of query replica scale-out instances. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The SKU name of the Azure Analysis Services server to create. +- Required: No +- Type: string +- Default: `'S0'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the analysis service. | +| `resourceGroupName` | string | The resource group the analysis service was deployed into. | +| `resourceId` | string | The resource ID of the analysis service. | + +## Cross-referenced modules + +_None_ diff --git a/modules/analysis-services/server/main.json b/modules/analysis-services/server/main.json index c54bb4c44b..9855c786cd 100644 --- a/modules/analysis-services/server/main.json +++ b/modules/analysis-services/server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1234109873215342159" + "version": "0.22.6.54827", + "templateHash": "5443858044342002150" }, "name": "Analysis Services Servers", "description": "This module deploys an Analysis Services Server.", @@ -268,8 +268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5938154849701330874" + "version": "0.22.6.54827", + "templateHash": "7231657665941581698" } }, "parameters": { diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index 7431d43d99..d00d8943f8 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/.test/min/main.test.bicep b/modules/api-management/service/.test/min/main.test.bicep index b45bd98469..f4e9fd87a5 100644 --- a/modules/api-management/service/.test/min/main.test.bicep +++ b/modules/api-management/service/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index d9d56c5b77..a5e33b4cae 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -4,14 +4,14 @@ This module deploys an API Management Service. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -34,91 +34,30 @@ This module deploys an API Management Service. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the API Management service. | -| `publisherEmail` | string | The email address of the owner of the service. | -| `publisherName` | string | The name of the owner of the service. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalLocations` | array | `[]` | | Additional datacenter locations of the API Management service. | -| `apis` | array | `[]` | | APIs. | -| `apiVersionSets` | array | `[]` | | API Version Sets. | -| `authorizationServers` | secureObject | `{object}` | | Authorization servers. | -| `backends` | array | `[]` | | Backends. | -| `caches` | array | `[]` | | Caches. | -| `certificates` | array | `[]` | | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | -| `customProperties` | object | `{object}` | | Custom properties of the API Management service. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, GatewayLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableGateway` | bool | `False` | | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | -| `enableClientCertificate` | bool | `False` | | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hostnameConfigurations` | array | `[]` | | Custom hostname configuration of the API Management service. | -| `identityProviders` | array | `[]` | | Identity providers. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minApiVersion` | string | `''` | | Limit control plane API calls to API Management service with version equal to or newer than this value. | -| `namedValues` | array | `[]` | | Named values. | -| `newGuidValue` | string | `[newGuid()]` | | Necessary to create a new GUID. | -| `notificationSenderEmail` | string | `'apimgmt-noreply@mail.windowsazure.com'` | | The notification sender email address for the service. | -| `policies` | array | `[]` | | Policies. | -| `portalsettings` | array | `[]` | | Portal settings. | -| `products` | array | `[]` | | Products. | -| `restore` | bool | `False` | | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Developer'` | `[Basic, Consumption, Developer, Premium, Standard]` | The pricing tier of this API Management service. | -| `skuCount` | int | `1` | `[1, 2]` | The instance size of this API Management service. | -| `subnetResourceId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | -| `subscriptions` | array | `[]` | | Subscriptions. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkType` | string | `'None'` | `[External, Internal, None]` | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the API management service. | -| `resourceGroupName` | string | The resource group the API management service was deployed into. | -| `resourceId` | string | The resource ID of the API management service. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/api-management.service:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Max](#example-2-max) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apiscom' params: { // Required parameters @@ -252,14 +191,14 @@ module service './api-management/service/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismax' params: { // Required parameters @@ -601,14 +540,17 @@ module service './api-management/service/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismin' params: { // Required parameters @@ -655,6 +597,380 @@ module service './api-management/service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the API Management service. | +| [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. | +| [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalLocations`](#parameter-additionallocations) | array | Additional datacenter locations of the API Management service. | +| [`apis`](#parameter-apis) | array | APIs. | +| [`apiVersionSets`](#parameter-apiversionsets) | array | API Version Sets. | +| [`authorizationServers`](#parameter-authorizationservers) | secureObject | Authorization servers. | +| [`backends`](#parameter-backends) | array | Backends. | +| [`caches`](#parameter-caches) | array | Caches. | +| [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | +| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableGateway`](#parameter-disablegateway) | bool | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | +| [`enableClientCertificate`](#parameter-enableclientcertificate) | bool | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hostnameConfigurations`](#parameter-hostnameconfigurations) | array | Custom hostname configuration of the API Management service. | +| [`identityProviders`](#parameter-identityproviders) | array | Identity providers. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minApiVersion`](#parameter-minapiversion) | string | Limit control plane API calls to API Management service with version equal to or newer than this value. | +| [`namedValues`](#parameter-namedvalues) | array | Named values. | +| [`newGuidValue`](#parameter-newguidvalue) | string | Necessary to create a new GUID. | +| [`notificationSenderEmail`](#parameter-notificationsenderemail) | string | The notification sender email address for the service. | +| [`policies`](#parameter-policies) | array | Policies. | +| [`portalsettings`](#parameter-portalsettings) | array | Portal settings. | +| [`products`](#parameter-products) | array | Products. | +| [`restore`](#parameter-restore) | bool | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The pricing tier of this API Management service. | +| [`skuCount`](#parameter-skucount) | int | The instance size of this API Management service. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | +| [`subscriptions`](#parameter-subscriptions) | array | Subscriptions. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `additionalLocations` + +Additional datacenter locations of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apis` + +APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiVersionSets` + +API Version Sets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authorizationServers` + +Authorization servers. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `backends` + +Backends. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `caches` + +Caches. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `certificates` + +List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customProperties` + +Custom properties of the API Management service. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, GatewayLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableGateway` + +Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableClientCertificate` + +Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostnameConfigurations` + +Custom hostname configuration of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `identityProviders` + +Identity providers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minApiVersion` + +Limit control plane API calls to API Management service with version equal to or newer than this value. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the API Management service. +- Required: Yes +- Type: string + +### Parameter: `namedValues` + +Named values. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `newGuidValue` + +Necessary to create a new GUID. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `notificationSenderEmail` + +The notification sender email address for the service. +- Required: No +- Type: string +- Default: `'apimgmt-noreply@mail.windowsazure.com'` + +### Parameter: `policies` + +Policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `portalsettings` + +Portal settings. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `products` + +Products. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publisherEmail` + +The email address of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `publisherName` + +The name of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `restore` + +Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier of this API Management service. +- Required: No +- Type: string +- Default: `'Developer'` +- Allowed: `[Basic, Consumption, Developer, Premium, Standard]` + +### Parameter: `skuCount` + +The instance size of this API Management service. +- Required: No +- Type: int +- Default: `1` +- Allowed: `[1, 2]` + +### Parameter: `subnetResourceId` + +The full resource ID of a subnet in a virtual network to deploy the API Management service in. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptions` + +Subscriptions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkType` + +The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[External, Internal, None]` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the API management service. | +| `resourceGroupName` | string | The resource group the API management service was deployed into. | +| `resourceId` | string | The resource ID of the API management service. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `apiManagementServicePolicy` diff --git a/modules/api-management/service/api-version-set/README.md b/modules/api-management/service/api-version-set/README.md index 675ca80d79..3be54ecd44 100644 --- a/modules/api-management/service/api-version-set/README.md +++ b/modules/api-management/service/api-version-set/README.md @@ -19,22 +19,49 @@ This module deploys an API Management Service API Version Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | API Version set name. | -| `properties` | object | `{object}` | API Version set properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | API Version set name. | +| [`properties`](#parameter-properties) | object | API Version set properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API Version set name. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `properties` + +API Version set properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API Version set. | | `resourceGroupName` | string | The resource group the API Version set was deployed into. | diff --git a/modules/api-management/service/api-version-set/main.json b/modules/api-management/service/api-version-set/main.json index f09d56ff92..1f27892ce2 100644 --- a/modules/api-management/service/api-version-set/main.json +++ b/modules/api-management/service/api-version-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9352626903654043411" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", diff --git a/modules/api-management/service/api/README.md b/modules/api-management/service/api/README.md index 2390fc6a17..a9cd300c66 100644 --- a/modules/api-management/service/api/README.md +++ b/modules/api-management/service/api/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service API. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,47 +20,214 @@ This module deploys an API Management Service API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | API name. Must be 1 to 300 characters long. | -| `name` | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | -| `path` | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | +| [`displayName`](#parameter-displayname) | string | API name. Must be 1 to 300 characters long. | +| [`name`](#parameter-name) | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | +| [`path`](#parameter-path) | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `apiDescription` | string | `''` | | Description of the API. May include HTML formatting tags. | -| `apiRevision` | string | `''` | | Describes the Revision of the API. If no value is provided, default revision 1 is created. | -| `apiRevisionDescription` | string | `''` | | Description of the API Revision. | -| `apiType` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | -| `apiVersion` | string | `''` | | Indicates the Version identifier of the API if the API is versioned. | -| `apiVersionDescription` | string | `''` | | Description of the API Version. | -| `apiVersionSetId` | string | `''` | | Indicates the Version identifier of the API version set. | -| `authenticationSettings` | object | `{object}` | | Collection of authentication settings included into this API. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'openapi'` | `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` | Format of the Content in which the API is getting imported. | -| `isCurrent` | bool | `True` | | Indicates if API revision is current API revision. | -| `policies` | array | `[]` | | Array of Policies to apply to the Service API. | -| `protocols` | array | `[https]` | | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | -| `serviceUrl` | string | `''` | | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | -| `sourceApiId` | string | `''` | | API identifier of the source API. | -| `subscriptionKeyParameterNames` | object | `{object}` | | Protocols over which API is made available. | -| `subscriptionRequired` | bool | `False` | | Specifies whether an API or Product subscription is required for accessing the API. | -| `type` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API. | -| `value` | string | `''` | | Content value when Importing an API. | -| `wsdlSelector` | object | `{object}` | | Criteria to limit import of WSDL to a subset of the document. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiDescription`](#parameter-apidescription) | string | Description of the API. May include HTML formatting tags. | +| [`apiRevision`](#parameter-apirevision) | string | Describes the Revision of the API. If no value is provided, default revision 1 is created. | +| [`apiRevisionDescription`](#parameter-apirevisiondescription) | string | Description of the API Revision. | +| [`apiType`](#parameter-apitype) | string | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | +| [`apiVersion`](#parameter-apiversion) | string | Indicates the Version identifier of the API if the API is versioned. | +| [`apiVersionDescription`](#parameter-apiversiondescription) | string | Description of the API Version. | +| [`apiVersionSetId`](#parameter-apiversionsetid) | string | Indicates the Version identifier of the API version set. | +| [`authenticationSettings`](#parameter-authenticationsettings) | object | Collection of authentication settings included into this API. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the Content in which the API is getting imported. | +| [`isCurrent`](#parameter-iscurrent) | bool | Indicates if API revision is current API revision. | +| [`policies`](#parameter-policies) | array | Array of Policies to apply to the Service API. | +| [`protocols`](#parameter-protocols) | array | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | +| [`serviceUrl`](#parameter-serviceurl) | string | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | +| [`sourceApiId`](#parameter-sourceapiid) | string | API identifier of the source API. | +| [`subscriptionKeyParameterNames`](#parameter-subscriptionkeyparameternames) | object | Protocols over which API is made available. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Specifies whether an API or Product subscription is required for accessing the API. | +| [`type`](#parameter-type) | string | Type of API. | +| [`value`](#parameter-value) | string | Content value when Importing an API. | +| [`wsdlSelector`](#parameter-wsdlselector) | object | Criteria to limit import of WSDL to a subset of the document. | + +### Parameter: `apiDescription` + +Description of the API. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiRevision` + +Describes the Revision of the API. If no value is provided, default revision 1 is created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiRevisionDescription` + +Description of the API Revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiType` + +Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `apiVersion` + +Indicates the Version identifier of the API if the API is versioned. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionDescription` + +Description of the API Version. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionSetId` + +Indicates the Version identifier of the API version set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authenticationSettings` + +Collection of authentication settings included into this API. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `displayName` + +API name. Must be 1 to 300 characters long. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the Content in which the API is getting imported. +- Required: No +- Type: string +- Default: `'openapi'` +- Allowed: `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` + +### Parameter: `isCurrent` + +Indicates if API revision is current API revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. +- Required: Yes +- Type: string + +### Parameter: `path` + +Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. +- Required: Yes +- Type: string + +### Parameter: `policies` + +Array of Policies to apply to the Service API. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `protocols` + +Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. +- Required: No +- Type: array +- Default: `[https]` + +### Parameter: `serviceUrl` + +Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceApiId` + +API identifier of the source API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionKeyParameterNames` + +Protocols over which API is made available. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `subscriptionRequired` + +Specifies whether an API or Product subscription is required for accessing the API. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Type of API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `value` + +Content value when Importing an API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `wsdlSelector` + +Criteria to limit import of WSDL to a subset of the document. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service API. | | `resourceGroupName` | string | The resource group the API management service API was deployed to. | diff --git a/modules/api-management/service/api/main.json b/modules/api-management/service/api/main.json index 08c998bf80..f150d2bcb8 100644 --- a/modules/api-management/service/api/main.json +++ b/modules/api-management/service/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9074052005199170712" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -284,8 +284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/api/policy/README.md b/modules/api-management/service/api/policy/README.md index 3696e336ba..969678d876 100644 --- a/modules/api-management/service/api/policy/README.md +++ b/modules/api-management/service/api/policy/README.md @@ -19,29 +19,69 @@ This module deploys an API Management Service API Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `apiName` | string | The name of the parent API. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiName`](#parameter-apiname) | string | The name of the parent API. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiName` + +The name of the parent API. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API policy. | | `resourceGroupName` | string | The resource group the API policy was deployed into. | diff --git a/modules/api-management/service/api/policy/main.json b/modules/api-management/service/api/policy/main.json index 76457b0c2f..02322fa340 100644 --- a/modules/api-management/service/api/policy/main.json +++ b/modules/api-management/service/api/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/authorization-server/README.md b/modules/api-management/service/authorization-server/README.md index a875ea1259..f10abac911 100644 --- a/modules/api-management/service/authorization-server/README.md +++ b/modules/api-management/service/authorization-server/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Authorization Server. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,41 +19,161 @@ This module deploys an API Management Service Authorization Server. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `authorizationEndpoint` | string | OAuth authorization endpoint. See . | -| `clientId` | securestring | Client or app ID registered with this authorization server. | -| `clientSecret` | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | -| `grantTypes` | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | -| `name` | string | Identifier of the authorization server. | +| [`authorizationEndpoint`](#parameter-authorizationendpoint) | string | OAuth authorization endpoint. See . | +| [`clientId`](#parameter-clientid) | securestring | Client or app ID registered with this authorization server. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| [`grantTypes`](#parameter-granttypes) | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | +| [`name`](#parameter-name) | string | Identifier of the authorization server. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `authorizationMethods` | array | `[GET]` | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | -| `bearerTokenSendingMethods` | array | `[authorizationHeader]` | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | -| `clientAuthenticationMethod` | array | `[Basic]` | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | -| `clientRegistrationEndpoint` | string | `''` | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | -| `defaultScope` | string | `''` | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceOwnerPassword` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | -| `resourceOwnerUsername` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | -| `serverDescription` | string | `''` | Description of the authorization server. Can contain HTML formatting tags. | -| `supportState` | bool | `False` | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | -| `tokenBodyParameters` | array | `[]` | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | -| `tokenEndpoint` | string | `''` | OAuth token endpoint. Contains absolute URI to entity being referenced. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationMethods`](#parameter-authorizationmethods) | array | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | +| [`bearerTokenSendingMethods`](#parameter-bearertokensendingmethods) | array | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | +| [`clientAuthenticationMethod`](#parameter-clientauthenticationmethod) | array | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | +| [`clientRegistrationEndpoint`](#parameter-clientregistrationendpoint) | string | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | +| [`defaultScope`](#parameter-defaultscope) | string | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceOwnerPassword`](#parameter-resourceownerpassword) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | +| [`resourceOwnerUsername`](#parameter-resourceownerusername) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | +| [`serverDescription`](#parameter-serverdescription) | string | Description of the authorization server. Can contain HTML formatting tags. | +| [`supportState`](#parameter-supportstate) | bool | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | +| [`tokenBodyParameters`](#parameter-tokenbodyparameters) | array | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | +| [`tokenEndpoint`](#parameter-tokenendpoint) | string | OAuth token endpoint. Contains absolute URI to entity being referenced. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authorizationEndpoint` + +OAuth authorization endpoint. See . +- Required: Yes +- Type: string + +### Parameter: `authorizationMethods` + +HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. +- Required: No +- Type: array +- Default: `[GET]` + +### Parameter: `bearerTokenSendingMethods` + +Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. +- Required: No +- Type: array +- Default: `[authorizationHeader]` + +### Parameter: `clientAuthenticationMethod` + +Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. +- Required: No +- Type: array +- Default: `[Basic]` + +### Parameter: `clientId` + +Client or app ID registered with this authorization server. +- Required: Yes +- Type: securestring + +### Parameter: `clientRegistrationEndpoint` + +Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: Yes +- Type: securestring + +### Parameter: `defaultScope` + +Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `grantTypes` + +Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. +- Required: Yes +- Type: array + +### Parameter: `name` + +Identifier of the authorization server. +- Required: Yes +- Type: string + +### Parameter: `resourceOwnerPassword` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceOwnerUsername` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverDescription` + +Description of the authorization server. Can contain HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportState` + +If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tokenBodyParameters` + +Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tokenEndpoint` + +OAuth token endpoint. Contains absolute URI to entity being referenced. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service authorization server. | | `resourceGroupName` | string | The resource group the API management service authorization server was deployed into. | diff --git a/modules/api-management/service/authorization-server/main.json b/modules/api-management/service/authorization-server/main.json index d956cf25f5..09fc98f3c1 100644 --- a/modules/api-management/service/authorization-server/main.json +++ b/modules/api-management/service/authorization-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8155815469027179886" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", diff --git a/modules/api-management/service/backend/README.md b/modules/api-management/service/backend/README.md index 90025fec0f..a94b3f65e9 100644 --- a/modules/api-management/service/backend/README.md +++ b/modules/api-management/service/backend/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Backend. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,35 +20,116 @@ This module deploys an API Management Service Backend. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Backend Name. | -| `url` | string | Runtime URL of the Backend. | +| [`name`](#parameter-name) | string | Backend Name. | +| [`url`](#parameter-url) | string | Runtime URL of the Backend. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `credentials` | object | `{object}` | Backend Credentials Contract Properties. | -| `description` | string | `''` | Backend Description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `protocol` | string | `'http'` | Backend communication protocol. - http or soap. | -| `proxy` | object | `{object}` | Backend Proxy Contract Properties. | -| `resourceId` | string | `''` | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | -| `serviceFabricCluster` | object | `{object}` | Backend Service Fabric Cluster Properties. | -| `title` | string | `''` | Backend Title. | -| `tls` | object | `{object}` | Backend TLS Properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentials`](#parameter-credentials) | object | Backend Credentials Contract Properties. | +| [`description`](#parameter-description) | string | Backend Description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`protocol`](#parameter-protocol) | string | Backend communication protocol. - http or soap. | +| [`proxy`](#parameter-proxy) | object | Backend Proxy Contract Properties. | +| [`resourceId`](#parameter-resourceid) | string | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | +| [`serviceFabricCluster`](#parameter-servicefabriccluster) | object | Backend Service Fabric Cluster Properties. | +| [`title`](#parameter-title) | string | Backend Title. | +| [`tls`](#parameter-tls) | object | Backend TLS Properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `credentials` + +Backend Credentials Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `description` + +Backend Description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Backend Name. +- Required: Yes +- Type: string + +### Parameter: `protocol` + +Backend communication protocol. - http or soap. +- Required: No +- Type: string +- Default: `'http'` + +### Parameter: `proxy` + +Backend Proxy Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceId` + +Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceFabricCluster` + +Backend Service Fabric Cluster Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `title` + +Backend Title. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tls` + +Backend TLS Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `url` + +Runtime URL of the Backend. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service backend. | | `resourceGroupName` | string | The resource group the API management service backend was deployed into. | diff --git a/modules/api-management/service/backend/main.json b/modules/api-management/service/backend/main.json index 17c351e22a..e10f1c81ee 100644 --- a/modules/api-management/service/backend/main.json +++ b/modules/api-management/service/backend/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1669725941639871055" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", diff --git a/modules/api-management/service/cache/README.md b/modules/api-management/service/cache/README.md index d6c9712e8e..3bc84b82c2 100644 --- a/modules/api-management/service/cache/README.md +++ b/modules/api-management/service/cache/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Cache. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,30 +19,75 @@ This module deploys an API Management Service Cache. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `connectionString` | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | -| `name` | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | -| `useFromLocation` | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | +| [`connectionString`](#parameter-connectionstring) | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | +| [`name`](#parameter-name) | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | +| [`useFromLocation`](#parameter-usefromlocation) | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | Cache description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceId` | string | `''` | Original uri of entity in external system cache points to. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Cache description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceId`](#parameter-resourceid) | string | Original uri of entity in external system cache points to. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `connectionString` + +Runtime connection string to cache. Can be referenced by a named value like so, {{}}. +- Required: Yes +- Type: string + +### Parameter: `description` + +Cache description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Original uri of entity in external system cache points to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `useFromLocation` + +Location identifier to use cache from (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service cache. | | `resourceGroupName` | string | The resource group the API management service cache was deployed into. | diff --git a/modules/api-management/service/cache/main.json b/modules/api-management/service/cache/main.json index 662943675f..80972f2881 100644 --- a/modules/api-management/service/cache/main.json +++ b/modules/api-management/service/cache/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17031319637382778576" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", diff --git a/modules/api-management/service/identity-provider/README.md b/modules/api-management/service/identity-provider/README.md index ee17802cdf..9246273650 100644 --- a/modules/api-management/service/identity-provider/README.md +++ b/modules/api-management/service/identity-provider/README.md @@ -19,37 +19,134 @@ This module deploys an API Management Service Identity Provider. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Identity provider name. | +| [`name`](#parameter-name) | string | Identity provider name. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apiManagementServiceName` | string | | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `clientId` | string | `''` | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | -| `clientSecret` | securestring | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`clientId`](#parameter-clientid) | string | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedTenants` | array | `[]` | | List of Allowed Tenants when configuring Azure Active Directory login. - string. | -| `authority` | string | `''` | | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableIdentityProviders` | bool | `False` | | Used to enable the deployment of the identityProviders child resource. | -| `passwordResetPolicyName` | string | `''` | | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | -| `profileEditingPolicyName` | string | `''` | | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInPolicyName` | string | `''` | | Signin Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInTenant` | string | `''` | | The TenantId to use instead of Common when logging into Active Directory. | -| `signUpPolicyName` | string | `''` | | Signup Policy Name. Only applies to AAD B2C Identity Provider. | -| `type` | string | `'aad'` | `[aad, aadB2C, facebook, google, microsoft, twitter]` | Identity Provider Type identifier. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. | +| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableIdentityProviders`](#parameter-enableidentityproviders) | bool | Used to enable the deployment of the identityProviders child resource. | +| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | +| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInTenant`](#parameter-signintenant) | string | The TenantId to use instead of Common when logging into Active Directory. | +| [`signUpPolicyName`](#parameter-signuppolicyname) | string | Signup Policy Name. Only applies to AAD B2C Identity Provider. | +| [`type`](#parameter-type) | string | Identity Provider Type identifier. | + +### Parameter: `allowedTenants` + +List of Allowed Tenants when configuring Azure Active Directory login. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authority` + +OpenID Connect discovery endpoint hostname for AAD or AAD B2C. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientId` + +Client ID of the Application in the external Identity Provider. Required if identity provider is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableIdentityProviders` + +Used to enable the deployment of the identityProviders child resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `name` + +Identity provider name. +- Required: Yes +- Type: string + +### Parameter: `passwordResetPolicyName` + +Password Reset Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileEditingPolicyName` + +Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInPolicyName` + +Signin Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInTenant` + +The TenantId to use instead of Common when logging into Active Directory. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signUpPolicyName` + +Signup Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `type` + +Identity Provider Type identifier. +- Required: No +- Type: string +- Default: `'aad'` +- Allowed: `[aad, aadB2C, facebook, google, microsoft, twitter]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service identity provider. | | `resourceGroupName` | string | The resource group the API management service identity provider was deployed into. | diff --git a/modules/api-management/service/identity-provider/main.json b/modules/api-management/service/identity-provider/main.json index 12777acfdc..a5131f7311 100644 --- a/modules/api-management/service/identity-provider/main.json +++ b/modules/api-management/service/identity-provider/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17041253664250888675" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", diff --git a/modules/api-management/service/main.json b/modules/api-management/service/main.json index e6a0293d07..0eca3efbe5 100644 --- a/modules/api-management/service/main.json +++ b/modules/api-management/service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16139014256674828272" + "version": "0.22.6.54827", + "templateHash": "12476936893104821390" }, "name": "API Management Services", "description": "This module deploys an API Management Service.", @@ -501,8 +501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13643970540915525806" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -781,8 +781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6059606679416480431" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", @@ -951,8 +951,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17009588020697963791" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", @@ -1091,8 +1091,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10093092890891107320" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", @@ -1339,8 +1339,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15587770490550622003" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", @@ -1533,8 +1533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12512964555569038583" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", @@ -1684,8 +1684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5821693072491820871" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", @@ -1900,8 +1900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3922343729155718081" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", @@ -2053,8 +2053,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "869969373482543080" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", @@ -2176,8 +2176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13858171935263007479" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", @@ -2316,8 +2316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6198741217819703348" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -2465,8 +2465,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4854177138271927700" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -2579,8 +2579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8500094107587576986" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", @@ -2745,8 +2745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5104726614398406453" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", @@ -2908,8 +2908,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15706860856976307419" + "version": "0.22.6.54827", + "templateHash": "1194193235287598548" } }, "parameters": { diff --git a/modules/api-management/service/named-value/README.md b/modules/api-management/service/named-value/README.md index 2920b62283..d73832ca82 100644 --- a/modules/api-management/service/named-value/README.md +++ b/modules/api-management/service/named-value/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Named Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,31 +20,84 @@ This module deploys an API Management Service Named Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | -| `name` | string | Named value Name. | +| [`displayName`](#parameter-displayname) | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | +| [`name`](#parameter-name) | string | Named value Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyVault` | object | `{object}` | KeyVault location details of the namedValue. | -| `secret` | bool | `False` | Determines whether the value is a secret and should be encrypted or not. Default value is false. | -| `tags` | array | `[]` | Tags that when provided can be used to filter the NamedValue list. - string. | -| `value` | string | `[newGuid()]` | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyVault`](#parameter-keyvault) | object | KeyVault location details of the namedValue. | +| [`secret`](#parameter-secret) | bool | Determines whether the value is a secret and should be encrypted or not. Default value is false. | +| [`tags`](#parameter-tags) | array | Tags that when provided can be used to filter the NamedValue list. - string. | +| [`value`](#parameter-value) | string | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `displayName` + +Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVault` + +KeyVault location details of the namedValue. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Named value Name. +- Required: Yes +- Type: string + +### Parameter: `secret` + +Determines whether the value is a secret and should be encrypted or not. Default value is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags that when provided can be used to filter the NamedValue list. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `value` + +Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: No +- Type: string +- Default: `[newGuid()]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the named value. | | `resourceGroupName` | string | The resource group the named value was deployed into. | diff --git a/modules/api-management/service/named-value/main.json b/modules/api-management/service/named-value/main.json index c75a4a3928..f47f644953 100644 --- a/modules/api-management/service/named-value/main.json +++ b/modules/api-management/service/named-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7537918735725646871" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", diff --git a/modules/api-management/service/policy/README.md b/modules/api-management/service/policy/README.md index 1e48186bc5..c9ca730024 100644 --- a/modules/api-management/service/policy/README.md +++ b/modules/api-management/service/policy/README.md @@ -19,28 +19,62 @@ This module deploys an API Management Service Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service policy. | | `resourceGroupName` | string | The resource group the API management service policy was deployed into. | diff --git a/modules/api-management/service/policy/main.json b/modules/api-management/service/policy/main.json index 65580b17b4..32bd1ce4bc 100644 --- a/modules/api-management/service/policy/main.json +++ b/modules/api-management/service/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8348924989076719813" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", diff --git a/modules/api-management/service/portalsetting/README.md b/modules/api-management/service/portalsetting/README.md index e9c2e989a7..92c67fce9e 100644 --- a/modules/api-management/service/portalsetting/README.md +++ b/modules/api-management/service/portalsetting/README.md @@ -19,27 +19,54 @@ This module deploys an API Management Service Portal Setting. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[delegation, signin, signup]` | Portal setting name. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Portal setting name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `properties` | object | `{object}` | Portal setting properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`properties`](#parameter-properties) | object | Portal setting properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Portal setting name. +- Required: Yes +- Type: string +- Allowed: `[delegation, signin, signup]` + +### Parameter: `properties` + +Portal setting properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service portal setting. | | `resourceGroupName` | string | The resource group the API management service portal setting was deployed into. | diff --git a/modules/api-management/service/portalsetting/main.json b/modules/api-management/service/portalsetting/main.json index 174392d0e0..01f872a8e5 100644 --- a/modules/api-management/service/portalsetting/main.json +++ b/modules/api-management/service/portalsetting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11909172258549553650" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", diff --git a/modules/api-management/service/product/README.md b/modules/api-management/service/product/README.md index e5b15b55f4..03ba03cf8b 100644 --- a/modules/api-management/service/product/README.md +++ b/modules/api-management/service/product/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Product. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,34 +21,109 @@ This module deploys an API Management Service Product. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Product Name. | +| [`name`](#parameter-name) | string | Product Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apis` | array | `[]` | Array of Product APIs. | -| `approvalRequired` | bool | `False` | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | -| `description` | string | `''` | Product description. May include HTML formatting tags. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `groups` | array | `[]` | Array of Product Groups. | -| `state` | string | `'published'` | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | -| `subscriptionRequired` | bool | `False` | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | -| `subscriptionsLimit` | int | `1` | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | -| `terms` | string | `''` | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apis`](#parameter-apis) | array | Array of Product APIs. | +| [`approvalRequired`](#parameter-approvalrequired) | bool | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`description`](#parameter-description) | string | Product description. May include HTML formatting tags. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`groups`](#parameter-groups) | array | Array of Product Groups. | +| [`state`](#parameter-state) | string | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | +| [`subscriptionsLimit`](#parameter-subscriptionslimit) | int | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`terms`](#parameter-terms) | string | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apis` + +Array of Product APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `approvalRequired` + +Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `description` + +Product description. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groups` + +Array of Product Groups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Product Name. +- Required: Yes +- Type: string + +### Parameter: `state` + +whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. +- Required: No +- Type: string +- Default: `'published'` + +### Parameter: `subscriptionRequired` + +Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `subscriptionsLimit` + +Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `terms` + +Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `apiResourceIds` | array | The Resources IDs of the API management service product APIs. | | `groupResourceIds` | array | The Resources IDs of the API management service product groups. | diff --git a/modules/api-management/service/product/api/README.md b/modules/api-management/service/product/api/README.md index fb2a3bcac8..3ae7df516b 100644 --- a/modules/api-management/service/product/api/README.md +++ b/modules/api-management/service/product/api/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product API. | +| [`name`](#parameter-name) | string | Name of the product API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product API. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product API. | | `resourceGroupName` | string | The resource group the product API was deployed into. | diff --git a/modules/api-management/service/product/api/main.json b/modules/api-management/service/product/api/main.json index 157c8181f7..0ecf6ebe3a 100644 --- a/modules/api-management/service/product/api/main.json +++ b/modules/api-management/service/product/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", diff --git a/modules/api-management/service/product/group/README.md b/modules/api-management/service/product/group/README.md index e58f9a3739..943378da28 100644 --- a/modules/api-management/service/product/group/README.md +++ b/modules/api-management/service/product/group/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product group. | +| [`name`](#parameter-name) | string | Name of the product group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product group. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product group. | | `resourceGroupName` | string | The resource group the product group was deployed into. | diff --git a/modules/api-management/service/product/group/main.json b/modules/api-management/service/product/group/main.json index de5f8ef5c8..209c9c33d6 100644 --- a/modules/api-management/service/product/group/main.json +++ b/modules/api-management/service/product/group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/product/main.json b/modules/api-management/service/product/main.json index 172a816f4f..94a2143e2a 100644 --- a/modules/api-management/service/product/main.json +++ b/modules/api-management/service/product/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11659142408016307537" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -153,8 +153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -267,8 +267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/subscription/README.md b/modules/api-management/service/subscription/README.md index 0195b16bfb..81c7f5c71b 100644 --- a/modules/api-management/service/subscription/README.md +++ b/modules/api-management/service/subscription/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Subscription. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,32 +19,93 @@ This module deploys an API Management Service Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Subscription name. | +| [`name`](#parameter-name) | string | Subscription name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowTracing` | bool | `True` | Determines whether tracing can be enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ownerId` | string | `''` | User (user ID path) for whom subscription is being created in form /users/{userId}. | -| `primaryKey` | string | `''` | Primary subscription key. If not specified during request key will be generated automatically. | -| `scope` | string | `'/apis'` | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | -| `secondaryKey` | string | `''` | Secondary subscription key. If not specified during request key will be generated automatically. | -| `state` | string | `''` | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowTracing`](#parameter-allowtracing) | bool | Determines whether tracing can be enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ownerId`](#parameter-ownerid) | string | User (user ID path) for whom subscription is being created in form /users/{userId}. | +| [`primaryKey`](#parameter-primarykey) | string | Primary subscription key. If not specified during request key will be generated automatically. | +| [`scope`](#parameter-scope) | string | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | +| [`secondaryKey`](#parameter-secondarykey) | string | Secondary subscription key. If not specified during request key will be generated automatically. | +| [`state`](#parameter-state) | string | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | + +### Parameter: `allowTracing` + +Determines whether tracing can be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Subscription name. +- Required: Yes +- Type: string + +### Parameter: `ownerId` + +User (user ID path) for whom subscription is being created in form /users/{userId}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `primaryKey` + +Primary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scope` + +Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". +- Required: No +- Type: string +- Default: `'/apis'` + +### Parameter: `secondaryKey` + +Secondary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `state` + +Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service subscription. | | `resourceGroupName` | string | The resource group the API management service subscription was deployed into. | diff --git a/modules/api-management/service/subscription/main.json b/modules/api-management/service/subscription/main.json index 2ca7d5862e..faefcb8783 100644 --- a/modules/api-management/service/subscription/main.json +++ b/modules/api-management/service/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15277659663277232184" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index f7bf489277..9c5e54e5f8 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/.test/min/main.test.bicep b/modules/app-configuration/configuration-store/.test/min/main.test.bicep index 141cbc3ee0..8770a7a8ca 100644 --- a/modules/app-configuration/configuration-store/.test/min/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index c29bc1d5bd..eb65704810 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -4,13 +4,13 @@ This module deploys an App Configuration Store. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,75 +22,30 @@ This module deploys an App Configuration Store. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure App Configuration. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `createMode` | string | `'Default'` | `[Default, Recover]` | Indicates whether the configuration store need to be recovered. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, HttpRequest]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `False` | | Disables all authentication methods other than AAD authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePurgeProtection` | bool | `False` | | Property specifying whether protection against purge is enabled for this configuration store. | -| `keyValues` | array | `[]` | | All Key / Values to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Free, Standard]` | Pricing tier of App Configuration. | -| `softDeleteRetentionInDays` | int | `1` | | The amount of time in days that the configuration store will be retained when it is soft deleted. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app configuration. | -| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | -| `resourceId` | string | The resource ID of the app configuration. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app-configuration.configuration-store:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-acccom' params: { // Required parameters @@ -234,14 +189,17 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accmin' params: { // Required parameters @@ -279,14 +237,14 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accpe' params: { // Required parameters @@ -385,3 +343,224 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure App Configuration. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`createMode`](#parameter-createmode) | string | Indicates whether the configuration store need to be recovered. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. | +| [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Pricing tier of App Configuration. | +| [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `createMode` + +Indicates whether the configuration store need to be recovered. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, Recover]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit, HttpRequest]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disables all authentication methods other than AAD authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Property specifying whether protection against purge is enabled for this configuration store. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyValues` + +All Key / Values to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure App Configuration. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Pricing tier of App Configuration. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Free, Standard]` + +### Parameter: `softDeleteRetentionInDays` + +The amount of time in days that the configuration store will be retained when it is soft deleted. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the app configuration. | +| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | +| `resourceId` | string | The resource ID of the app configuration. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/app-configuration/configuration-store/key-value/README.md b/modules/app-configuration/configuration-store/key-value/README.md index 4d8a0cc029..7aba86936e 100644 --- a/modules/app-configuration/configuration-store/key-value/README.md +++ b/modules/app-configuration/configuration-store/key-value/README.md @@ -4,12 +4,12 @@ This module deploys an App Configuration Store Key Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,29 +19,68 @@ This module deploys an App Configuration Store Key Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the key. | -| `value` | string | Name of the value. | +| [`name`](#parameter-name) | string | Name of the key. | +| [`value`](#parameter-value) | string | Name of the value. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appConfigurationName` | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | +| [`appConfigurationName`](#parameter-appconfigurationname) | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `contentType` | string | `''` | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contentType`](#parameter-contenttype) | string | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `appConfigurationName` + +The name of the parent app configuration store. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `contentType` + +The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the key. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `value` + +Name of the value. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the key values. | | `resourceGroupName` | string | The resource group the batch account was deployed into. | diff --git a/modules/app-configuration/configuration-store/key-value/main.json b/modules/app-configuration/configuration-store/key-value/main.json index 69e7caf120..bd6ba98307 100644 --- a/modules/app-configuration/configuration-store/key-value/main.json +++ b/modules/app-configuration/configuration-store/key-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18125120019454222929" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index 1442aabb14..9864464e86 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11782317267764138408" + "version": "0.22.6.54827", + "templateHash": "10110269901043104603" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -334,8 +334,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12355291254193028960" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", @@ -471,8 +471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3406373389314015592" + "version": "0.22.6.54827", + "templateHash": "17212866457936326905" } }, "parameters": { @@ -633,8 +633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -833,8 +833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -971,8 +971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index 3f215031b9..9667da2fbe 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/.test/min/main.test.bicep b/modules/app/container-app/.test/min/main.test.bicep index 66ba9c9e91..8969d7e6e3 100644 --- a/modules/app/container-app/.test/min/main.test.bicep +++ b/modules/app/container-app/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 941fff342b..5b3b27ad5c 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -5,10 +5,10 @@ This module deploys a Container App. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,80 +18,29 @@ This module deploys a Container App. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `containers` | array | List of container definitions for the Container App. | -| `environmentId` | string | Resource ID of environment. | -| `name` | string | Name of the Container App. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeRevisionsMode` | string | `'Single'` | `[Multiple, Single]` | ActiveRevisionsMode controls how active revisions are handled for the Container app. | -| `customDomains` | array | `[]` | | Custom domain bindings for Container App hostnames. | -| `dapr` | object | `{object}` | | Dapr configuration for the Container App. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exposedPort` | int | `0` | | Exposed Port in containers for TCP traffic from ingress. | -| `ingressAllowInsecure` | bool | `True` | | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | -| `ingressExternal` | bool | `True` | | Bool indicating if app exposes an external http endpoint. | -| `ingressTargetPort` | int | `80` | | Target Port in containers for traffic from ingress. | -| `ingressTransport` | string | `'auto'` | `[auto, http, http2, tcp]` | Ingress transport protocol. | -| `initContainersTemplate` | array | `[]` | | List of specialized containers that run before app containers. | -| `ipSecurityRestrictions` | array | `[]` | | Rules to restrict incoming IP address. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxInactiveRevisions` | int | `0` | | Max inactive revisions a Container App can have. | -| `registries` | array | `[]` | | Collection of private container registry credentials for containers used by the Container app. | -| `revisionSuffix` | string | `''` | | User friendly suffix that is appended to the revision name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | -| `scaleMaxReplicas` | int | `1` | | Maximum number of container replicas. Defaults to 10 if not set. | -| `scaleMinReplicas` | int | `0` | | Minimum number of container replicas. | -| `scaleRules` | array | `[]` | | Scaling rules. | -| `secrets` | secureObject | `{object}` | | The secrets of the Container App. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trafficLabel` | string | `'label-1'` | | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | -| `trafficLatestRevision` | bool | `True` | | Indicates that the traffic weight belongs to a latest stable revision. | -| `trafficRevisionName` | string | `''` | | Name of a revision. | -| `trafficWeight` | int | `100` | | Traffic weight assigned to a revision. | -| `userAssignedIdentities` | object | `{object}` | | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | -| `volumes` | array | `[]` | | List of volume definitions for the Container App. | -| `workloadProfileType` | string | `''` | | Workload profile type to pin for container app execution. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Container App. | -| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | -| `resourceId` | string | The resource ID of the Container App. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.container-app:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappcom' params: { // Required parameters @@ -233,14 +182,17 @@ module containerApp './app/container-app/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappmin' params: { // Required parameters @@ -317,3 +269,294 @@ module containerApp './app/container-app/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. | +| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. | +| [`name`](#parameter-name) | string | Name of the Container App. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeRevisionsMode`](#parameter-activerevisionsmode) | string | ActiveRevisionsMode controls how active revisions are handled for the Container app. | +| [`customDomains`](#parameter-customdomains) | array | Custom domain bindings for Container App hostnames. | +| [`dapr`](#parameter-dapr) | object | Dapr configuration for the Container App. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exposedPort`](#parameter-exposedport) | int | Exposed Port in containers for TCP traffic from ingress. | +| [`ingressAllowInsecure`](#parameter-ingressallowinsecure) | bool | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | +| [`ingressExternal`](#parameter-ingressexternal) | bool | Bool indicating if app exposes an external http endpoint. | +| [`ingressTargetPort`](#parameter-ingresstargetport) | int | Target Port in containers for traffic from ingress. | +| [`ingressTransport`](#parameter-ingresstransport) | string | Ingress transport protocol. | +| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | +| [`ipSecurityRestrictions`](#parameter-ipsecurityrestrictions) | array | Rules to restrict incoming IP address. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxInactiveRevisions`](#parameter-maxinactiverevisions) | int | Max inactive revisions a Container App can have. | +| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | +| [`revisionSuffix`](#parameter-revisionsuffix) | string | User friendly suffix that is appended to the revision name. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | +| [`scaleMaxReplicas`](#parameter-scalemaxreplicas) | int | Maximum number of container replicas. Defaults to 10 if not set. | +| [`scaleMinReplicas`](#parameter-scaleminreplicas) | int | Minimum number of container replicas. | +| [`scaleRules`](#parameter-scalerules) | array | Scaling rules. | +| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trafficLabel`](#parameter-trafficlabel) | string | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | +| [`trafficLatestRevision`](#parameter-trafficlatestrevision) | bool | Indicates that the traffic weight belongs to a latest stable revision. | +| [`trafficRevisionName`](#parameter-trafficrevisionname) | string | Name of a revision. | +| [`trafficWeight`](#parameter-trafficweight) | int | Traffic weight assigned to a revision. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | +| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | +| [`workloadProfileType`](#parameter-workloadprofiletype) | string | Workload profile type to pin for container app execution. | + +### Parameter: `activeRevisionsMode` + +ActiveRevisionsMode controls how active revisions are handled for the Container app. +- Required: No +- Type: string +- Default: `'Single'` +- Allowed: `[Multiple, Single]` + +### Parameter: `containers` + +List of container definitions for the Container App. +- Required: Yes +- Type: array + +### Parameter: `customDomains` + +Custom domain bindings for Container App hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dapr` + +Dapr configuration for the Container App. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `environmentId` + +Resource ID of environment. +- Required: Yes +- Type: string + +### Parameter: `exposedPort` + +Exposed Port in containers for TCP traffic from ingress. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `ingressAllowInsecure` + +Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressExternal` + +Bool indicating if app exposes an external http endpoint. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressTargetPort` + +Target Port in containers for traffic from ingress. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `ingressTransport` + +Ingress transport protocol. +- Required: No +- Type: string +- Default: `'auto'` +- Allowed: `[auto, http, http2, tcp]` + +### Parameter: `initContainersTemplate` + +List of specialized containers that run before app containers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipSecurityRestrictions` + +Rules to restrict incoming IP address. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxInactiveRevisions` + +Max inactive revisions a Container App can have. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Container App. +- Required: Yes +- Type: string + +### Parameter: `registries` + +Collection of private container registry credentials for containers used by the Container app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `revisionSuffix` + +User friendly suffix that is appended to the revision name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scaleMaxReplicas` + +Maximum number of container replicas. Defaults to 10 if not set. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `scaleMinReplicas` + +Minimum number of container replicas. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `scaleRules` + +Scaling rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +The secrets of the Container App. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trafficLabel` + +Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. +- Required: No +- Type: string +- Default: `'label-1'` + +### Parameter: `trafficLatestRevision` + +Indicates that the traffic weight belongs to a latest stable revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `trafficRevisionName` + +Name of a revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `trafficWeight` + +Traffic weight assigned to a revision. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `userAssignedIdentities` + +The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +List of volume definitions for the Container App. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workloadProfileType` + +Workload profile type to pin for container app execution. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Container App. | +| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | +| `resourceId` | string | The resource ID of the Container App. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/container-app/main.json b/modules/app/container-app/main.json index e2de42de12..1d501046a4 100644 --- a/modules/app/container-app/main.json +++ b/modules/app/container-app/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16754480041180669063" + "version": "0.22.6.54827", + "templateHash": "2221038631504030167" }, "name": "Container Apps", "description": "This module deploys a Container App.", @@ -371,8 +371,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9188415638960634445" + "version": "0.22.6.54827", + "templateHash": "6133741258710054291" } }, "parameters": { diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 076aa920a4..6a3a769e96 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/.test/min/main.test.bicep b/modules/app/managed-environment/.test/min/main.test.bicep index 6692258b4d..ceab992425 100644 --- a/modules/app/managed-environment/.test/min/main.test.bicep +++ b/modules/app/managed-environment/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index e432404e3a..980eb7a04c 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -5,10 +5,10 @@ This module deploys an App Managed Environment (also known as a Container App En ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,73 +18,29 @@ This module deploys an App Managed Environment (also known as a Container App En | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceResourceId` | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | -| `name` | string | Name of the Container Apps Managed Environment. | - -**Conditional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `infrastructureSubnetId` | string | `''` | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `certificatePassword` | securestring | `''` | | Password of the certificate used by the custom domain. | -| `certificateValue` | securestring | `''` | | Certificate to use for the custom domain. PFX or PEM. | -| `daprAIConnectionString` | securestring | `''` | | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | -| `daprAIInstrumentationKey` | securestring | `''` | | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | -| `dnsSuffix` | string | `''` | | DNS suffix for the environment domain. | -| `dockerBridgeCidr` | string | `''` | | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `enableDefaultTelemetry` | bool | | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `internal` | bool | `False` | | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsDestination` | string | `'log-analytics'` | | Logs destination. | -| `platformReservedCidr` | string | `''` | | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `platformReservedDnsIP` | string | `''` | | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Consumption'` | `[Consumption, Premium]` | Managed environment SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `workloadProfiles` | array | `[]` | | Workload profiles configured for the Managed Environment. | -| `zoneRedundant` | bool | `False` | | Whether or not this Managed Environment is zone-redundant. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Managed Environment. | -| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | -| `resourceId` | string | The resource ID of the Managed Environment. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.managed-environment:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amecom' params: { // Required parameters @@ -168,14 +124,17 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amemin' params: { // Required parameters @@ -214,3 +173,202 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`logAnalyticsWorkspaceResourceId`](#parameter-loganalyticsworkspaceresourceid) | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | +| [`name`](#parameter-name) | string | Name of the Container Apps Managed Environment. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`infrastructureSubnetId`](#parameter-infrastructuresubnetid) | string | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificatePassword`](#parameter-certificatepassword) | securestring | Password of the certificate used by the custom domain. | +| [`certificateValue`](#parameter-certificatevalue) | securestring | Certificate to use for the custom domain. PFX or PEM. | +| [`daprAIConnectionString`](#parameter-dapraiconnectionstring) | securestring | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | +| [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. | +| [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | +| [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Managed environment SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | + +### Parameter: `certificatePassword` + +Password of the certificate used by the custom domain. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `certificateValue` + +Certificate to use for the custom domain. PFX or PEM. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIConnectionString` + +Application Insights connection string used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIInstrumentationKey` + +Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `dnsSuffix` + +DNS suffix for the environment domain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dockerBridgeCidr` + +CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: Yes +- Type: bool + +### Parameter: `infrastructureSubnetId` + +Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `internal` + +Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `logAnalyticsWorkspaceResourceId` + +Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). +- Required: Yes +- Type: string + +### Parameter: `logsDestination` + +Logs destination. +- Required: No +- Type: string +- Default: `'log-analytics'` + +### Parameter: `name` + +Name of the Container Apps Managed Environment. +- Required: Yes +- Type: string + +### Parameter: `platformReservedCidr` + +IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `platformReservedDnsIP` + +An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Managed environment SKU. +- Required: No +- Type: string +- Default: `'Consumption'` +- Allowed: `[Consumption, Premium]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workloadProfiles` + +Workload profiles configured for the Managed Environment. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundant` + +Whether or not this Managed Environment is zone-redundant. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Managed Environment. | +| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | +| `resourceId` | string | The resource ID of the Managed Environment. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json index a958ca3a6e..71407f0d6d 100644 --- a/modules/app/managed-environment/main.json +++ b/modules/app/managed-environment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14963884189492658840" + "version": "0.22.6.54827", + "templateHash": "3480452524372003572" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -264,8 +264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10028072894056989627" + "version": "0.22.6.54827", + "templateHash": "18101859194273235473" } }, "parameters": { diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep index 197c3e06aa..aa9099f4a9 100644 --- a/modules/authorization/lock/.test/common/main.test.bicep +++ b/modules/authorization/lock/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 1555dae44e..abc4f9706c 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -5,10 +5,10 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,52 +16,28 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location for all resources. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | -| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | -| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the lock. | -| `resourceId` | string | The resource ID of the lock. | -| `scope` | string | The scope this lock applies to. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.lock:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module lock './authorization/lock/main.bicep' = { +module lock 'br:bicep/modules/authorization.lock:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-alcom' params: { // Required parameters @@ -106,3 +82,77 @@ module lock './authorization/lock/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. +- Required: No +- Type: string +- Default: `[subscription().id]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceId` | string | The resource ID of the lock. | +| `scope` | string | The scope this lock applies to. | + +## Cross-referenced modules + +_None_ diff --git a/modules/authorization/lock/main.json b/modules/authorization/lock/main.json index a6018e68bc..927dc1ae2c 100644 --- a/modules/authorization/lock/main.json +++ b/modules/authorization/lock/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15010949072500473441" + "version": "0.22.6.54827", + "templateHash": "15385346851879884120" }, "name": "Authorization Locks (All scopes)", "description": "This module deploys an Authorization Lock at a Subscription or Resource Group scope.", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15362884032350876286" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", @@ -239,8 +239,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10420976827552614779" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/resource-group/README.md b/modules/authorization/lock/resource-group/README.md index 146e48ed25..9fff1df214 100644 --- a/modules/authorization/lock/resource-group/README.md +++ b/modules/authorization/lock/resource-group/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceGroupName` | string | The name of the resource group name the lock was applied to. | diff --git a/modules/authorization/lock/resource-group/main.json b/modules/authorization/lock/resource-group/main.json index 25b2ec1b99..903530da93 100644 --- a/modules/authorization/lock/resource-group/main.json +++ b/modules/authorization/lock/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7885747985110001606" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/subscription/README.md b/modules/authorization/lock/subscription/README.md index 35fe0fd8ca..56454213bb 100644 --- a/modules/authorization/lock/subscription/README.md +++ b/modules/authorization/lock/subscription/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Subscription scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceId` | string | The resource ID of the lock. | diff --git a/modules/authorization/lock/subscription/main.json b/modules/authorization/lock/subscription/main.json index 5664616784..19ec31903c 100644 --- a/modules/authorization/lock/subscription/main.json +++ b/modules/authorization/lock/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10927394621764774821" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md index ff0ddb908a..a74ad84ead 100644 --- a/modules/authorization/policy-assignment/README.md +++ b/modules/authorization/policy-assignment/README.md @@ -4,80 +4,44 @@ This module deploys a Policy Assignment at a Management Group, Subscription or R ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-06-01/policyAssignments) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `''` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | Policy Assignment Name. | -| `principalId` | string | Policy Assignment principal ID. | -| `resourceId` | string | Policy Assignment resource ID. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-assignment:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apamgcom' params: { // Required parameters @@ -273,14 +237,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apamgmin' params: { // Required parameters @@ -330,14 +294,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargcom' params: { // Required parameters @@ -541,14 +505,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargmin' params: { // Required parameters @@ -602,14 +566,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubcom' params: { // Required parameters @@ -809,14 +773,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubmin' params: { // Required parameters @@ -875,6 +839,184 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | Policy Assignment Name. | +| `principalId` | string | Policy Assignment principal ID. | +| `resourceId` | string | Policy Assignment resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-assignment/main.json b/modules/authorization/policy-assignment/main.json index 66bced0521..4b15a7c3ee 100644 --- a/modules/authorization/policy-assignment/main.json +++ b/modules/authorization/policy-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13477192333915886863" + "version": "0.22.6.54827", + "templateHash": "10579624444479342334" }, "name": "Policy Assignments (All scopes)", "description": "This module deploys a Policy Assignment at a Management Group, Subscription or Resource Group scope.", @@ -226,8 +226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15108071880274736880" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", @@ -506,8 +506,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15303635224407962753" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", @@ -786,8 +786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17736185251366823136" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/management-group/README.md b/modules/authorization/policy-assignment/management-group/README.md index 086b1d38ea..5bdeb7fe3c 100644 --- a/modules/authorization/policy-assignment/management-group/README.md +++ b/modules/authorization/policy-assignment/management-group/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/management-group/main.json b/modules/authorization/policy-assignment/management-group/main.json index 1f346ad116..5041a99c35 100644 --- a/modules/authorization/policy-assignment/management-group/main.json +++ b/modules/authorization/policy-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8902545451587564927" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", diff --git a/modules/authorization/policy-assignment/resource-group/README.md b/modules/authorization/policy-assignment/resource-group/README.md index 6ed90b07ac..fa03fd32ea 100644 --- a/modules/authorization/policy-assignment/resource-group/README.md +++ b/modules/authorization/policy-assignment/resource-group/README.md @@ -20,36 +20,162 @@ This module deploys a Policy Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/resource-group/main.json b/modules/authorization/policy-assignment/resource-group/main.json index 91b95356eb..65912a4b91 100644 --- a/modules/authorization/policy-assignment/resource-group/main.json +++ b/modules/authorization/policy-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18205418867751406787" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/subscription/README.md b/modules/authorization/policy-assignment/subscription/README.md index 26810db431..c861c6e6c7 100644 --- a/modules/authorization/policy-assignment/subscription/README.md +++ b/modules/authorization/policy-assignment/subscription/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/subscription/main.json b/modules/authorization/policy-assignment/subscription/main.json index 24a4662eca..5d6deb533a 100644 --- a/modules/authorization/policy-assignment/subscription/main.json +++ b/modules/authorization/policy-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13568773713405945676" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md index eea97f4ec3..0ab10d1680 100644 --- a/modules/authorization/policy-definition/README.md +++ b/modules/authorization/policy-definition/README.md @@ -4,70 +4,41 @@ This module deploys a Policy Definition at a Management Group or Subscription sc ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Definition Name. | -| `resourceId` | string | Policy Definition resource ID. | -| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | - -## Cross-referenced modules - -_None_ +## Usage examples -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgcom' params: { // Required parameters @@ -215,14 +186,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgmin' params: { // Required parameters @@ -308,14 +279,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubcom' params: { // Required parameters @@ -463,14 +434,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubmin' params: { // Required parameters @@ -557,6 +528,118 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Definition Name. | +| `resourceId` | string | Policy Definition resource ID. | +| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-definition/main.json b/modules/authorization/policy-definition/main.json index 2d366af87f..0667382c4a 100644 --- a/modules/authorization/policy-definition/main.json +++ b/modules/authorization/policy-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15749498802750084340" + "version": "0.22.6.54827", + "templateHash": "12398926446776214850" }, "name": "Policy Definitions (All scopes)", "description": "This module deploys a Policy Definition at a Management Group or Subscription scope.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17859945353406314149" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", @@ -332,8 +332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7453988849629465072" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-definition/management-group/README.md b/modules/authorization/policy-definition/management-group/README.md index 01780427c6..d09b6aad3e 100644 --- a/modules/authorization/policy-definition/management-group/README.md +++ b/modules/authorization/policy-definition/management-group/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/management-group/main.json b/modules/authorization/policy-definition/management-group/main.json index c1d82a9803..0c99261e72 100644 --- a/modules/authorization/policy-definition/management-group/main.json +++ b/modules/authorization/policy-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14890815799488372081" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", diff --git a/modules/authorization/policy-definition/subscription/README.md b/modules/authorization/policy-definition/subscription/README.md index 2557236387..acb2ee448d 100644 --- a/modules/authorization/policy-definition/subscription/README.md +++ b/modules/authorization/policy-definition/subscription/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/subscription/main.json b/modules/authorization/policy-definition/subscription/main.json index 9d45f6df13..d765d1b498 100644 --- a/modules/authorization/policy-definition/subscription/main.json +++ b/modules/authorization/policy-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14434059777291440353" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md index 50aeb359a3..8fc662328a 100644 --- a/modules/authorization/policy-exemption/README.md +++ b/modules/authorization/policy-exemption/README.md @@ -4,74 +4,43 @@ This module deploys a Policy Exemption at a Management Group, Subscription or Re ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyExemptions` | [2022-07-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-07-01-preview/policyExemptions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceGroupName` | string | `''` | | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Exemption Name. | -| `resourceId` | string | Policy Exemption resource ID. | -| `scope` | string | Policy Exemption Scope. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-exemption:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgcom' params: { // Required parameters @@ -177,14 +146,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgmin' params: { // Required parameters @@ -226,14 +195,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergcom' params: { // Required parameters @@ -339,14 +308,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergmin' params: { // Required parameters @@ -388,14 +357,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubcom' params: { // Required parameters @@ -501,14 +470,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubmin' params: { // Required parameters @@ -551,6 +520,151 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Exemption Name. | +| `resourceId` | string | Policy Exemption resource ID. | +| `scope` | string | Policy Exemption Scope. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-exemption/main.json b/modules/authorization/policy-exemption/main.json index a870d46d9b..37bb291bf4 100644 --- a/modules/authorization/policy-exemption/main.json +++ b/modules/authorization/policy-exemption/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7537469788100455482" + "version": "0.22.6.54827", + "templateHash": "5596643679633132129" }, "name": "Policy Exemptions (All scopes)", "description": "This module deploys a Policy Exemption at a Management Group, Subscription or Resource Group scope.", @@ -202,8 +202,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5811278633353778987" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", @@ -413,8 +413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16790622898117117515" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", @@ -621,8 +621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15066914920145194393" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/management-group/README.md b/modules/authorization/policy-exemption/management-group/README.md index 1bfb787eab..7cca1936a3 100644 --- a/modules/authorization/policy-exemption/management-group/README.md +++ b/modules/authorization/policy-exemption/management-group/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/management-group/main.json b/modules/authorization/policy-exemption/management-group/main.json index 9d9e463ba8..8271a1ee56 100644 --- a/modules/authorization/policy-exemption/management-group/main.json +++ b/modules/authorization/policy-exemption/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17592627855612646241" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", diff --git a/modules/authorization/policy-exemption/resource-group/README.md b/modules/authorization/policy-exemption/resource-group/README.md index 7fd6faa68a..cc3f54c9b9 100644 --- a/modules/authorization/policy-exemption/resource-group/README.md +++ b/modules/authorization/policy-exemption/resource-group/README.md @@ -19,29 +19,106 @@ This module deploys a Policy Exemption at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceGroupName` | string | The name of the resource group the policy exemption was applied at. | diff --git a/modules/authorization/policy-exemption/resource-group/main.json b/modules/authorization/policy-exemption/resource-group/main.json index f9d5590f54..8672a1ff5d 100644 --- a/modules/authorization/policy-exemption/resource-group/main.json +++ b/modules/authorization/policy-exemption/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13048294777047698866" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/subscription/README.md b/modules/authorization/policy-exemption/subscription/README.md index 82e45d2349..8094b8371f 100644 --- a/modules/authorization/policy-exemption/subscription/README.md +++ b/modules/authorization/policy-exemption/subscription/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/subscription/main.json b/modules/authorization/policy-exemption/subscription/main.json index 2418e1af36..b9bce72b18 100644 --- a/modules/authorization/policy-exemption/subscription/main.json +++ b/modules/authorization/policy-exemption/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5067037150154630010" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md index aba3a1620c..fdedfe70d8 100644 --- a/modules/authorization/policy-set-definition/README.md +++ b/modules/authorization/policy-set-definition/README.md @@ -4,69 +4,41 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group o ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policySetDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policySetDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | -| `subscriptionId` | string | `''` | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Set Definition Name. | -| `resourceId` | string | Policy Set Definition resource ID. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-set-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgcom' params: { // Required parameters @@ -202,14 +174,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgmin' params: { // Required parameters @@ -273,14 +245,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubcom' params: { // Required parameters @@ -416,14 +388,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubmin' params: { // Required parameters @@ -488,6 +460,116 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Set Definition Name. | +| `resourceId` | string | Policy Set Definition resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-set-definition/main.json b/modules/authorization/policy-set-definition/main.json index 4416cb72bf..d0051bf41a 100644 --- a/modules/authorization/policy-set-definition/main.json +++ b/modules/authorization/policy-set-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1831706179623308969" + "version": "0.22.6.54827", + "templateHash": "9153336425223705834" }, "name": "Policy Set Definitions (Initiatives) (All scopes)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group or Subscription scope.", @@ -146,8 +146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9278231745561513332" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", @@ -305,8 +305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3357776167220688626" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/management-group/README.md b/modules/authorization/policy-set-definition/management-group/README.md index 40de7bcd60..6e0a971597 100644 --- a/modules/authorization/policy-set-definition/management-group/README.md +++ b/modules/authorization/policy-set-definition/management-group/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group s **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/management-group/main.json b/modules/authorization/policy-set-definition/management-group/main.json index baa439be6e..9b627357b6 100644 --- a/modules/authorization/policy-set-definition/management-group/main.json +++ b/modules/authorization/policy-set-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1638152228410583836" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", diff --git a/modules/authorization/policy-set-definition/subscription/README.md b/modules/authorization/policy-set-definition/subscription/README.md index 64b2597fe0..8b0f87ad46 100644 --- a/modules/authorization/policy-set-definition/subscription/README.md +++ b/modules/authorization/policy-set-definition/subscription/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Subscription scope **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/subscription/main.json b/modules/authorization/policy-set-definition/subscription/main.json index 430128e583..4f8ea43907 100644 --- a/modules/authorization/policy-set-definition/subscription/main.json +++ b/modules/authorization/policy-set-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8864751360907211482" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md index 005701544c..5d881fcdaf 100644 --- a/modules/authorization/role-assignment/README.md +++ b/modules/authorization/role-assignment/README.md @@ -4,71 +4,43 @@ This module deploys a Role Assignment at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `''` | | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | -| `subscriptionId` | string | `''` | | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Assignment. | -| `resourceId` | string | The resource ID of the Role Assignment. | -| `scope` | string | The scope this Role Assignment applies to. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-assignment:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgcom' params: { // Required parameters @@ -122,14 +94,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgmin' params: { // Required parameters @@ -175,14 +147,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargcom' params: { // Required parameters @@ -240,14 +212,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargmin' params: { // Required parameters @@ -301,14 +273,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubcom' params: { // Required parameters @@ -362,14 +334,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubmin' params: { // Required parameters @@ -420,6 +392,127 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/role-assignment/main.json b/modules/authorization/role-assignment/main.json index 23f3d4897d..0cf8880ab7 100644 --- a/modules/authorization/role-assignment/main.json +++ b/modules/authorization/role-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14335081108343042206" + "version": "0.22.6.54827", + "templateHash": "807341397297135440" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6412111068130570787" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -756,8 +756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15330444935750176887" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -1345,8 +1345,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11095586144343595797" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/management-group/README.md b/modules/authorization/role-assignment/management-group/README.md index 911ac2c8e6..2166992af8 100644 --- a/modules/authorization/role-assignment/management-group/README.md +++ b/modules/authorization/role-assignment/management-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/management-group/main.json b/modules/authorization/role-assignment/management-group/main.json index 5356f24b6f..c7695ece43 100644 --- a/modules/authorization/role-assignment/management-group/main.json +++ b/modules/authorization/role-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5116103670131987468" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", diff --git a/modules/authorization/role-assignment/resource-group/README.md b/modules/authorization/role-assignment/resource-group/README.md index a2cd0959a5..3699890e4a 100644 --- a/modules/authorization/role-assignment/resource-group/README.md +++ b/modules/authorization/role-assignment/resource-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceGroupName` | string | The name of the resource group the role assignment was applied at. | diff --git a/modules/authorization/role-assignment/resource-group/main.json b/modules/authorization/role-assignment/resource-group/main.json index 056f28f034..3ce0469854 100644 --- a/modules/authorization/role-assignment/resource-group/main.json +++ b/modules/authorization/role-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1439450089488966223" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/subscription/README.md b/modules/authorization/role-assignment/subscription/README.md index 58b5d059a4..cf374e9f4d 100644 --- a/modules/authorization/role-assignment/subscription/README.md +++ b/modules/authorization/role-assignment/subscription/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/subscription/main.json b/modules/authorization/role-assignment/subscription/main.json index 751db130ed..12889ef5e5 100644 --- a/modules/authorization/role-assignment/subscription/main.json +++ b/modules/authorization/role-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "318736480892502738" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", diff --git a/modules/authorization/role-definition/main.json b/modules/authorization/role-definition/main.json index cf31e78348..51ac23254d 100644 --- a/modules/authorization/role-definition/main.json +++ b/modules/authorization/role-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18292113724809460809" + "version": "0.22.6.54827", + "templateHash": "16702773762135222765" }, "name": "Role Definitions (All scopes)", "description": "This module deploys a Role Definition at a Management Group, Subscription or Resource Group scope.", @@ -151,8 +151,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1388091612585738122" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", @@ -313,8 +313,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11994641933581262080" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", @@ -491,8 +491,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "51591651981484766" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/management-group/README.md b/modules/authorization/role-definition/management-group/README.md index 02a11b45bc..e892466ced 100644 --- a/modules/authorization/role-definition/management-group/README.md +++ b/modules/authorization/role-definition/management-group/README.md @@ -19,26 +19,81 @@ This module deploys a Role Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/management-group/main.json b/modules/authorization/role-definition/management-group/main.json index cc28a185f9..00d197b4e8 100644 --- a/modules/authorization/role-definition/management-group/main.json +++ b/modules/authorization/role-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15321014984642305644" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", diff --git a/modules/authorization/role-definition/resource-group/README.md b/modules/authorization/role-definition/resource-group/README.md index 924c4eb112..1e5da9a0d7 100644 --- a/modules/authorization/role-definition/resource-group/README.md +++ b/modules/authorization/role-definition/resource-group/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `[resourceGroup().name]` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceGroupName` | string | The name of the resource group the role definition was created at. | diff --git a/modules/authorization/role-definition/resource-group/main.json b/modules/authorization/role-definition/resource-group/main.json index 734ae5e18c..c10d685cc7 100644 --- a/modules/authorization/role-definition/resource-group/main.json +++ b/modules/authorization/role-definition/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13735806028928031798" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/subscription/README.md b/modules/authorization/role-definition/subscription/README.md index 3bbd9894b0..e0f96a3894 100644 --- a/modules/authorization/role-definition/subscription/README.md +++ b/modules/authorization/role-definition/subscription/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/subscription/main.json b/modules/authorization/role-definition/subscription/main.json index 13af925166..ab79f1d69a 100644 --- a/modules/authorization/role-definition/subscription/main.json +++ b/modules/authorization/role-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9532889033437004469" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index 2efb5d1f6e..7bfe9ab16b 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/.test/min/main.test.bicep b/modules/automation/automation-account/.test/min/main.test.bicep index 85372aede7..3156e8971b 100644 --- a/modules/automation/automation-account/.test/min/main.test.bicep +++ b/modules/automation/automation-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 5124c0d274..524df37508 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -38,11 +38,14 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/automation.automation-account:1.0.0`. -- [Common](#example-1-common) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Encr](#example-2-encr) -- [Min](#example-3-min) +- [Using only defaults](#example-3-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. -### Example 1: _Common_

@@ -550,7 +553,10 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0'

-### Example 3: _Min_ +### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +

diff --git a/modules/automation/automation-account/job-schedule/README.md b/modules/automation/automation-account/job-schedule/README.md index d5f88fc047..57460c8123 100644 --- a/modules/automation/automation-account/job-schedule/README.md +++ b/modules/automation/automation-account/job-schedule/README.md @@ -19,35 +19,81 @@ This module deploys an Azure Automation Account Job Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `runbookName` | string | The runbook property associated with the entity. | -| `scheduleName` | string | The schedule property associated with the entity. | +| [`runbookName`](#parameter-runbookname) | string | The runbook property associated with the entity. | +| [`scheduleName`](#parameter-schedulename) | string | The schedule property associated with the entity. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `parameters` | object | `{object}` | List of job properties. | -| `runOn` | string | `''` | The hybrid worker group that the scheduled job should run on. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`parameters`](#parameter-parameters) | object | List of job properties. | +| [`runOn`](#parameter-runon) | string | The hybrid worker group that the scheduled job should run on. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[newGuid()]` | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `parameters` + +List of job properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `runbookName` + +The runbook property associated with the entity. +- Required: Yes +- Type: string + +### Parameter: `runOn` + +The hybrid worker group that the scheduled job should run on. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scheduleName` + +The schedule property associated with the entity. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed job schedule. | | `resourceGroupName` | string | The resource group of the deployed job schedule. | diff --git a/modules/automation/automation-account/job-schedule/main.json b/modules/automation/automation-account/job-schedule/main.json index 5fee90a026..bb8ec2e35b 100644 --- a/modules/automation/automation-account/job-schedule/main.json +++ b/modules/automation/automation-account/job-schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12038142052110102548" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 413b25d49a..e99ac28588 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "715583337826412599" + "version": "0.22.6.54827", + "templateHash": "14616774767362362836" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -387,8 +387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6993581259043167782" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -544,8 +544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14615504958276169101" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -740,8 +740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14475542689236047442" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -945,8 +945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12703294720660038691" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -1097,8 +1097,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10724020478275741370" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -1235,8 +1235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7090165993767697446" + "version": "0.22.6.54827", + "templateHash": "15022791045507209174" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -1377,8 +1377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9052763253522380709" + "version": "0.22.6.54827", + "templateHash": "2318608107759137473" }, "name": "Operations Management Solutions", "description": "This module deploys an Operations Management Solution.", @@ -1563,8 +1563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17973053005173772952" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -2035,8 +2035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2373,8 +2373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2587,8 +2587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10676519467876912979" + "version": "0.22.6.54827", + "templateHash": "10195514445399502357" } }, "parameters": { diff --git a/modules/automation/automation-account/module/README.md b/modules/automation/automation-account/module/README.md index 21ea5e81c4..bba5a2892b 100644 --- a/modules/automation/automation-account/module/README.md +++ b/modules/automation/automation-account/module/README.md @@ -19,30 +19,76 @@ This module deploys an Azure Automation Account Module. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account module. | -| `uri` | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | +| [`name`](#parameter-name) | string | Name of the Automation Account module. | +| [`uri`](#parameter-uri) | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `version` | string | `'latest'` | Module version or specify latest to get the latest version. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`version`](#parameter-version) | string | Module version or specify latest to get the latest version. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account module. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uri` + +Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. +- Required: Yes +- Type: string + +### Parameter: `version` + +Module version or specify latest to get the latest version. +- Required: No +- Type: string +- Default: `'latest'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed module. | diff --git a/modules/automation/automation-account/module/main.json b/modules/automation/automation-account/module/main.json index 92e1b857bf..bf3c18c30b 100644 --- a/modules/automation/automation-account/module/main.json +++ b/modules/automation/automation-account/module/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12776439865232935886" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", diff --git a/modules/automation/automation-account/runbook/README.md b/modules/automation/automation-account/runbook/README.md index 5712d4182b..8cb4f7f0c8 100644 --- a/modules/automation/automation-account/runbook/README.md +++ b/modules/automation/automation-account/runbook/README.md @@ -19,40 +19,122 @@ This module deploys an Azure Automation Account Runbook. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the Automation Account runbook. | -| `type` | string | `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` | The type of the runbook. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account runbook. | +| [`type`](#parameter-type) | string | The type of the runbook. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the runbook. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `sasTokenValidityLength` | string | `'PT8H'` | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `scriptStorageAccountId` | string | `''` | ID of the runbook storage account. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `uri` | string | `''` | The uri of the runbook content. | -| `version` | string | `''` | The version of the runbook content. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the runbook. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`scriptStorageAccountId`](#parameter-scriptstorageaccountid) | string | ID of the runbook storage account. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`uri`](#parameter-uri) | string | The uri of the runbook content. | +| [`version`](#parameter-version) | string | The version of the runbook content. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the runbook. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account runbook. +- Required: Yes +- Type: string + +### Parameter: `sasTokenValidityLength` + +SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `scriptStorageAccountId` + +ID of the runbook storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of the runbook. +- Required: Yes +- Type: string +- Allowed: `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` + +### Parameter: `uri` + +The uri of the runbook content. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `version` + +The version of the runbook content. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed runbook. | diff --git a/modules/automation/automation-account/runbook/main.json b/modules/automation/automation-account/runbook/main.json index 21cabe276d..3a2f126c75 100644 --- a/modules/automation/automation-account/runbook/main.json +++ b/modules/automation/automation-account/runbook/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "123190998372280958" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", diff --git a/modules/automation/automation-account/schedule/README.md b/modules/automation/automation-account/schedule/README.md index c337d0a7a1..df92b24d03 100644 --- a/modules/automation/automation-account/schedule/README.md +++ b/modules/automation/automation-account/schedule/README.md @@ -19,39 +19,115 @@ This module deploys an Azure Automation Account Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account schedule. | +| [`name`](#parameter-name) | string | Name of the Automation Account schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `advancedSchedule` | object | `{object}` | | The properties of the create Advanced Schedule. | -| `description` | string | `''` | | The description of the schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expiryTime` | string | `''` | | The end time of the schedule. | -| `frequency` | string | `'OneTime'` | `[Day, Hour, Minute, Month, OneTime, Week]` | The frequency of the schedule. | -| `interval` | int | `0` | | Anything. | -| `startTime` | string | `''` | | The start time of the schedule. | -| `timeZone` | string | `''` | | The time zone of the schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`advancedSchedule`](#parameter-advancedschedule) | object | The properties of the create Advanced Schedule. | +| [`description`](#parameter-description) | string | The description of the schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the schedule. | +| [`frequency`](#parameter-frequency) | string | The frequency of the schedule. | +| [`interval`](#parameter-interval) | int | Anything. | +| [`startTime`](#parameter-starttime) | string | The start time of the schedule. | +| [`timeZone`](#parameter-timezone) | string | The time zone of the schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `advancedSchedule` + +The properties of the create Advanced Schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expiryTime` + +The end time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frequency` + +The frequency of the schedule. +- Required: No +- Type: string +- Default: `'OneTime'` +- Allowed: `[Day, Hour, Minute, Month, OneTime, Week]` + +### Parameter: `interval` + +Anything. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Automation Account schedule. +- Required: Yes +- Type: string + +### Parameter: `startTime` + +The start time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +The time zone of the schedule. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed schedule. | | `resourceGroupName` | string | The resource group of the deployed schedule. | diff --git a/modules/automation/automation-account/schedule/main.json b/modules/automation/automation-account/schedule/main.json index b76ec06a61..4183686e3a 100644 --- a/modules/automation/automation-account/schedule/main.json +++ b/modules/automation/automation-account/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5807574740331814274" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", diff --git a/modules/automation/automation-account/software-update-configuration/README.md b/modules/automation/automation-account/software-update-configuration/README.md index 4504591720..97acf050e6 100644 --- a/modules/automation/automation-account/software-update-configuration/README.md +++ b/modules/automation/automation-account/software-update-configuration/README.md @@ -20,62 +20,302 @@ This module deploys an Azure Automation Account Software Update Configuration. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `frequency` | string | `[Day, Hour, Month, OneTime, Week]` | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | -| `name` | string | | The name of the Deployment schedule. | -| `operatingSystem` | string | `[Linux, Windows]` | The operating system to be configured by the deployment schedule. | -| `rebootSetting` | string | `[Always, IfRequired, Never, RebootOnly]` | Reboot setting for the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`frequency`](#parameter-frequency) | string | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | +| [`name`](#parameter-name) | string | The name of the Deployment schedule. | +| [`operatingSystem`](#parameter-operatingsystem) | string | The operating system to be configured by the deployment schedule. | +| [`rebootSetting`](#parameter-rebootsetting) | string | Reboot setting for the deployment schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `azureVirtualMachines` | array | `[]` | | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `excludeUpdates` | array | `[]` | | KB numbers or Linux packages excluded in the deployment schedule. | -| `expiryTime` | string | `''` | | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `expiryTimeOffsetMinutes` | int | `0` | | The expiry time's offset in minutes. | -| `includeUpdates` | array | `[]` | | KB numbers or Linux packages included in the deployment schedule. | -| `interval` | int | `1` | | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | -| `isEnabled` | bool | `True` | | Enables the deployment schedule. | -| `maintenanceWindow` | string | `'PT2H'` | | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | -| `monthDays` | array | `[]` | `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | -| `monthlyOccurrences` | array | `[]` | | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | -| `nextRun` | string | `''` | | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `nextRunOffsetMinutes` | int | `0` | | The next run's offset in minutes. | -| `nonAzureComputerNames` | array | `[]` | | List of names of non-azure machines in scope for the deployment schedule. | -| `nonAzureQueries` | array | `[]` | | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | -| `postTaskParameters` | object | `{object}` | | Parameters provided to the task running after the deployment schedule. | -| `postTaskSource` | string | `''` | | The source of the task running after the deployment schedule. | -| `preTaskParameters` | object | `{object}` | | Parameters provided to the task running before the deployment schedule. | -| `preTaskSource` | string | `''` | | The source of the task running before the deployment schedule. | -| `scheduleDescription` | string | `''` | | The schedules description. | -| `scopeByLocations` | array | `[]` | | Specify locations to which to scope the deployment schedule to. | -| `scopeByResources` | array | `[[subscription().id]]` | | Specify the resources to scope the deployment schedule to. | -| `scopeByTags` | object | `{object}` | | Specify tags to which to scope the deployment schedule to. | -| `scopeByTagsOperation` | string | `'All'` | `[All, Any]` | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | -| `startTime` | string | `''` | | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | -| `timeZone` | string | `'UTC'` | | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | -| `updateClassifications` | array | `[Critical, Security]` | `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` | Update classification included in the deployment schedule. | -| `weekDays` | array | `[]` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureVirtualMachines`](#parameter-azurevirtualmachines) | array | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`excludeUpdates`](#parameter-excludeupdates) | array | KB numbers or Linux packages excluded in the deployment schedule. | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`expiryTimeOffsetMinutes`](#parameter-expirytimeoffsetminutes) | int | The expiry time's offset in minutes. | +| [`includeUpdates`](#parameter-includeupdates) | array | KB numbers or Linux packages included in the deployment schedule. | +| [`interval`](#parameter-interval) | int | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | +| [`isEnabled`](#parameter-isenabled) | bool | Enables the deployment schedule. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | string | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | +| [`monthDays`](#parameter-monthdays) | array | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | +| [`monthlyOccurrences`](#parameter-monthlyoccurrences) | array | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | +| [`nextRun`](#parameter-nextrun) | string | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`nextRunOffsetMinutes`](#parameter-nextrunoffsetminutes) | int | The next run's offset in minutes. | +| [`nonAzureComputerNames`](#parameter-nonazurecomputernames) | array | List of names of non-azure machines in scope for the deployment schedule. | +| [`nonAzureQueries`](#parameter-nonazurequeries) | array | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | +| [`postTaskParameters`](#parameter-posttaskparameters) | object | Parameters provided to the task running after the deployment schedule. | +| [`postTaskSource`](#parameter-posttasksource) | string | The source of the task running after the deployment schedule. | +| [`preTaskParameters`](#parameter-pretaskparameters) | object | Parameters provided to the task running before the deployment schedule. | +| [`preTaskSource`](#parameter-pretasksource) | string | The source of the task running before the deployment schedule. | +| [`scheduleDescription`](#parameter-scheduledescription) | string | The schedules description. | +| [`scopeByLocations`](#parameter-scopebylocations) | array | Specify locations to which to scope the deployment schedule to. | +| [`scopeByResources`](#parameter-scopebyresources) | array | Specify the resources to scope the deployment schedule to. | +| [`scopeByTags`](#parameter-scopebytags) | object | Specify tags to which to scope the deployment schedule to. | +| [`scopeByTagsOperation`](#parameter-scopebytagsoperation) | string | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | +| [`startTime`](#parameter-starttime) | string | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | +| [`timeZone`](#parameter-timezone) | string | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | +| [`updateClassifications`](#parameter-updateclassifications) | array | Update classification included in the deployment schedule. | +| [`weekDays`](#parameter-weekdays) | array | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `azureVirtualMachines` + +List of azure resource IDs for azure virtual machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `baseTime` + +Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `excludeUpdates` + +KB numbers or Linux packages excluded in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `expiryTime` + +The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `expiryTimeOffsetMinutes` + +The expiry time's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `frequency` + +The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. +- Required: Yes +- Type: string +- Allowed: `[Day, Hour, Month, OneTime, Week]` + +### Parameter: `includeUpdates` + +KB numbers or Linux packages included in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `interval` + +The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `isEnabled` + +Enables the deployment schedule. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `maintenanceWindow` + +Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. +- Required: No +- Type: string +- Default: `'PT2H'` + +### Parameter: `monthDays` + +Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` + +### Parameter: `monthlyOccurrences` + +Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the Deployment schedule. +- Required: Yes +- Type: string + +### Parameter: `nextRun` + +The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `nextRunOffsetMinutes` + +The next run's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `nonAzureComputerNames` + +List of names of non-azure machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `nonAzureQueries` + +Array of functions from a Log Analytics workspace, used to scope the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `operatingSystem` + +The operating system to be configured by the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `postTaskParameters` + +Parameters provided to the task running after the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `postTaskSource` + +The source of the task running after the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `preTaskParameters` + +Parameters provided to the task running before the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `preTaskSource` + +The source of the task running before the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `rebootSetting` + +Reboot setting for the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Always, IfRequired, Never, RebootOnly]` + +### Parameter: `scheduleDescription` + +The schedules description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scopeByLocations` + +Specify locations to which to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopeByResources` + +Specify the resources to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `scopeByTags` + +Specify tags to which to scope the deployment schedule to. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `scopeByTagsOperation` + +Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Any]` + +### Parameter: `startTime` + +The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. +- Required: No +- Type: string +- Default: `'UTC'` + +### Parameter: `updateClassifications` + +Update classification included in the deployment schedule. +- Required: No +- Type: array +- Default: `[Critical, Security]` +- Allowed: `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` + +### Parameter: `weekDays` + +Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed softwareUpdateConfiguration. | | `resourceGroupName` | string | The resource group of the deployed softwareUpdateConfiguration. | diff --git a/modules/automation/automation-account/software-update-configuration/main.json b/modules/automation/automation-account/software-update-configuration/main.json index f4305ddbf8..14b2d33ac1 100644 --- a/modules/automation/automation-account/software-update-configuration/main.json +++ b/modules/automation/automation-account/software-update-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11844327136869535634" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", diff --git a/modules/automation/automation-account/variable/README.md b/modules/automation/automation-account/variable/README.md index a3356c0f6a..99ec5a4985 100644 --- a/modules/automation/automation-account/variable/README.md +++ b/modules/automation/automation-account/variable/README.md @@ -20,29 +20,68 @@ This module deploys an Azure Automation Account Variable. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the variable. | -| `value` | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | +| [`name`](#parameter-name) | string | The name of the variable. | +| [`value`](#parameter-value) | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the variable. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isEncrypted` | bool | `True` | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the variable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isEncrypted`](#parameter-isencrypted) | bool | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `description` + +The description of the variable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isEncrypted` + +If the variable should be encrypted. For security reasons encryption of variables should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the variable. +- Required: Yes +- Type: string + +### Parameter: `value` + +The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. +- Required: Yes +- Type: securestring ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed variable. | | `resourceGroupName` | string | The resource group of the deployed variable. | diff --git a/modules/automation/automation-account/variable/main.json b/modules/automation/automation-account/variable/main.json index e0ffc7ec3a..333cb278b4 100644 --- a/modules/automation/automation-account/variable/main.json +++ b/modules/automation/automation-account/variable/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17684191295648041474" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index d90c14f14e..b81a0e4036 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/.test/min/main.test.bicep b/modules/batch/batch-account/.test/min/main.test.bicep index c92b18d8ab..8d213101ab 100644 --- a/modules/batch/batch-account/.test/min/main.test.bicep +++ b/modules/batch/batch-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index 9b8fc31728..423bfa5d8d 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -30,11 +30,14 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/batch.batch-account:1.0.0`. -- [Common](#example-1-common) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Encr](#example-2-encr) -- [Min](#example-3-min) +- [Using only defaults](#example-3-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. -### Example 1: _Common_
@@ -306,7 +309,10 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = {

-### Example 3: _Min_ +### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +

diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index a114631351..0253e6c50b 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8956575251332566079" + "version": "0.22.6.54827", + "templateHash": "12201052807403978225" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -391,8 +391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -591,8 +591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -729,8 +729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index fe85adb34b..70adc46f2c 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/.test/min/main.test.bicep b/modules/cache/redis-enterprise/.test/min/main.test.bicep index dfe3f24c13..19ab84407e 100644 --- a/modules/cache/redis-enterprise/.test/min/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md new file mode 100644 index 0000000000..ed678b193a --- /dev/null +++ b/modules/cache/redis-enterprise/README.md @@ -0,0 +1,581 @@ +# Redis Cache Enterprise `[Microsoft.Cache/redisEnterprise]` + +This module deploys a Redis Cache Enterprise. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Cache/redisEnterprise` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/2022-01-01/redisEnterprise) | +| `Microsoft.Cache/redisEnterprise/databases` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/2022-01-01/redisEnterprise/databases) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis-enterprise:1.0.0`. + +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Geo](#example-2-geo) +- [Using only defaults](#example-3-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +
+ +via Bicep module + +```bicep +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-crecom' + params: { + // Required parameters + name: 'crecom001' + // Non-required parameters + capacity: 2 + databases: [ + { + clusteringPolicy: 'EnterpriseCluster' + evictionPolicy: 'AllKeysLFU' + modules: [ + { + name: 'RedisBloom' + } + { + args: 'RETENTION_POLICY 20' + name: 'RedisTimeSeries' + } + ] + persistenceAofEnabled: true + persistenceAofFrequency: '1s' + persistenceRdbEnabled: false + port: 10000 + } + ] + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticSettingsName: 'redisdiagnostics' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' + lock: 'CanNotDelete' + minimumTlsVersion: '1.2' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + service: 'redisEnterprise' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + resourceType: 'Redis Cache Enterprise' + } + zoneRedundant: true + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "crecom001" + }, + // Non-required parameters + "capacity": { + "value": 2 + }, + "databases": { + "value": [ + { + "clusteringPolicy": "EnterpriseCluster", + "evictionPolicy": "AllKeysLFU", + "modules": [ + { + "name": "RedisBloom" + }, + { + "args": "RETENTION_POLICY 20", + "name": "RedisTimeSeries" + } + ], + "persistenceAofEnabled": true, + "persistenceAofFrequency": "1s", + "persistenceRdbEnabled": false, + "port": 10000 + } + ] + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticSettingsName": { + "value": "redisdiagnostics" + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "minimumTlsVersion": { + "value": "1.2" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, + "service": "redisEnterprise", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "hidden-title": "This is visible in the resource name", + "resourceType": "Redis Cache Enterprise" + } + }, + "zoneRedundant": { + "value": true + } + } +} +``` + +
+

+ +### Example 2: _Geo_ + +

+ +via Bicep module + +```bicep +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cregeo' + params: { + // Required parameters + name: '' + // Non-required parameters + capacity: 2 + databases: [ + { + clusteringPolicy: 'EnterpriseCluster' + evictionPolicy: 'NoEviction' + geoReplication: { + groupNickname: '' + linkedDatabases: [ + { + id: '' + } + { + id: '' + } + ] + } + modules: [ + { + name: 'RediSearch' + } + { + name: 'RedisJSON' + } + ] + persistenceAofEnabled: false + persistenceRdbEnabled: false + port: 10000 + } + ] + enableDefaultTelemetry: '' + tags: { + 'hidden-title': 'This is visible in the resource name' + resourceType: 'Redis Cache Enterprise' + } + zoneRedundant: true + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "" + }, + // Non-required parameters + "capacity": { + "value": 2 + }, + "databases": { + "value": [ + { + "clusteringPolicy": "EnterpriseCluster", + "evictionPolicy": "NoEviction", + "geoReplication": { + "groupNickname": "", + "linkedDatabases": [ + { + "id": "" + }, + { + "id": "" + } + ] + }, + "modules": [ + { + "name": "RediSearch" + }, + { + "name": "RedisJSON" + } + ], + "persistenceAofEnabled": false, + "persistenceRdbEnabled": false, + "port": 10000 + } + ] + }, + "enableDefaultTelemetry": { + "value": "" + }, + "tags": { + "value": { + "hidden-title": "This is visible in the resource name", + "resourceType": "Redis Cache Enterprise" + } + }, + "zoneRedundant": { + "value": true + } + } +} +``` + +
+

+ +### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cremin' + params: { + // Required parameters + name: 'cremin001' + // Non-required parameters + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cremin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis Cache Enterprise resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | +| [`databases`](#parameter-databases) | array | The databases to create in the Redis Cache Enterprise Cluster. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | The type of Redis Enterprise Cluster to deploy. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, the cluster will be deployed across availability zones. | + +### Parameter: `capacity` + +The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `databases` + +The databases to create in the Redis Cache Enterprise Cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `['', audit, ConnectionEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis Cache Enterprise resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The type of Redis Enterprise Cluster to deploy. +- Required: No +- Type: string +- Default: `'Enterprise_E10'` +- Allowed: `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, the cluster will be deployed across availability zones. +- Required: No +- Type: bool +- Default: `True` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the redis cache enterprise. | +| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | +| `resourceId` | string | The resource ID of the redis cache enterprise. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/cache/redis-enterprise/database/README.md b/modules/cache/redis-enterprise/database/README.md index b685df1716..7f0d3120d2 100644 --- a/modules/cache/redis-enterprise/database/README.md +++ b/modules/cache/redis-enterprise/database/README.md @@ -20,31 +20,126 @@ This module deploys a Redis Cache Enterprise Database. **Conditional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `persistenceAofFrequency` | string | `''` | `['', 1s, always]` | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | -| `persistenceRdbFrequency` | string | `''` | `['', 12h, 1h, 6h]` | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | -| `redisCacheEnterpriseName` | string | | | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`persistenceAofFrequency`](#parameter-persistenceaoffrequency) | string | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | +| [`persistenceRdbFrequency`](#parameter-persistencerdbfrequency) | string | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | +| [`redisCacheEnterpriseName`](#parameter-rediscacheenterprisename) | string | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `clientProtocol` | string | `'Encrypted'` | `[Encrypted, Plaintext]` | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | -| `clusteringPolicy` | string | `'OSSCluster'` | `[EnterpriseCluster, OSSCluster]` | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evictionPolicy` | string | `'VolatileLRU'` | `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` | Redis eviction policy - default is VolatileLRU. | -| `geoReplication` | object | `{object}` | | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `modules` | array | `[]` | | Optional set of redis modules to enable in this database - modules can only be added at creation time. | -| `persistenceAofEnabled` | bool | `False` | | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | -| `persistenceRdbEnabled` | bool | `False` | | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | -| `port` | int | `-1` | | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clientProtocol`](#parameter-clientprotocol) | string | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | +| [`clusteringPolicy`](#parameter-clusteringpolicy) | string | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evictionPolicy`](#parameter-evictionpolicy) | string | Redis eviction policy - default is VolatileLRU. | +| [`geoReplication`](#parameter-georeplication) | object | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`modules`](#parameter-modules) | array | Optional set of redis modules to enable in this database - modules can only be added at creation time. | +| [`persistenceAofEnabled`](#parameter-persistenceaofenabled) | bool | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | +| [`persistenceRdbEnabled`](#parameter-persistencerdbenabled) | bool | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | +| [`port`](#parameter-port) | int | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | + +### Parameter: `clientProtocol` + +Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. +- Required: No +- Type: string +- Default: `'Encrypted'` +- Allowed: `[Encrypted, Plaintext]` + +### Parameter: `clusteringPolicy` + +Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. +- Required: No +- Type: string +- Default: `'OSSCluster'` +- Allowed: `[EnterpriseCluster, OSSCluster]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evictionPolicy` + +Redis eviction policy - default is VolatileLRU. +- Required: No +- Type: string +- Default: `'VolatileLRU'` +- Allowed: `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` + +### Parameter: `geoReplication` + +Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `modules` + +Optional set of redis modules to enable in this database - modules can only be added at creation time. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `persistenceAofEnabled` + +Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceAofFrequency` + +Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1s, always]` + +### Parameter: `persistenceRdbEnabled` + +Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceRdbFrequency` + +Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 12h, 1h, 6h]` + +### Parameter: `port` + +TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `redisCacheEnterpriseName` + +The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/cache/redis-enterprise/database/main.json b/modules/cache/redis-enterprise/database/main.json index 27d234923b..d5698a412b 100644 --- a/modules/cache/redis-enterprise/database/main.json +++ b/modules/cache/redis-enterprise/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index 27cba7a79e..5428f2e9cb 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/.test/min/main.test.bicep b/modules/cache/redis/.test/min/main.test.bicep index 21c9108e8a..4ab171428a 100644 --- a/modules/cache/redis/.test/min/main.test.bicep +++ b/modules/cache/redis/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 18fbab8afe..1666649d27 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -31,10 +31,13 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis:1.0.0`. -- [Common](#example-1-common) -- [Min](#example-2-min) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. -### Example 1: _Common_

@@ -193,7 +196,10 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = {

-### Example 2: _Min_ +### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +

diff --git a/modules/cache/redis/main.json b/modules/cache/redis/main.json index ef37e001eb..d503dc74b8 100644 --- a/modules/cache/redis/main.json +++ b/modules/cache/redis/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9970933369999379119" + "version": "0.22.6.54827", + "templateHash": "5929435185460509109" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -414,8 +414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7380162094150397462" + "version": "0.22.6.54827", + "templateHash": "4475888832005151593" } }, "parameters": { @@ -575,8 +575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -775,8 +775,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -913,8 +913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index b8413ea964..d8dcf730f7 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md new file mode 100644 index 0000000000..a30f5236fa --- /dev/null +++ b/modules/cdn/profile/README.md @@ -0,0 +1,555 @@ +# CDN Profiles `[Microsoft.Cdn/profiles]` + +This module deploys a CDN Profile. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Cdn/profiles` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles) | +| `Microsoft.Cdn/profiles/afdEndpoints` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/afdEndpoints) | +| `Microsoft.Cdn/profiles/afdEndpoints/routes` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/afdEndpoints/routes) | +| `Microsoft.Cdn/profiles/customDomains` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/customDomains) | +| `Microsoft.Cdn/profiles/endpoints` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2021-06-01/profiles/endpoints) | +| `Microsoft.Cdn/profiles/endpoints/origins` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2021-06-01/profiles/endpoints/origins) | +| `Microsoft.Cdn/profiles/originGroups` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/originGroups) | +| `Microsoft.Cdn/profiles/originGroups/origins` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/originGroups/origins) | +| `Microsoft.Cdn/profiles/ruleSets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets) | +| `Microsoft.Cdn/profiles/ruleSets/rules` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets/rules) | +| `Microsoft.Cdn/profiles/secrets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/secrets) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cdn.profile:1.0.0`. + +- [Afd](#example-1-afd) +- [Using large parameter set](#example-2-using-large-parameter-set) + +### Example 1: _Afd_ + +
+ +via Bicep module + +```bicep +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdnpafd' + params: { + // Required parameters + name: 'dep-test-cdnpafd' + sku: 'Standard_AzureFrontDoor' + // Non-required parameters + afdEndpoints: [ + { + name: 'dep-test-cdnpafd-afd-endpoint' + routes: [ + { + customDomainName: 'dep-test-cdnpafd-custom-domain' + name: 'dep-test-cdnpafd-afd-route' + originGroupName: 'dep-test-cdnpafd-origin-group' + ruleSets: [ + { + name: 'deptestcdnpafdruleset' + } + ] + } + ] + } + ] + customDomains: [ + { + certificateType: 'ManagedCertificate' + hostName: 'dep-test-cdnpafd-custom-domain.azurewebsites.net' + name: 'dep-test-cdnpafd-custom-domain' + } + ] + enableDefaultTelemetry: '' + location: 'global' + lock: 'CanNotDelete' + originResponseTimeoutSeconds: 60 + origionGroups: [ + { + loadBalancingSettings: { + additionalLatencyInMilliseconds: 50 + sampleSize: 4 + successfulSamplesRequired: 3 + } + name: 'dep-test-cdnpafd-origin-group' + origins: [ + { + hostName: 'dep-test-cdnpafd-origin.azurewebsites.net' + name: 'dep-test-cdnpafd-origin' + } + ] + } + ] + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + ruleSets: [ + { + name: 'deptestcdnpafdruleset' + rules: [ + { + actions: [ + { + name: 'UrlRedirect' + parameters: { + customHostname: 'dev-etradefd.trade.azure.defra.cloud' + customPath: '/test123' + destinationProtocol: 'Https' + redirectType: 'PermanentRedirect' + typeName: 'DeliveryRuleUrlRedirectActionParameters' + } + } + ] + name: 'deptestcdnpafdrule' + order: 1 + } + ] + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "dep-test-cdnpafd" + }, + "sku": { + "value": "Standard_AzureFrontDoor" + }, + // Non-required parameters + "afdEndpoints": { + "value": [ + { + "name": "dep-test-cdnpafd-afd-endpoint", + "routes": [ + { + "customDomainName": "dep-test-cdnpafd-custom-domain", + "name": "dep-test-cdnpafd-afd-route", + "originGroupName": "dep-test-cdnpafd-origin-group", + "ruleSets": [ + { + "name": "deptestcdnpafdruleset" + } + ] + } + ] + } + ] + }, + "customDomains": { + "value": [ + { + "certificateType": "ManagedCertificate", + "hostName": "dep-test-cdnpafd-custom-domain.azurewebsites.net", + "name": "dep-test-cdnpafd-custom-domain" + } + ] + }, + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "global" + }, + "lock": { + "value": "CanNotDelete" + }, + "originResponseTimeoutSeconds": { + "value": 60 + }, + "origionGroups": { + "value": [ + { + "loadBalancingSettings": { + "additionalLatencyInMilliseconds": 50, + "sampleSize": 4, + "successfulSamplesRequired": 3 + }, + "name": "dep-test-cdnpafd-origin-group", + "origins": [ + { + "hostName": "dep-test-cdnpafd-origin.azurewebsites.net", + "name": "dep-test-cdnpafd-origin" + } + ] + } + ] + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "ruleSets": { + "value": [ + { + "name": "deptestcdnpafdruleset", + "rules": [ + { + "actions": [ + { + "name": "UrlRedirect", + "parameters": { + "customHostname": "dev-etradefd.trade.azure.defra.cloud", + "customPath": "/test123", + "destinationProtocol": "Https", + "redirectType": "PermanentRedirect", + "typeName": "DeliveryRuleUrlRedirectActionParameters" + } + } + ], + "name": "deptestcdnpafdrule", + "order": 1 + } + ] + } + ] + } + } +} +``` + +
+

+ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdnpcom' + params: { + // Required parameters + name: 'dep-test-cdnpcom' + sku: 'Standard_Verizon' + // Non-required parameters + enableDefaultTelemetry: '' + endpointProperties: { + contentTypesToCompress: [ + 'application/javascript' + 'application/json' + 'application/x-javascript' + 'application/xml' + 'text/css' + 'text/html' + 'text/javascript' + 'text/plain' + ] + geoFilters: [] + isCompressionEnabled: true + isHttpAllowed: true + isHttpsAllowed: true + originGroups: [] + originHostHeader: '' + origins: [ + { + name: 'dep-cdn-endpoint01' + properties: { + enabled: true + hostName: '' + httpPort: 80 + httpsPort: 443 + } + } + ] + queryStringCachingBehavior: 'IgnoreQueryString' + } + location: '' + lock: 'CanNotDelete' + originResponseTimeoutSeconds: 60 + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "dep-test-cdnpcom" + }, + "sku": { + "value": "Standard_Verizon" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "endpointProperties": { + "value": { + "contentTypesToCompress": [ + "application/javascript", + "application/json", + "application/x-javascript", + "application/xml", + "text/css", + "text/html", + "text/javascript", + "text/plain" + ], + "geoFilters": [], + "isCompressionEnabled": true, + "isHttpAllowed": true, + "isHttpsAllowed": true, + "originGroups": [], + "originHostHeader": "", + "origins": [ + { + "name": "dep-cdn-endpoint01", + "properties": { + "enabled": true, + "hostName": "", + "httpPort": 80, + "httpsPort": 443 + } + } + ], + "queryStringCachingBehavior": "IgnoreQueryString" + } + }, + "location": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "originResponseTimeoutSeconds": { + "value": 60 + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the CDN profile. | +| [`sku`](#parameter-sku) | string | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`origionGroups`](#parameter-origiongroups) | array | Array of origin group objects. Required if the afdEndpoints is specified. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpoints`](#parameter-afdendpoints) | array | Array of AFD endpoint objects. | +| [`customDomains`](#parameter-customdomains) | array | Array of custom domain objects. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endpointName`](#parameter-endpointname) | string | Name of the endpoint under the profile which is unique globally. | +| [`endpointProperties`](#parameter-endpointproperties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`originResponseTimeoutSeconds`](#parameter-originresponsetimeoutseconds) | int | Send and receive timeout on forwarding request to the origin. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ruleSets`](#parameter-rulesets) | array | Array of rule set objects. | +| [`secrets`](#parameter-secrets) | array | Array of secret objects. | +| [`tags`](#parameter-tags) | object | Endpoint tags. | + +### Parameter: `afdEndpoints` + +Array of AFD endpoint objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customDomains` + +Array of custom domain objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointName` + +Name of the endpoint under the profile which is unique globally. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `endpointProperties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `originResponseTimeoutSeconds` + +Send and receive timeout on forwarding request to the origin. +- Required: No +- Type: int +- Default: `60` + +### Parameter: `origionGroups` + +Array of origin group objects. Required if the afdEndpoints is specified. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ruleSets` + +Array of rule set objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +Array of secret objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. +- Required: Yes +- Type: string +- Allowed: `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` + +### Parameter: `tags` + +Endpoint tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the CDN profile. | +| `profileType` | string | The type of the CDN profile. | +| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | +| `resourceId` | string | The resource ID of the CDN profile. | + +## Cross-referenced modules + +_None_ diff --git a/modules/cdn/profile/afdEndpoint/README.md b/modules/cdn/profile/afdEndpoint/README.md index 92b71cb16f..6668c13e76 100644 --- a/modules/cdn/profile/afdEndpoint/README.md +++ b/modules/cdn/profile/afdEndpoint/README.md @@ -20,31 +20,87 @@ This module deploys a CDN Profile AFD Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the AFD Endpoint. | +| [`name`](#parameter-name) | string | The name of the AFD Endpoint. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` | Indicates the endpoint name reuse scope. The default value is TenantReuse. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | -| `location` | string | `[resourceGroup().location]` | | The location of the AFD Endpoint. | -| `routes` | array | `[]` | | The list of routes for this AFD Endpoint. | -| `tags` | object | `{object}` | | The tags of the AFD Endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Indicates the endpoint name reuse scope. The default value is TenantReuse. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | +| [`location`](#parameter-location) | string | The location of the AFD Endpoint. | +| [`routes`](#parameter-routes) | array | The list of routes for this AFD Endpoint. | +| [`tags`](#parameter-tags) | object | The tags of the AFD Endpoint. | + +### Parameter: `autoGeneratedDomainNameLabelScope` + +Indicates the endpoint name reuse scope. The default value is TenantReuse. +- Required: No +- Type: string +- Default: `'TenantReuse'` +- Allowed: `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Indicates whether the AFD Endpoint is enabled. The default value is Enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location of the AFD Endpoint. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the AFD Endpoint. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `routes` + +The list of routes for this AFD Endpoint. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +The tags of the AFD Endpoint. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the AFD Endpoint. | diff --git a/modules/cdn/profile/afdEndpoint/route/README.md b/modules/cdn/profile/afdEndpoint/route/README.md index ee07973325..5b63f03281 100644 --- a/modules/cdn/profile/afdEndpoint/route/README.md +++ b/modules/cdn/profile/afdEndpoint/route/README.md @@ -19,33 +19,139 @@ This module deploys a CDN Profile AFD Endpoint route. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `afdEndpointName` | string | | The name of the AFD endpoint. | -| `name` | string | | The name of the route. | -| `originGroupName` | string | `''` | The name of the origin group. The origin group must be defined in the profile originGroups. | -| `profileName` | string | | The name of the parent CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpointName`](#parameter-afdendpointname) | string | The name of the AFD endpoint. | +| [`name`](#parameter-name) | string | The name of the route. | +| [`originGroupName`](#parameter-origingroupname) | string | The name of the origin group. The origin group must be defined in the profile originGroups. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cacheConfiguration` | object | `{object}` | | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | -| `customDomainName` | string | | | The name of the custom domain. The custom domain must be defined in the profile customDomains. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route is enabled. | -| `forwardingProtocol` | string | `'MatchRequest'` | `[HttpOnly, HttpsOnly, MatchRequest]` | The protocol this rule will use when forwarding traffic to backends. | -| `httpsRedirect` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to automatically redirect HTTP traffic to HTTPS traffic. | -| `linkToDefaultDomain` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route will be linked to the default endpoint domain. | -| `originPath` | string | `''` | | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | -| `patternsToMatch` | array | `[]` | | The route patterns of the rule. | -| `ruleSets` | array | `[]` | | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | -| `supportedProtocols` | array | `[]` | `[Http, Https]` | The supported protocols of the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cacheConfiguration`](#parameter-cacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | +| [`customDomainName`](#parameter-customdomainname) | string | The name of the custom domain. The custom domain must be defined in the profile customDomains. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Whether this route is enabled. | +| [`forwardingProtocol`](#parameter-forwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. | +| [`httpsRedirect`](#parameter-httpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. | +| [`linkToDefaultDomain`](#parameter-linktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. | +| [`originPath`](#parameter-originpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | +| [`patternsToMatch`](#parameter-patternstomatch) | array | The route patterns of the rule. | +| [`ruleSets`](#parameter-rulesets) | array | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | +| [`supportedProtocols`](#parameter-supportedprotocols) | array | The supported protocols of the rule. | + +### Parameter: `afdEndpointName` + +The name of the AFD endpoint. +- Required: Yes +- Type: string + +### Parameter: `cacheConfiguration` + +The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `customDomainName` + +The name of the custom domain. The custom domain must be defined in the profile customDomains. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Whether this route is enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `forwardingProtocol` + +The protocol this rule will use when forwarding traffic to backends. +- Required: No +- Type: string +- Default: `'MatchRequest'` +- Allowed: `[HttpOnly, HttpsOnly, MatchRequest]` + +### Parameter: `httpsRedirect` + +Whether to automatically redirect HTTP traffic to HTTPS traffic. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `linkToDefaultDomain` + +Whether this route will be linked to the default endpoint domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `name` + +The name of the route. +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the origin group. The origin group must be defined in the profile originGroups. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `originPath` + +A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `patternsToMatch` + +The route patterns of the rule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `profileName` + +The name of the parent CDN profile. +- Required: Yes +- Type: string + +### Parameter: `ruleSets` + +The rule sets of the rule. The rule sets must be defined in the profile ruleSets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `supportedProtocols` + +The supported protocols of the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Http, Https]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the route. | | `resourceGroupName` | string | The name of the resource group the route was created in. | diff --git a/modules/cdn/profile/customdomain/README.md b/modules/cdn/profile/customdomain/README.md index 87399b9693..57363db2c1 100644 --- a/modules/cdn/profile/customdomain/README.md +++ b/modules/cdn/profile/customdomain/README.md @@ -19,33 +19,101 @@ This module deploys a CDN Profile Custom Domains. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `certificateType` | string | `[CustomerCertificate, ManagedCertificate]` | The type of the certificate used for secure delivery. | -| `hostName` | string | | The host name of the domain. Must be a domain name. | -| `name` | string | | The name of the custom domain. | -| `profileName` | string | | The name of the CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificateType`](#parameter-certificatetype) | string | The type of the certificate used for secure delivery. | +| [`hostName`](#parameter-hostname) | string | The host name of the domain. Must be a domain name. | +| [`name`](#parameter-name) | string | The name of the custom domain. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extendedProperties` | object | `{object}` | | Key-Value pair representing migration properties for domains. | -| `minimumTlsVersion` | string | `'TLS12'` | `[TLS10, TLS12]` | The minimum TLS version required for the custom domain. Default value: TLS12. | -| `preValidatedCustomDomainResourceId` | string | `''` | | Resource reference to the Azure resource where custom domain ownership was prevalidated. | -| `secretName` | string | `''` | | The name of the secret. ie. subs/rg/profile/secret. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extendedProperties`](#parameter-extendedproperties) | object | Key-Value pair representing migration properties for domains. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version required for the custom domain. Default value: TLS12. | +| [`preValidatedCustomDomainResourceId`](#parameter-prevalidatedcustomdomainresourceid) | string | Resource reference to the Azure resource where custom domain ownership was prevalidated. | +| [`secretName`](#parameter-secretname) | string | The name of the secret. ie. subs/rg/profile/secret. | **Optonal parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `azureDnsZoneResourceId` | string | `''` | Resource reference to the Azure DNS zone. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureDnsZoneResourceId`](#parameter-azurednszoneresourceid) | string | Resource reference to the Azure DNS zone. | + +### Parameter: `azureDnsZoneResourceId` + +Resource reference to the Azure DNS zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `certificateType` + +The type of the certificate used for secure delivery. +- Required: Yes +- Type: string +- Allowed: `[CustomerCertificate, ManagedCertificate]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extendedProperties` + +Key-Value pair representing migration properties for domains. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hostName` + +The host name of the domain. Must be a domain name. +- Required: Yes +- Type: string + +### Parameter: `minimumTlsVersion` + +The minimum TLS version required for the custom domain. Default value: TLS12. +- Required: No +- Type: string +- Default: `'TLS12'` +- Allowed: `[TLS10, TLS12]` + +### Parameter: `name` + +The name of the custom domain. +- Required: Yes +- Type: string + +### Parameter: `preValidatedCustomDomainResourceId` + +Resource reference to the Azure resource where custom domain ownership was prevalidated. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `secretName` + +The name of the secret. ie. subs/rg/profile/secret. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the custom domain. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/endpoint/README.md b/modules/cdn/profile/endpoint/README.md index 688a86025a..7681a1e2f8 100644 --- a/modules/cdn/profile/endpoint/README.md +++ b/modules/cdn/profile/endpoint/README.md @@ -20,29 +20,68 @@ This module deploys a CDN Profile Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the endpoint under the profile which is unique globally. | -| `properties` | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | +| [`name`](#parameter-name) | string | Name of the endpoint under the profile which is unique globally. | +| [`properties`](#parameter-properties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Resource location. | -| `tags` | object | `{object}` | Endpoint tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`tags`](#parameter-tags) | object | Endpoint tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the endpoint under the profile which is unique globally. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `properties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). +- Required: Yes +- Type: object + +### Parameter: `tags` + +Endpoint tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `endpointProperties` | object | The properties of the endpoint. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/cdn/profile/endpoint/origin/README.md b/modules/cdn/profile/endpoint/origin/README.md index c4e00f6ddd..706d8a9c4a 100644 --- a/modules/cdn/profile/endpoint/origin/README.md +++ b/modules/cdn/profile/endpoint/origin/README.md @@ -19,37 +19,128 @@ This module deploys a CDN Profile Endpoint Origin. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endpointName` | string | The name of the CDN Endpoint. | -| `hostName` | string | The hostname of the origin. | -| `name` | string | The name of the origin. | +| [`endpointName`](#parameter-endpointname) | string | The name of the CDN Endpoint. | +| [`hostName`](#parameter-hostname) | string | The hostname of the origin. | +| [`name`](#parameter-name) | string | The name of the origin. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `priority` | int | `-1` | The priority of origin in given origin group for load balancing. Required if `weight` is provided. | -| `privateLinkAlias` | string | | The private link alias of the origin. Required if privateLinkLocation is provided. | -| `privateLinkLocation` | string | | The private link location of the origin. Required if privateLinkAlias is provided. | -| `weight` | int | `-1` | The weight of the origin used for load balancing. Required if `priority` is provided. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`priority`](#parameter-priority) | int | The priority of origin in given origin group for load balancing. Required if `weight` is provided. | +| [`privateLinkAlias`](#parameter-privatelinkalias) | string | The private link alias of the origin. Required if privateLinkLocation is provided. | +| [`privateLinkLocation`](#parameter-privatelinklocation) | string | The private link location of the origin. Required if privateLinkAlias is provided. | +| [`weight`](#parameter-weight) | int | The weight of the origin used for load balancing. Required if `priority` is provided. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enabled` | bool | `True` | Whether the origin is enabled for load balancing. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `httpPort` | int | `80` | The HTTP port of the origin. | -| `httpsPort` | int | `443` | The HTTPS port of the origin. | -| `originHostHeader` | string | | The host header value sent to the origin. | -| `privateLinkResourceId` | string | | The private link resource ID of the origin. | -| `profileName` | string | `'default'` | The name of the CDN profile. Default to "default". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enabled`](#parameter-enabled) | bool | Whether the origin is enabled for load balancing. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`httpPort`](#parameter-httpport) | int | The HTTP port of the origin. | +| [`httpsPort`](#parameter-httpsport) | int | The HTTPS port of the origin. | +| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin. | +| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The private link resource ID of the origin. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. Default to "default". | + +### Parameter: `enabled` + +Whether the origin is enabled for load balancing. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointName` + +The name of the CDN Endpoint. +- Required: Yes +- Type: string + +### Parameter: `hostName` + +The hostname of the origin. +- Required: Yes +- Type: string + +### Parameter: `httpPort` + +The HTTP port of the origin. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `httpsPort` + +The HTTPS port of the origin. +- Required: No +- Type: int +- Default: `443` + +### Parameter: `name` + +The name of the origin. +- Required: Yes +- Type: string + +### Parameter: `originHostHeader` + +The host header value sent to the origin. +- Required: Yes +- Type: string + +### Parameter: `priority` + +The priority of origin in given origin group for load balancing. Required if `weight` is provided. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `privateLinkAlias` + +The private link alias of the origin. Required if privateLinkLocation is provided. +- Required: Yes +- Type: string + +### Parameter: `privateLinkLocation` + +The private link location of the origin. Required if privateLinkAlias is provided. +- Required: Yes +- Type: string + +### Parameter: `privateLinkResourceId` + +The private link resource ID of the origin. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. Default to "default". +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `weight` + +The weight of the origin used for load balancing. Required if `priority` is provided. +- Required: No +- Type: int +- Default: `-1` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the endpoint. | diff --git a/modules/cdn/profile/origingroup/README.md b/modules/cdn/profile/origingroup/README.md index fd8396cd17..0ba329cf7b 100644 --- a/modules/cdn/profile/origingroup/README.md +++ b/modules/cdn/profile/origingroup/README.md @@ -20,26 +20,80 @@ This module deploys a CDN Profile Origin Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `loadBalancingSettings` | object | Load balancing settings for a backend pool. | -| `name` | string | The name of the origin group. | -| `origins` | array | The list of origins within the origin group. | -| `profileName` | string | The name of the CDN profile. | +| [`loadBalancingSettings`](#parameter-loadbalancingsettings) | object | Load balancing settings for a backend pool. | +| [`name`](#parameter-name) | string | The name of the origin group. | +| [`origins`](#parameter-origins) | array | The list of origins within the origin group. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `healthProbeSettings` | object | `{object}` | | Health probe settings to the origin that is used to determine the health of the origin. | -| `sessionAffinityState` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether to allow session affinity on this host. | -| `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` | int | `10` | | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`healthProbeSettings`](#parameter-healthprobesettings) | object | Health probe settings to the origin that is used to determine the health of the origin. | +| [`sessionAffinityState`](#parameter-sessionaffinitystate) | string | Whether to allow session affinity on this host. | +| [`trafficRestorationTimeToHealedOrNewEndpointsInMinutes`](#parameter-trafficrestorationtimetohealedornewendpointsinminutes) | int | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `healthProbeSettings` + +Health probe settings to the origin that is used to determine the health of the origin. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `loadBalancingSettings` + +Load balancing settings for a backend pool. +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the origin group. +- Required: Yes +- Type: string + +### Parameter: `origins` + +The list of origins within the origin group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `sessionAffinityState` + +Whether to allow session affinity on this host. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` + +Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. +- Required: No +- Type: int +- Default: `10` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the origin group. | diff --git a/modules/cdn/profile/origingroup/origin/README.md b/modules/cdn/profile/origingroup/origin/README.md index 260e7846fb..fd6cf7110b 100644 --- a/modules/cdn/profile/origingroup/origin/README.md +++ b/modules/cdn/profile/origingroup/origin/README.md @@ -19,31 +19,119 @@ This module deploys a CDN Profile Origin. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `hostName` | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | -| `name` | string | The name of the origion. | -| `originGroupName` | string | The name of the group. | -| `profileName` | string | The name of the CDN profile. | +| [`hostName`](#parameter-hostname) | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | +| [`name`](#parameter-name) | string | The name of the origion. | +| [`originGroupName`](#parameter-origingroupname) | string | The name of the group. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | -| `enforceCertificateNameCheck` | bool | `True` | | Whether to enable certificate name check at origin level. | -| `httpPort` | int | `80` | | The value of the HTTP port. Must be between 1 and 65535. | -| `httpsPort` | int | `443` | | The value of the HTTPS port. Must be between 1 and 65535. | -| `originHostHeader` | string | `''` | | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. | -| `priority` | int | `1` | | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. | -| `sharedPrivateLinkResource` | object | `{object}` | | The properties of the private link resource for private origin. | -| `weight` | int | `1000` | | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | +| [`enforceCertificateNameCheck`](#parameter-enforcecertificatenamecheck) | bool | Whether to enable certificate name check at origin level. | +| [`httpPort`](#parameter-httpport) | int | The value of the HTTP port. Must be between 1 and 65535. | +| [`httpsPort`](#parameter-httpsport) | int | The value of the HTTPS port. Must be between 1 and 65535. | +| [`originHostHeader`](#parameter-originhostheader) | string | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. | +| [`priority`](#parameter-priority) | int | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. | +| [`sharedPrivateLinkResource`](#parameter-sharedprivatelinkresource) | object | The properties of the private link resource for private origin. | +| [`weight`](#parameter-weight) | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `enforceCertificateNameCheck` + +Whether to enable certificate name check at origin level. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostName` + +The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. +- Required: Yes +- Type: string + +### Parameter: `httpPort` + +The value of the HTTP port. Must be between 1 and 65535. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `httpsPort` + +The value of the HTTPS port. Must be between 1 and 65535. +- Required: No +- Type: int +- Default: `443` + +### Parameter: `name` + +The name of the origion. +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the group. +- Required: Yes +- Type: string + +### Parameter: `originHostHeader` + +The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `priority` + +Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `sharedPrivateLinkResource` + +The properties of the private link resource for private origin. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `weight` + +Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. +- Required: No +- Type: int +- Default: `1000` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the origin. | | `resourceGroupName` | string | The name of the resource group the origin was created in. | diff --git a/modules/cdn/profile/ruleset/README.md b/modules/cdn/profile/ruleset/README.md index de4783b188..e7dc4c15de 100644 --- a/modules/cdn/profile/ruleset/README.md +++ b/modules/cdn/profile/ruleset/README.md @@ -20,27 +20,53 @@ This module deploys a CDN Profile rule set. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the rule set. | -| `profileName` | string | The name of the CDN profile. | +| [`name`](#parameter-name) | string | The name of the rule set. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | **Optinal parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `rules` | array | The rules to apply to the rule set. | +| [`rules`](#parameter-rules) | array | The rules to apply to the rule set. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the rule set. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `rules` + +The rules to apply to the rule set. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the rule set. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/ruleset/rule/README.md b/modules/cdn/profile/ruleset/rule/README.md index 9fbaa502eb..53201f8cfb 100644 --- a/modules/cdn/profile/ruleset/rule/README.md +++ b/modules/cdn/profile/ruleset/rule/README.md @@ -19,26 +19,78 @@ This module deploys a CDN Profile rule. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `matchProcessingBehavior` | string | `[Continue, Stop]` | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. | -| `name` | string | | The name of the rule. | -| `order` | int | | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. | -| `profileName` | string | | The name of the profile. | -| `ruleSetName` | string | | The name of the rule set. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`matchProcessingBehavior`](#parameter-matchprocessingbehavior) | string | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. | +| [`name`](#parameter-name) | string | The name of the rule. | +| [`order`](#parameter-order) | int | The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. | +| [`profileName`](#parameter-profilename) | string | The name of the profile. | +| [`ruleSetName`](#parameter-rulesetname) | string | The name of the rule set. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | A list of actions that are executed when all the conditions of a rule are satisfied. | -| `conditions` | array | `[]` | A list of conditions that must be matched for the actions to be executed. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | A list of actions that are executed when all the conditions of a rule are satisfied. | +| [`conditions`](#parameter-conditions) | array | A list of conditions that must be matched for the actions to be executed. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `actions` + +A list of actions that are executed when all the conditions of a rule are satisfied. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `conditions` + +A list of conditions that must be matched for the actions to be executed. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `matchProcessingBehavior` + +If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. +- Required: Yes +- Type: string +- Allowed: `[Continue, Stop]` + +### Parameter: `name` + +The name of the rule. +- Required: Yes +- Type: string + +### Parameter: `order` + +The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. +- Required: Yes +- Type: int + +### Parameter: `profileName` + +The name of the profile. +- Required: Yes +- Type: string + +### Parameter: `ruleSetName` + +The name of the rule set. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the rule. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | diff --git a/modules/cdn/profile/secret/README.md b/modules/cdn/profile/secret/README.md index 4f1a1f6161..9156b542e5 100644 --- a/modules/cdn/profile/secret/README.md +++ b/modules/cdn/profile/secret/README.md @@ -19,31 +19,86 @@ This module deploys a CDN Profile Secret. **Required parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `name` | string | | | The name of the secrect. | -| `type` | string | `'AzureFirstPartyManagedCertificate'` | `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]` | The type of the secrect. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the secrect. | +| [`type`](#parameter-type) | string | The type of the secrect. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `profileName` | string | | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | -| `secretSourceResourceId` | string | `''` | The resource ID of the secrect source. Required if the type is CustomerCertificate. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`secretSourceResourceId`](#parameter-secretsourceresourceid) | string | The resource ID of the secrect source. Required if the type is CustomerCertificate. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `secretVersion` | string | `''` | The version of the secret. | -| `subjectAlternativeNames` | array | `[]` | The subject alternative names of the secrect. | -| `useLatestVersion` | bool | `False` | Indicates whether to use the latest version of the secrect. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`secretVersion`](#parameter-secretversion) | string | The version of the secret. | +| [`subjectAlternativeNames`](#parameter-subjectalternativenames) | array | The subject alternative names of the secrect. | +| [`useLatestVersion`](#parameter-uselatestversion) | bool | Indicates whether to use the latest version of the secrect. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the secrect. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `secretSourceResourceId` + +The resource ID of the secrect source. Required if the type is CustomerCertificate. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `secretVersion` + +The version of the secret. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subjectAlternativeNames` + +The subject alternative names of the secrect. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `type` + +The type of the secrect. +- Required: No +- Type: string +- Default: `'AzureFirstPartyManagedCertificate'` +- Allowed: `[AzureFirstPartyManagedCertificate, CustomerCertificate, ManagedCertificate, UrlSigningKey]` + +### Parameter: `useLatestVersion` + +Indicates whether to use the latest version of the secrect. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secrect. | | `resourceGroupName` | string | The name of the resource group the secret was created in. | diff --git a/modules/cognitive-services/account/.test/common/main.test.bicep b/modules/cognitive-services/account/.test/common/main.test.bicep index 0802ae9df8..39d0bbbd26 100644 --- a/modules/cognitive-services/account/.test/common/main.test.bicep +++ b/modules/cognitive-services/account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/cognitive-services/account/.test/min/main.test.bicep b/modules/cognitive-services/account/.test/min/main.test.bicep index 727b9a5a92..c24b67f868 100644 --- a/modules/cognitive-services/account/.test/min/main.test.bicep +++ b/modules/cognitive-services/account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md new file mode 100644 index 0000000000..4cc5ebb441 --- /dev/null +++ b/modules/cognitive-services/account/README.md @@ -0,0 +1,783 @@ +# Cognitive Services `[Microsoft.CognitiveServices/accounts]` + +This module deploys a Cognitive Service. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.CognitiveServices/accounts` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2022-12-01/accounts) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cognitive-services.account:1.0.0`. + +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Speech](#example-4-speech) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-csacom' + params: { + // Required parameters + kind: 'Face' + name: 'csacom001' + // Non-required parameters + customSubDomainName: 'xdomain' + diagnosticEventHubAuthorizationRuleId: '' + diagnosticEventHubName: '' + diagnosticStorageAccountId: '' + diagnosticWorkspaceId: '' + enableDefaultTelemetry: '' + lock: 'CanNotDelete' + networkAcls: { + defaultAction: 'Deny' + ipRules: [ + { + value: '40.74.28.0/23' + } + ] + virtualNetworkRules: [ + { + id: '' + ignoreMissingVnetServiceEndpoint: false + } + ] + } + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + service: 'account' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + sku: 'S0' + systemAssignedIdentity: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + userAssignedIdentities: { + '': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "Face" + }, + "name": { + "value": "csacom001" + }, + // Non-required parameters + "customSubDomainName": { + "value": "xdomain" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "" + }, + "diagnosticEventHubName": { + "value": "" + }, + "diagnosticStorageAccountId": { + "value": "" + }, + "diagnosticWorkspaceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "networkAcls": { + "value": { + "defaultAction": "Deny", + "ipRules": [ + { + "value": "40.74.28.0/23" + } + ], + "virtualNetworkRules": [ + { + "id": "", + "ignoreMissingVnetServiceEndpoint": false + } + ] + } + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, + "service": "account", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "sku": { + "value": "S0" + }, + "systemAssignedIdentity": { + "value": true + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + "userAssignedIdentities": { + "value": { + "": {} + } + } + } +} +``` + +
+

+ +### Example 2: _Encr_ + +

+ +via Bicep module + +```bicep +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-csaencr' + params: { + // Required parameters + kind: 'SpeechServices' + name: 'csaencr001' + // Non-required parameters + cMKKeyName: '' + cMKKeyVaultResourceId: '' + cMKUserAssignedIdentityResourceId: '' + enableDefaultTelemetry: '' + publicNetworkAccess: 'Enabled' + restrictOutboundNetworkAccess: false + sku: 'S0' + userAssignedIdentities: { + '': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "SpeechServices" + }, + "name": { + "value": "csaencr001" + }, + // Non-required parameters + "cMKKeyName": { + "value": "" + }, + "cMKKeyVaultResourceId": { + "value": "" + }, + "cMKUserAssignedIdentityResourceId": { + "value": "" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "publicNetworkAccess": { + "value": "Enabled" + }, + "restrictOutboundNetworkAccess": { + "value": false + }, + "sku": { + "value": "S0" + }, + "userAssignedIdentities": { + "value": { + "": {} + } + } + } +} +``` + +
+

+ +### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-csamin' + params: { + // Required parameters + kind: 'SpeechServices' + name: 'csamin001' + // Non-required parameters + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "SpeechServices" + }, + "name": { + "value": "csamin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ +### Example 4: _Speech_ + +

+ +via Bicep module + +```bicep +module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-csaspeech' + params: { + // Required parameters + kind: 'SpeechServices' + name: 'csaspeech001' + // Non-required parameters + customSubDomainName: 'speechdomain' + enableDefaultTelemetry: '' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '' + ] + } + service: 'account' + subnetResourceId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + ] + sku: 'S0' + systemAssignedIdentity: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + userAssignedIdentities: { + '': {} + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "kind": { + "value": "SpeechServices" + }, + "name": { + "value": "csaspeech001" + }, + // Non-required parameters + "customSubDomainName": { + "value": "speechdomain" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "" + ] + }, + "service": "account", + "subnetResourceId": "", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + ] + }, + "sku": { + "value": "S0" + }, + "systemAssignedIdentity": { + "value": true + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + "userAssignedIdentities": { + "value": { + "": {} + } + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | +| [`name`](#parameter-name) | string | The name of Cognitive Services account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| [`customSubDomainName`](#parameter-customsubdomainname) | string | Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedFqdnList`](#parameter-allowedfqdnlist) | array | List of allowed FQDN. | +| [`apiProperties`](#parameter-apiproperties) | object | The API properties for special APIs. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, latest is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Allow only Azure AD authentication. Should be enabled for security reasons. | +| [`dynamicThrottlingEnabled`](#parameter-dynamicthrottlingenabled) | bool | The flag to enable dynamic throttling. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`migrationToken`](#parameter-migrationtoken) | string | Resource migration token. | +| [`networkAcls`](#parameter-networkacls) | object | A collection of rules governing the accessibility from specific network locations. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | +| [`restore`](#parameter-restore) | bool | Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. | +| [`restrictOutboundNetworkAccess`](#parameter-restrictoutboundnetworkaccess) | bool | Restrict outbound network access. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userOwnedStorage`](#parameter-userownedstorage) | array | The storage accounts for this resource. | + +### Parameter: `allowedFqdnList` + +List of allowed FQDN. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiProperties` + +The API properties for special APIs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, latest is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customSubDomainName` + +Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit, RequestResponse]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Allow only Azure AD authentication. Should be enabled for security reasons. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `dynamicThrottlingEnabled` + +The flag to enable dynamic throttling. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. +- Required: Yes +- Type: string +- Allowed: `[AnomalyDetector, Bing.Autosuggest.v7, Bing.CustomSearch, Bing.EntitySearch, Bing.Search.v7, Bing.SpellCheck.v7, CognitiveServices, ComputerVision, ContentModerator, CustomVision.Prediction, CustomVision.Training, Face, FormRecognizer, ImmersiveReader, Internal.AllInOne, LUIS, LUIS.Authoring, Personalizer, QnAMaker, SpeechServices, TextAnalytics, TextTranslation]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `migrationToken` + +Resource migration token. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of Cognitive Services account. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +A collection of rules governing the accessibility from specific network locations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `restore` + +Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `restrictOutboundNetworkAccess` + +Restrict outbound network access. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. +- Required: No +- Type: string +- Default: `'S0'` +- Allowed: `[C2, C3, C4, F0, F1, S, S0, S1, S10, S2, S3, S4, S5, S6, S7, S8, S9]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userOwnedStorage` + +The storage accounts for this resource. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `endpoint` | string | The service endpoint of the cognitive services account. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the cognitive services account. | +| `resourceGroupName` | string | The resource group the cognitive services account was deployed into. | +| `resourceId` | string | The resource ID of the cognitive services account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + +## Notes + +Not all combinations of parameters `kind` and `SKU` are valid and they may vary in different Azure Regions. Please use PowerShell cmdlet `Get-AzCognitiveServicesAccountSku` or another methods to determine valid values in your region. diff --git a/modules/compute/availability-set/.test/common/main.test.bicep b/modules/compute/availability-set/.test/common/main.test.bicep index 6bece2dc2d..ae1d4d2684 100644 --- a/modules/compute/availability-set/.test/common/main.test.bicep +++ b/modules/compute/availability-set/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/availability-set/.test/min/main.test.bicep b/modules/compute/availability-set/.test/min/main.test.bicep index 440148ac96..9160e72cc4 100644 --- a/modules/compute/availability-set/.test/min/main.test.bicep +++ b/modules/compute/availability-set/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md new file mode 100644 index 0000000000..2f5d79fb0b --- /dev/null +++ b/modules/compute/availability-set/README.md @@ -0,0 +1,274 @@ +# Availability Sets `[Microsoft.Compute/availabilitySets]` + +This module deploys an Availability Set. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Compute/availabilitySets` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/availabilitySets) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.availability-set:1.0.0`. + +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cascom' + params: { + // Required parameters + name: 'cascom001' + // Non-required parameters + enableDefaultTelemetry: '' + lock: 'CanNotDelete' + proximityPlacementGroupResourceId: '' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cascom001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "proximityPlacementGroupResourceId": { + "value": "" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-casmin' + params: { + // Required parameters + name: 'casmin001' + // Non-required parameters + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "casmin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the availability set that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`platformFaultDomainCount`](#parameter-platformfaultdomaincount) | int | The number of fault domains to use. | +| [`platformUpdateDomainCount`](#parameter-platformupdatedomaincount) | int | The number of update domains to use. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the availability set that is being created. +- Required: Yes +- Type: string + +### Parameter: `platformFaultDomainCount` + +The number of fault domains to use. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `platformUpdateDomainCount` + +The number of update domains to use. +- Required: No +- Type: int +- Default: `5` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. +- Required: No +- Type: string +- Default: `'Aligned'` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the availability set. | +| `resourceGroupName` | string | The resource group the availability set was deployed into. | +| `resourceId` | string | The resource ID of the availability set. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/disk-encryption-set/.test/common/main.test.bicep b/modules/compute/disk-encryption-set/.test/common/main.test.bicep index 5b54d45427..a6ad758a86 100644 --- a/modules/compute/disk-encryption-set/.test/common/main.test.bicep +++ b/modules/compute/disk-encryption-set/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md index beee32ad5d..f008764132 100644 --- a/modules/compute/disk-encryption-set/README.md +++ b/modules/compute/disk-encryption-set/README.md @@ -4,13 +4,13 @@ This module deploys a Disk Encryption Set. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,73 +20,26 @@ This module deploys a Disk Encryption Set. | `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) | | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2018-11-30](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `keyName` | string | Key URL (with version) pointing to a key or secret in KeyVault. | -| `keyVaultResourceId` | string | Resource ID of the KeyVault containing the key or secret. | -| `name` | string | The name of the disk encryption set that is being created. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `systemAssignedIdentity` | bool | `True` | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'EncryptionAtRestWithPlatformAndCustomerKeys'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]` | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. | -| `federatedClientId` | string | `'None'` | | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. | -| `keyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rotationToLatestKeyVersionEnabled` | bool | `False` | | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | -| `tags` | object | `{object}` | | Tags of the disk encryption resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `identities` | object | The idenities of the disk encryption set. | -| `keyVaultName` | string | The name of the key vault with the disk encryption key. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the disk encryption set. | -| `principalId` | string | The principal ID of the disk encryption set. | -| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. | -| `resourceId` | string | The resource ID of the disk encryption set. | - -## Cross-referenced modules +## Usage examples -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `key-vault/vault/access-policy` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Accesspolicies

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk-encryption-set:1.0.0`. + +- [Accesspolicies](#example-1-accesspolicies) +- [Using large parameter set](#example-2-using-large-parameter-set) + +### Example 1: _Accesspolicies_
via Bicep module ```bicep -module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = { +module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdesap' params: { // Required parameters @@ -176,14 +129,17 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = { +module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdescom' params: { // Required parameters @@ -276,3 +232,153 @@ module diskEncryptionSet './compute/disk-encryption-set/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-keyname) | string | Key URL (with version) pointing to a key or secret in KeyVault. | +| [`keyVaultResourceId`](#parameter-keyvaultresourceid) | string | Resource ID of the KeyVault containing the key or secret. | +| [`name`](#parameter-name) | string | The name of the disk encryption set that is being created. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. | +| [`federatedClientId`](#parameter-federatedclientid) | string | Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. | +| [`keyVersion`](#parameter-keyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`rotationToLatestKeyVersionEnabled`](#parameter-rotationtolatestkeyversionenabled) | bool | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | +| [`tags`](#parameter-tags) | object | Tags of the disk encryption resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionType` + +The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. +- Required: No +- Type: string +- Default: `'EncryptionAtRestWithPlatformAndCustomerKeys'` +- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformAndCustomerKeys]` + +### Parameter: `federatedClientId` + +Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. +- Required: No +- Type: string +- Default: `'None'` + +### Parameter: `keyName` + +Key URL (with version) pointing to a key or secret in KeyVault. +- Required: Yes +- Type: string + +### Parameter: `keyVaultResourceId` + +Resource ID of the KeyVault containing the key or secret. +- Required: Yes +- Type: string + +### Parameter: `keyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the disk encryption set that is being created. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rotationToLatestKeyVersionEnabled` + +Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Required if userAssignedIdentities is empty. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `tags` + +Tags of the disk encryption resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if systemAssignedIdentity is set to "false". +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `identities` | object | The idenities of the disk encryption set. | +| `keyVaultName` | string | The name of the key vault with the disk encryption key. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the disk encryption set. | +| `principalId` | string | The principal ID of the disk encryption set. | +| `resourceGroupName` | string | The resource group the disk encryption set was deployed into. | +| `resourceId` | string | The resource ID of the disk encryption set. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/key-vault/vault/access-policy` | Local reference | diff --git a/modules/compute/disk-encryption-set/main.json b/modules/compute/disk-encryption-set/main.json index 64d9b15bb7..d695c7fa4b 100644 --- a/modules/compute/disk-encryption-set/main.json +++ b/modules/compute/disk-encryption-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18377917753202643188" + "version": "0.22.6.54827", + "templateHash": "2262193414925411787" }, "name": "Disk Encryption Sets", "description": "This module deploys a Disk Encryption Set.", @@ -210,8 +210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1230112027833486150" + "version": "0.22.6.54827", + "templateHash": "17441180682016270247" } }, "parameters": { @@ -286,8 +286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7222366309271203422" + "version": "0.22.6.54827", + "templateHash": "7398650593557443106" } }, "parameters": { @@ -358,8 +358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -492,8 +492,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13165233376501361165" + "version": "0.22.6.54827", + "templateHash": "17225067072833999246" } }, "parameters": { diff --git a/modules/compute/disk/.test/common/main.test.bicep b/modules/compute/disk/.test/common/main.test.bicep index 7b06f5ded0..aa9864c7ed 100644 --- a/modules/compute/disk/.test/common/main.test.bicep +++ b/modules/compute/disk/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk/.test/min/main.test.bicep b/modules/compute/disk/.test/min/main.test.bicep index 15661b44b4..6a69bbe644 100644 --- a/modules/compute/disk/.test/min/main.test.bicep +++ b/modules/compute/disk/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md new file mode 100644 index 0000000000..8157f6c48a --- /dev/null +++ b/modules/compute/disk/README.md @@ -0,0 +1,645 @@ +# Compute Disks `[Microsoft.Compute/disks]` + +This module deploys a Compute Disk + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Compute/disks` | [2022-07-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-07-02/disks) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. + + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.disk:1.0.0`. + +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Image](#example-2-image) +- [Import](#example-3-import) +- [Using only defaults](#example-4-using-only-defaults) + +### Example 1: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module disk 'br:bicep/modules/compute.disk:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdcom' + params: { + // Required parameters + name: 'cdcom001' + sku: 'UltraSSD_LRS' + // Non-required parameters + diskIOPSReadWrite: 500 + diskMBpsReadWrite: 60 + diskSizeGB: 128 + enableDefaultTelemetry: '' + lock: 'CanNotDelete' + logicalSectorSize: 512 + osType: 'Windows' + publicNetworkAccess: 'Enabled' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cdcom001" + }, + "sku": { + "value": "UltraSSD_LRS" + }, + // Non-required parameters + "diskIOPSReadWrite": { + "value": 500 + }, + "diskMBpsReadWrite": { + "value": 60 + }, + "diskSizeGB": { + "value": 128 + }, + "enableDefaultTelemetry": { + "value": "" + }, + "lock": { + "value": "CanNotDelete" + }, + "logicalSectorSize": { + "value": 512 + }, + "osType": { + "value": "Windows" + }, + "publicNetworkAccess": { + "value": "Enabled" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 2: _Image_ + +

+ +via Bicep module + +```bicep +module disk 'br:bicep/modules/compute.disk:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdimg' + params: { + // Required parameters + name: 'cdimg001' + sku: 'Standard_LRS' + // Non-required parameters + createOption: 'FromImage' + enableDefaultTelemetry: '' + imageReferenceId: '' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cdimg001" + }, + "sku": { + "value": "Standard_LRS" + }, + // Non-required parameters + "createOption": { + "value": "FromImage" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "imageReferenceId": { + "value": "" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 3: _Import_ + +

+ +via Bicep module + +```bicep +module disk 'br:bicep/modules/compute.disk:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdimp' + params: { + // Required parameters + name: 'cdimp001' + sku: 'Standard_LRS' + // Non-required parameters + createOption: 'Import' + enableDefaultTelemetry: '' + roleAssignments: [ + { + principalIds: [ + '' + ] + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + sourceUri: '' + storageAccountId: '' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cdimp001" + }, + "sku": { + "value": "Standard_LRS" + }, + // Non-required parameters + "createOption": { + "value": "Import" + }, + "enableDefaultTelemetry": { + "value": "" + }, + "roleAssignments": { + "value": [ + { + "principalIds": [ + "" + ], + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "sourceUri": { + "value": "" + }, + "storageAccountId": { + "value": "" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 4: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module disk 'br:bicep/modules/compute.disk:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cdmin' + params: { + // Required parameters + name: 'cdmin001' + sku: 'Standard_LRS' + // Non-required parameters + diskSizeGB: 1 + enableDefaultTelemetry: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "cdmin001" + }, + "sku": { + "value": "Standard_LRS" + }, + // Non-required parameters + "diskSizeGB": { + "value": 1 + }, + "enableDefaultTelemetry": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the disk that is being created. | +| [`sku`](#parameter-sku) | string | The disks sku name. Can be . | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diskSizeGB`](#parameter-disksizegb) | int | The size of the disk to create. Required if create option is Empty. | +| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`acceleratedNetwork`](#parameter-acceleratednetwork) | bool | True if the image from which the OS disk is created supports accelerated networking. | +| [`architecture`](#parameter-architecture) | string | CPU architecture supported by an OS disk. | +| [`burstingEnabled`](#parameter-burstingenabled) | bool | Set to true to enable bursting beyond the provisioned performance target of the disk. | +| [`completionPercent`](#parameter-completionpercent) | int | Percentage complete for the background copy when a resource is created via the CopyStart operation. | +| [`createOption`](#parameter-createoption) | string | Sources of a disk creation. | +| [`diskIOPSReadWrite`](#parameter-diskiopsreadwrite) | int | The number of IOPS allowed for this disk; only settable for UltraSSD disks. | +| [`diskMBpsReadWrite`](#parameter-diskmbpsreadwrite) | int | The bandwidth allowed for this disk; only settable for UltraSSD disks. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine. Applicable to OS disks only. | +| [`imageReferenceId`](#parameter-imagereferenceid) | string | A relative uri containing either a Platform Image Repository or user image reference. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`logicalSectorSize`](#parameter-logicalsectorsize) | int | Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. | +| [`maxShares`](#parameter-maxshares) | int | The maximum number of VMs that can attach to the disk at the same time. Default value is 0. | +| [`networkAccessPolicy`](#parameter-networkaccesspolicy) | string | Policy for accessing the disk via network. | +| [`optimizedForFrequentAttach`](#parameter-optimizedforfrequentattach) | bool | Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. | +| [`osType`](#parameter-ostype) | string | Sources of a disk creation. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Policy for controlling export on the disk. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityDataUri`](#parameter-securitydatauri) | string | If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | If create option is Copy, this is the ARM ID of the source snapshot or disk. | +| [`sourceUri`](#parameter-sourceuri) | string | If create option is Import, this is the URI of a blob to be imported into a managed disk. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | +| [`uploadSizeBytes`](#parameter-uploadsizebytes) | int | If create option is Upload, this is the size of the contents of the upload including the VHD footer. | + +### Parameter: `acceleratedNetwork` + +True if the image from which the OS disk is created supports accelerated networking. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `architecture` + +CPU architecture supported by an OS disk. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Arm64, x64]` + +### Parameter: `burstingEnabled` + +Set to true to enable bursting beyond the provisioned performance target of the disk. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `completionPercent` + +Percentage complete for the background copy when a resource is created via the CopyStart operation. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `createOption` + +Sources of a disk creation. +- Required: No +- Type: string +- Default: `'Empty'` +- Allowed: `[Attach, Copy, CopyStart, Empty, FromImage, Import, ImportSecure, Restore, Upload, UploadPreparedSecure]` + +### Parameter: `diskIOPSReadWrite` + +The number of IOPS allowed for this disk; only settable for UltraSSD disks. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `diskMBpsReadWrite` + +The bandwidth allowed for this disk; only settable for UltraSSD disks. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `diskSizeGB` + +The size of the disk to create. Required if create option is Empty. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hyperVGeneration` + +The hypervisor generation of the Virtual Machine. Applicable to OS disks only. +- Required: No +- Type: string +- Default: `'V2'` +- Allowed: `[V1, V2]` + +### Parameter: `imageReferenceId` + +A relative uri containing either a Platform Image Repository or user image reference. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `logicalSectorSize` + +Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. +- Required: No +- Type: int +- Default: `4096` + +### Parameter: `maxShares` + +The maximum number of VMs that can attach to the disk at the same time. Default value is 0. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +The name of the disk that is being created. +- Required: Yes +- Type: string + +### Parameter: `networkAccessPolicy` + +Policy for accessing the disk via network. +- Required: No +- Type: string +- Default: `'DenyAll'` +- Allowed: `[AllowAll, AllowPrivate, DenyAll]` + +### Parameter: `optimizedForFrequentAttach` + +Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `osType` + +Sources of a disk creation. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Linux, Windows]` + +### Parameter: `publicNetworkAccess` + +Policy for controlling export on the disk. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityDataUri` + +If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sku` + +The disks sku name. Can be . +- Required: Yes +- Type: string +- Allowed: `[Premium_LRS, Premium_ZRS, Premium_ZRS, PremiumV2_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS]` + +### Parameter: `sourceResourceId` + +If create option is Copy, this is the ARM ID of the source snapshot or disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceUri` + +If create option is Import, this is the URI of a blob to be imported into a managed disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountId` + +The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uploadSizeBytes` + +If create option is Upload, this is the size of the contents of the upload including the VHD footer. +- Required: No +- Type: int +- Default: `20972032` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the disk. | +| `resourceGroupName` | string | The resource group the disk was deployed into. | +| `resourceId` | string | The resource ID of the disk. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/gallery/.test/common/main.test.bicep b/modules/compute/gallery/.test/common/main.test.bicep index 7d1d8b24e4..661d7c9463 100644 --- a/modules/compute/gallery/.test/common/main.test.bicep +++ b/modules/compute/gallery/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/gallery/.test/min/main.test.bicep b/modules/compute/gallery/.test/min/main.test.bicep index df2b8e1bfb..363ba87906 100644 --- a/modules/compute/gallery/.test/min/main.test.bicep +++ b/modules/compute/gallery/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md index 361dfefa38..e518757185 100644 --- a/modules/compute/gallery/README.md +++ b/modules/compute/gallery/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,56 +20,29 @@ This module deploys an Azure Compute Gallery (formerly known as Shared Image Gal | `Microsoft.Compute/galleries/applications` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/applications) | | `Microsoft.Compute/galleries/images` | [2022-03-03](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-03-03/galleries/images) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Compute Gallery. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applications` | array | `[]` | | Applications to create. | -| `description` | string | `''` | | Description of the Azure Shared Image Gallery. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `images` | array | `[]` | | Images to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags for all resources. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed image gallery. | -| `resourceGroupName` | string | The resource group of the deployed image gallery. | -| `resourceId` | string | The resource ID of the deployed image gallery. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.gallery:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module gallery './compute/gallery/main.bicep' = { +module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cgcom' params: { // Required parameters @@ -401,14 +374,17 @@ module gallery './compute/gallery/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module gallery './compute/gallery/main.bicep' = { +module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cgmin' params: { // Required parameters @@ -445,3 +421,102 @@ module gallery './compute/gallery/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Compute Gallery. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applications`](#parameter-applications) | array | Applications to create. | +| [`description`](#parameter-description) | string | Description of the Azure Shared Image Gallery. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`images`](#parameter-images) | array | Images to create. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `applications` + +Applications to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the Azure Shared Image Gallery. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `images` + +Images to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Compute Gallery. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed image gallery. | +| `resourceGroupName` | string | The resource group of the deployed image gallery. | +| `resourceId` | string | The resource ID of the deployed image gallery. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/gallery/application/README.md b/modules/compute/gallery/application/README.md index ad83eb42dc..9f581840d4 100644 --- a/modules/compute/gallery/application/README.md +++ b/modules/compute/gallery/application/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Compute Gallery Application. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,36 +21,126 @@ This module deploys an Azure Compute Gallery Application. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the application definition. | +| [`name`](#parameter-name) | string | Name of the application definition. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `galleryName` | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. | +| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `customActions` | array | `[]` | | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. | -| `description` | string | `''` | | The description of this gallery Application Definition resource. This property is updatable. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endOfLifeDate` | string | `''` | | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | -| `eula` | string | `''` | | The Eula agreement for the gallery Application Definition. Has to be a valid URL. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `privacyStatementUri` | string | `''` | | The privacy statement uri. Has to be a valid URL. | -| `releaseNoteUri` | string | `''` | | The release note uri. Has to be a valid URL. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `supportedOSType` | string | `'Windows'` | `[Linux, Windows]` | This property allows you to specify the supported type of the OS that application is built for. | -| `tags` | object | `{object}` | | Tags for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customActions`](#parameter-customactions) | array | A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. | +| [`description`](#parameter-description) | string | The description of this gallery Application Definition resource. This property is updatable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endOfLifeDate`](#parameter-endoflifedate) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | +| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Application Definition. Has to be a valid URL. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. | +| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`supportedOSType`](#parameter-supportedostype) | string | This property allows you to specify the supported type of the OS that application is built for. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `customActions` + +A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of this gallery Application Definition resource. This property is updatable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endOfLifeDate` + +The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `eula` + +The Eula agreement for the gallery Application Definition. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `galleryName` + +The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the application definition. +- Required: Yes +- Type: string + +### Parameter: `privacyStatementUri` + +The privacy statement uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `releaseNoteUri` + +The release note uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `supportedOSType` + +This property allows you to specify the supported type of the OS that application is built for. +- Required: No +- Type: string +- Default: `'Windows'` +- Allowed: `[Linux, Windows]` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the image. | diff --git a/modules/compute/gallery/application/main.json b/modules/compute/gallery/application/main.json index 723172da86..c845191f4c 100644 --- a/modules/compute/gallery/application/main.json +++ b/modules/compute/gallery/application/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "302763326863799273" + "version": "0.22.6.54827", + "templateHash": "16139720757397534180" }, "name": "Compute Galleries Applications", "description": "This module deploys an Azure Compute Gallery Application.", @@ -172,8 +172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3891555929973685105" + "version": "0.22.6.54827", + "templateHash": "13281580182526787077" } }, "parameters": { diff --git a/modules/compute/gallery/image/README.md b/modules/compute/gallery/image/README.md index 51ccbb2e93..3ad27fb151 100644 --- a/modules/compute/gallery/image/README.md +++ b/modules/compute/gallery/image/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Compute Gallery Image Definition. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,51 +20,251 @@ This module deploys an Azure Compute Gallery Image Definition. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the image definition. | +| [`name`](#parameter-name) | string | Name of the image definition. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `galleryName` | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. | +| [`galleryName`](#parameter-galleryname) | string | The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The description of this gallery Image Definition resource. This property is updatable. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endOfLife` | string | `''` | | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | -| `eula` | string | `''` | | The Eula agreement for the gallery Image Definition. Has to be a valid URL. | -| `excludedDiskTypes` | array | `[]` | | List of the excluded disk types. E.g. Standard_LRS. | -| `hyperVGeneration` | string | `''` | `['', V1, V2]` | The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. | -| `isAcceleratedNetworkSupported` | string | `'false'` | `[false, true]` | The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. | -| `isHibernateSupported` | string | `'false'` | `[false, true]` | The image will support hibernation. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `maxRecommendedMemory` | int | `16` | | The maximum amount of RAM in GB recommended for this image. | -| `maxRecommendedvCPUs` | int | `4` | | The maximum number of the CPU cores recommended for this image. | -| `minRecommendedMemory` | int | `4` | | The minimum amount of RAM in GB recommended for this image. | -| `minRecommendedvCPUs` | int | `1` | | The minimum number of the CPU cores recommended for this image. | -| `offer` | string | `'WindowsServer'` | | The name of the gallery Image Definition offer. | -| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. | -| `osType` | string | `'Windows'` | `[Linux, Windows]` | OS type of the image to be created. | -| `planName` | string | `''` | | The plan ID. | -| `planPublisherName` | string | `''` | | The publisher ID. | -| `privacyStatementUri` | string | `''` | | The privacy statement uri. Has to be a valid URL. | -| `productName` | string | `''` | | The product ID. | -| `publisher` | string | `'MicrosoftWindowsServer'` | | The name of the gallery Image Definition publisher. | -| `releaseNoteUri` | string | `''` | | The release note uri. Has to be a valid URL. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securityType` | string | `'Standard'` | `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]` | The security type of the image. Requires a hyperVGeneration V2. | -| `sku` | string | `'2019-Datacenter'` | | The name of the gallery Image Definition SKU. | -| `tags` | object | `{object}` | | Tags for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of this gallery Image Definition resource. This property is updatable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endOfLife`](#parameter-endoflife) | string | The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. | +| [`eula`](#parameter-eula) | string | The Eula agreement for the gallery Image Definition. Has to be a valid URL. | +| [`excludedDiskTypes`](#parameter-excludeddisktypes) | array | List of the excluded disk types. E.g. Standard_LRS. | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. | +| [`isAcceleratedNetworkSupported`](#parameter-isacceleratednetworksupported) | string | The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. | +| [`isHibernateSupported`](#parameter-ishibernatesupported) | string | The image will support hibernation. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`maxRecommendedMemory`](#parameter-maxrecommendedmemory) | int | The maximum amount of RAM in GB recommended for this image. | +| [`maxRecommendedvCPUs`](#parameter-maxrecommendedvcpus) | int | The maximum number of the CPU cores recommended for this image. | +| [`minRecommendedMemory`](#parameter-minrecommendedmemory) | int | The minimum amount of RAM in GB recommended for this image. | +| [`minRecommendedvCPUs`](#parameter-minrecommendedvcpus) | int | The minimum number of the CPU cores recommended for this image. | +| [`offer`](#parameter-offer) | string | The name of the gallery Image Definition offer. | +| [`osState`](#parameter-osstate) | string | This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. | +| [`osType`](#parameter-ostype) | string | OS type of the image to be created. | +| [`planName`](#parameter-planname) | string | The plan ID. | +| [`planPublisherName`](#parameter-planpublishername) | string | The publisher ID. | +| [`privacyStatementUri`](#parameter-privacystatementuri) | string | The privacy statement uri. Has to be a valid URL. | +| [`productName`](#parameter-productname) | string | The product ID. | +| [`publisher`](#parameter-publisher) | string | The name of the gallery Image Definition publisher. | +| [`releaseNoteUri`](#parameter-releasenoteuri) | string | The release note uri. Has to be a valid URL. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securityType`](#parameter-securitytype) | string | The security type of the image. Requires a hyperVGeneration V2. | +| [`sku`](#parameter-sku) | string | The name of the gallery Image Definition SKU. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | + +### Parameter: `description` + +The description of this gallery Image Definition resource. This property is updatable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endOfLife` + +The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `eula` + +The Eula agreement for the gallery Image Definition. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `excludedDiskTypes` + +List of the excluded disk types. E.g. Standard_LRS. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `galleryName` + +The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `hyperVGeneration` + +The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', V1, V2]` + +### Parameter: `isAcceleratedNetworkSupported` + +The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `isHibernateSupported` + +The image will support hibernation. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `maxRecommendedMemory` + +The maximum amount of RAM in GB recommended for this image. +- Required: No +- Type: int +- Default: `16` + +### Parameter: `maxRecommendedvCPUs` + +The maximum number of the CPU cores recommended for this image. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `minRecommendedMemory` + +The minimum amount of RAM in GB recommended for this image. +- Required: No +- Type: int +- Default: `4` + +### Parameter: `minRecommendedvCPUs` + +The minimum number of the CPU cores recommended for this image. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +Name of the image definition. +- Required: Yes +- Type: string + +### Parameter: `offer` + +The name of the gallery Image Definition offer. +- Required: No +- Type: string +- Default: `'WindowsServer'` + +### Parameter: `osState` + +This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. +- Required: No +- Type: string +- Default: `'Generalized'` +- Allowed: `[Generalized, Specialized]` + +### Parameter: `osType` + +OS type of the image to be created. +- Required: No +- Type: string +- Default: `'Windows'` +- Allowed: `[Linux, Windows]` + +### Parameter: `planName` + +The plan ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `planPublisherName` + +The publisher ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privacyStatementUri` + +The privacy statement uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `productName` + +The product ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publisher` + +The name of the gallery Image Definition publisher. +- Required: No +- Type: string +- Default: `'MicrosoftWindowsServer'` + +### Parameter: `releaseNoteUri` + +The release note uri. Has to be a valid URL. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securityType` + +The security type of the image. Requires a hyperVGeneration V2. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[ConfidentialVM, ConfidentialVMSupported, Standard, TrustedLaunch]` + +### Parameter: `sku` + +The name of the gallery Image Definition SKU. +- Required: No +- Type: string +- Default: `'2019-Datacenter'` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the image. | diff --git a/modules/compute/gallery/image/main.json b/modules/compute/gallery/image/main.json index 3cc4aa0a12..27cd77a9d9 100644 --- a/modules/compute/gallery/image/main.json +++ b/modules/compute/gallery/image/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14112753208892308004" + "version": "0.22.6.54827", + "templateHash": "12756969313323460277" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5875220683176267757" + "version": "0.22.6.54827", + "templateHash": "11966293152836776526" } }, "parameters": { diff --git a/modules/compute/gallery/main.json b/modules/compute/gallery/main.json index 30cefa77b2..d1a6ae1c3b 100644 --- a/modules/compute/gallery/main.json +++ b/modules/compute/gallery/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9949380945514738513" + "version": "0.22.6.54827", + "templateHash": "18299186787302449822" }, "name": "Azure Compute Galleries", "description": "This module deploys an Azure Compute Gallery (formerly known as Shared Image Gallery).", @@ -158,8 +158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4214079490664881100" + "version": "0.22.6.54827", + "templateHash": "14589885933064386870" } }, "parameters": { @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3432608104011360661" + "version": "0.22.6.54827", + "templateHash": "16139720757397534180" }, "name": "Compute Galleries Applications", "description": "This module deploys an Azure Compute Gallery Application.", @@ -501,8 +501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1432477963725169802" + "version": "0.22.6.54827", + "templateHash": "13281580182526787077" } }, "parameters": { @@ -726,8 +726,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11726406803846510228" + "version": "0.22.6.54827", + "templateHash": "12756969313323460277" }, "name": "Compute Galleries Image Definitions", "description": "This module deploys an Azure Compute Gallery Image Definition.", @@ -1055,8 +1055,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9996928759826468102" + "version": "0.22.6.54827", + "templateHash": "11966293152836776526" } }, "parameters": { diff --git a/modules/compute/image/.test/common/main.test.bicep b/modules/compute/image/.test/common/main.test.bicep index 05f4ac649e..64743cb96c 100644 --- a/modules/compute/image/.test/common/main.test.bicep +++ b/modules/compute/image/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/image/README.md b/modules/compute/image/README.md index bfe1ab68d0..bfb88c0c34 100644 --- a/modules/compute/image/README.md +++ b/modules/compute/image/README.md @@ -4,79 +4,41 @@ This module deploys a Compute Image. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/images` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/images) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the image. | -| `osDiskBlobUri` | string | The Virtual Hard Disk. | -| `osType` | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dataDisks` | array | `[]` | | Specifies the parameters that are used to add a data disk to a virtual machine. | -| `diskEncryptionSetResourceId` | string | `''` | | Specifies the customer managed disk encryption set resource ID for the managed image disk. | -| `diskSizeGB` | int | `128` | | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extendedLocation` | object | `{object}` | | The extended location of the Image. | -| `hyperVGeneration` | string | `'V1'` | | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `managedDiskResourceId` | string | `''` | | The managedDisk. | -| `osAccountType` | string | | | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. | -| `osDiskCaching` | string | | | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. | -| `osState` | string | `'Generalized'` | `[Generalized, Specialized]` | The OS State. For managed images, use Generalized. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `snapshotResourceId` | string | `''` | | The snapshot resource ID. | -| `sourceVirtualMachineResourceId` | string | `''` | | The source virtual machine from which Image is created. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneResilient` | bool | `False` | | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the image. | -| `resourceGroupName` | string | The resource group the image was deployed into. | -| `resourceId` | string | The resource ID of the image. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.image:1.0.0`. -_None_ +- [Using large parameter set](#example-1-using-large-parameter-set) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module image './compute/image/main.bicep' = { +module image 'br:bicep/modules/compute.image:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicom' params: { // Required parameters @@ -181,3 +143,178 @@ module image './compute/image/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the image. | +| [`osDiskBlobUri`](#parameter-osdiskbloburi) | string | The Virtual Hard Disk. | +| [`osType`](#parameter-ostype) | string | This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the parameters that are used to add a data disk to a virtual machine. | +| [`diskEncryptionSetResourceId`](#parameter-diskencryptionsetresourceid) | string | Specifies the customer managed disk encryption set resource ID for the managed image disk. | +| [`diskSizeGB`](#parameter-disksizegb) | int | Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extendedLocation`](#parameter-extendedlocation) | object | The extended location of the Image. | +| [`hyperVGeneration`](#parameter-hypervgeneration) | string | Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managedDiskResourceId`](#parameter-manageddiskresourceid) | string | The managedDisk. | +| [`osAccountType`](#parameter-osaccounttype) | string | Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. | +| [`osDiskCaching`](#parameter-osdiskcaching) | string | Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. | +| [`osState`](#parameter-osstate) | string | The OS State. For managed images, use Generalized. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`snapshotResourceId`](#parameter-snapshotresourceid) | string | The snapshot resource ID. | +| [`sourceVirtualMachineResourceId`](#parameter-sourcevirtualmachineresourceid) | string | The source virtual machine from which Image is created. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneResilient`](#parameter-zoneresilient) | bool | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). | + +### Parameter: `dataDisks` + +Specifies the parameters that are used to add a data disk to a virtual machine. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diskEncryptionSetResourceId` + +Specifies the customer managed disk encryption set resource ID for the managed image disk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diskSizeGB` + +Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. +- Required: No +- Type: int +- Default: `128` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extendedLocation` + +The extended location of the Image. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hyperVGeneration` + +Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. +- Required: No +- Type: string +- Default: `'V1'` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `managedDiskResourceId` + +The managedDisk. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the image. +- Required: Yes +- Type: string + +### Parameter: `osAccountType` + +Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. +- Required: Yes +- Type: string + +### Parameter: `osDiskBlobUri` + +The Virtual Hard Disk. +- Required: Yes +- Type: string + +### Parameter: `osDiskCaching` + +Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. +- Required: Yes +- Type: string + +### Parameter: `osState` + +The OS State. For managed images, use Generalized. +- Required: No +- Type: string +- Default: `'Generalized'` +- Allowed: `[Generalized, Specialized]` + +### Parameter: `osType` + +This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `snapshotResourceId` + +The snapshot resource ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceVirtualMachineResourceId` + +The source virtual machine from which Image is created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneResilient` + +Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the image. | +| `resourceGroupName` | string | The resource group the image was deployed into. | +| `resourceId` | string | The resource ID of the image. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/image/main.json b/modules/compute/image/main.json index ae3a9cc984..4d5551e4a8 100644 --- a/modules/compute/image/main.json +++ b/modules/compute/image/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2820072627955480116" + "version": "0.22.6.54827", + "templateHash": "10714756522840080401" }, "name": "Images", "description": "This module deploys a Compute Image.", @@ -221,8 +221,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18299600248178146819" + "version": "0.22.6.54827", + "templateHash": "17260715174516023943" } }, "parameters": { diff --git a/modules/compute/proximity-placement-group/.test/common/main.test.bicep b/modules/compute/proximity-placement-group/.test/common/main.test.bicep index 04e74c7088..38de4fd5d1 100644 --- a/modules/compute/proximity-placement-group/.test/common/main.test.bicep +++ b/modules/compute/proximity-placement-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/proximity-placement-group/.test/min/main.test.bicep b/modules/compute/proximity-placement-group/.test/min/main.test.bicep index 244fae144c..cb745a8bda 100644 --- a/modules/compute/proximity-placement-group/.test/min/main.test.bicep +++ b/modules/compute/proximity-placement-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md index 42bb92577b..98c3ab9444 100644 --- a/modules/compute/proximity-placement-group/README.md +++ b/modules/compute/proximity-placement-group/README.md @@ -4,13 +4,13 @@ This module deploys a Proximity Placement Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -18,57 +18,29 @@ This module deploys a Proximity Placement Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/proximityPlacementGroups` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/proximityPlacementGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the proximity placement group that is being created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `colocationStatus` | object | `{object}` | | Describes colocation status of the Proximity Placement Group. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `intent` | object | `{object}` | | Specifies the user intent of the proximity placement group. | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the proximity placement group resource. | -| `type` | string | `'Standard'` | `[Standard, Ultra]` | Specifies the type of the proximity placement group. | -| `zones` | array | `[]` | | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the proximity placement group. | -| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. | -| `resourceId` | string | The resourceId the proximity placement group. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.proximity-placement-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = { +module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cppgcom' params: { // Required parameters @@ -182,14 +154,17 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module proximityPlacementGroup './compute/proximity-placement-group/main.bicep' = { +module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cppgmin' params: { // Required parameters @@ -226,3 +201,111 @@ module proximityPlacementGroup './compute/proximity-placement-group/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the proximity placement group that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`colocationStatus`](#parameter-colocationstatus) | object | Describes colocation status of the Proximity Placement Group. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`intent`](#parameter-intent) | object | Specifies the user intent of the proximity placement group. | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the proximity placement group resource. | +| [`type`](#parameter-type) | string | Specifies the type of the proximity placement group. | +| [`zones`](#parameter-zones) | array | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. | + +### Parameter: `colocationStatus` + +Describes colocation status of the Proximity Placement Group. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `intent` + +Specifies the user intent of the proximity placement group. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the proximity placement group that is being created. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the proximity placement group resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +Specifies the type of the proximity placement group. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Standard, Ultra]` + +### Parameter: `zones` + +Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the proximity placement group. | +| `resourceGroupName` | string | The resource group the proximity placement group was deployed into. | +| `resourceId` | string | The resourceId the proximity placement group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/proximity-placement-group/main.json b/modules/compute/proximity-placement-group/main.json index c14b4643cf..515ff086af 100644 --- a/modules/compute/proximity-placement-group/main.json +++ b/modules/compute/proximity-placement-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12193143335374733252" + "version": "0.22.6.54827", + "templateHash": "6477295143375151288" }, "name": "Proximity Placement Groups", "description": "This module deploys a Proximity Placement Group.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9569185937867215918" + "version": "0.22.6.54827", + "templateHash": "843117559787773713" } }, "parameters": { diff --git a/modules/compute/ssh-public-key/.test/common/main.test.bicep b/modules/compute/ssh-public-key/.test/common/main.test.bicep index 0a61dd1d16..f20494fb87 100644 --- a/modules/compute/ssh-public-key/.test/common/main.test.bicep +++ b/modules/compute/ssh-public-key/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/ssh-public-key/.test/min/main.test.bicep b/modules/compute/ssh-public-key/.test/min/main.test.bicep index c115e84702..dfc7cdd0ec 100644 --- a/modules/compute/ssh-public-key/.test/min/main.test.bicep +++ b/modules/compute/ssh-public-key/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/compute/ssh-public-key/README.md b/modules/compute/ssh-public-key/README.md index ae6fc16917..8789b85ef3 100644 --- a/modules/compute/ssh-public-key/README.md +++ b/modules/compute/ssh-public-key/README.md @@ -7,10 +7,10 @@ This module deploys a Public SSH Key. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,54 +20,29 @@ This module deploys a Public SSH Key. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/sshPublicKeys` | [2022-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-08-01/sshPublicKeys) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the SSH public Key that is being created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Resource location. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicKey` | string | `''` | | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the availability set resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Public SSH Key. | -| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. | -| `resourceId` | string | The resource ID of the Public SSH Key. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.ssh-public-key:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module sshPublicKey './compute/ssh-public-key/main.bicep' = { +module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cspkcom' params: { // Required parameters @@ -109,14 +84,17 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module sshPublicKey './compute/ssh-public-key/main.bicep' = { +module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cspkmin' params: { // Required parameters @@ -153,3 +131,86 @@ module sshPublicKey './compute/ssh-public-key/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the SSH public Key that is being created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Resource location. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicKey`](#parameter-publickey) | string | SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the availability set resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the SSH public Key that is being created. +- Required: Yes +- Type: string + +### Parameter: `publicKey` + +SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the availability set resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Public SSH Key. | +| `resourceGroupName` | string | The name of the Resource Group the Public SSH Key was created in. | +| `resourceId` | string | The resource ID of the Public SSH Key. | + +## Cross-referenced modules + +_None_ diff --git a/modules/compute/ssh-public-key/main.json b/modules/compute/ssh-public-key/main.json index 8249f12974..b0179a9ba4 100644 --- a/modules/compute/ssh-public-key/main.json +++ b/modules/compute/ssh-public-key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15954994307790830722" + "version": "0.22.6.54827", + "templateHash": "10030504426335419860" }, "name": "Public SSH Keys", "description": "This module deploys a Public SSH Key.\r\n\r\n> Note: The resource does not auto-generate the key for you.", @@ -139,8 +139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6373247458133694880" + "version": "0.22.6.54827", + "templateHash": "12934875075357551454" } }, "parameters": { diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 9c7583c1c4..fe88a71ad7 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -4,14 +4,14 @@ This module deploys a Virtual Machine Scale Set. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,134 +21,29 @@ This module deploys a Virtual Machine Scale Set. | `Microsoft.Compute/virtualMachineScaleSets/extensions` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Compute/2022-11-01/virtualMachineScaleSets/extensions) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -### Resource dependency +## Usage examples -The following resources are required to be able to deploy this resource. - -- `Microsoft.Network/VirtualNetwork` - -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | Administrator username. | -| `imageReference` | object | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | -| `name` | string | | Name of the VMSS. | -| `nicConfigurations` | array | | Configures NICs and PIPs. | -| `osDisk` | object | | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | -| `osType` | string | `[Linux, Windows]` | The chosen OS type. | -| `skuName` | string | | The SKU size of the VMs. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | -| `automaticRepairsPolicyEnabled` | bool | `False` | | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | -| `availabilityZones` | array | `[]` | | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | -| `bootDiagnosticStorageAccountName` | string | `''` | | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | -| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` | | Storage account boot diagnostic base URI. | -| `customData` | string | `''` | | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | -| `dataDisks` | array | `[]` | | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableAutomaticRollback` | bool | `False` | | Whether OS image rollback feature should be disabled. | -| `disablePasswordAuthentication` | bool | `False` | | Specifies whether password authentication should be disabled. | -| `doNotRunExtensionsOnOverprovisionedVMs` | bool | `False` | | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | -| `enableAutomaticOSUpgrade` | bool | `False` | | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | -| `enableAutomaticUpdates` | bool | `True` | | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEvictionPolicy` | bool | `False` | | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | -| `encryptionAtHost` | bool | `True` | | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. | -| `extensionAntiMalwareConfig` | object | `{object}` | | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAzureDiskEncryptionConfig` | object | `{object}` | | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | -| `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | -| `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `gracePeriod` | string | `'PT30M'` | | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). | -| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxBatchInstancePercent` | int | `20` | | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. | -| `maxPriceForLowPriorityVm` | string | `''` | | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | -| `maxUnhealthyInstancePercent` | int | `20` | | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | -| `maxUnhealthyUpgradedInstancePercent` | int | `20` | | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. | -| `overprovision` | bool | `False` | | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | -| `pauseTimeBetweenBatches` | string | `'PT0S'` | | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. | -| `plan` | object | `{object}` | | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | -| `provisionVMAgent` | bool | `True` | | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `publicIpDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `publicKeys` | array | `[]` | | The list of SSH public keys used to authenticate with linux based VMs. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sasTokenValidityLength` | string | `'PT8H'` | | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `scaleInPolicy` | object | `{object}` | | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. | -| `scaleSetFaultDomain` | int | `2` | | Fault Domain count for each placement group. | -| `scheduledEventsProfile` | object | `{object}` | | Specifies Scheduled Event related configurations. | -| `secrets` | array | `[]` | | Specifies set of certificates that should be installed onto the virtual machines in the scale set. | -| `secureBootEnabled` | bool | `False` | | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `securityType` | string | `''` | | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. | -| `singlePlacementGroup` | bool | `True` | | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | -| `skuCapacity` | int | `1` | | The initial instance count of scale set VMs. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `''` | | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | -| `ultraSSDEnabled` | bool | `False` | | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | -| `upgradePolicyMode` | string | `'Manual'` | `[Automatic, Manual, Rolling]` | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vmNamePrefix` | string | `'vmssvm'` | | Specifies the computer name prefix for all of the virtual machines in the scale set. | -| `vmPriority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. | -| `vTpmEnabled` | bool | `False` | | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `winRM` | object | `{object}` | | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | -| `zoneBalance` | bool | `False` | | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual machine scale set. | -| `resourceGroupName` | string | The resource group of the virtual machine scale set. | -| `resourceId` | string | The resource ID of the virtual machine scale set. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Linux

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine-scale-set:1.0.0`. + +- [Linux](#example-1-linux) +- [Linux.Min](#example-2-linuxmin) +- [Linux.Ssecmk](#example-3-linuxssecmk) +- [Windows](#example-4-windows) +- [Windows.Min](#example-5-windowsmin) + +### Example 1: _Linux_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslin' params: { // Required parameters @@ -492,14 +387,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 2: Linux.Min

+### Example 2: _Linux.Min_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin' params: { // Required parameters @@ -629,14 +524,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 3: Linux.Ssecmk

+### Example 3: _Linux.Ssecmk_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk' params: { // Required parameters @@ -816,14 +711,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 4: Windows

+### Example 4: _Windows_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsswin' params: { // Required parameters @@ -1149,14 +1044,14 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

-

Example 5: Windows.Min

+### Example 5: _Windows.Min_
via Bicep module ```bicep -module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' = { +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin' params: { // Required parameters @@ -1273,6 +1168,638 @@ module virtualMachineScaleSet './compute/virtual-machine-scale-set/main.bicep' =

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. | +| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | +| [`name`](#parameter-name) | string | Name of the VMSS. | +| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. | +| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | +| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`skuName`](#parameter-skuname) | string | The SKU size of the VMs. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | +| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. | +| [`automaticRepairsPolicyEnabled`](#parameter-automaticrepairspolicyenabled) | bool | Specifies whether automatic repairs should be enabled on the virtual machine scale set. | +| [`availabilityZones`](#parameter-availabilityzones) | array | The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. | +| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. | +| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. | +| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableAutomaticRollback`](#parameter-disableautomaticrollback) | bool | Whether OS image rollback feature should be disabled. | +| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. | +| [`doNotRunExtensionsOnOverprovisionedVMs`](#parameter-donotrunextensionsonoverprovisionedvms) | bool | When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. | +| [`enableAutomaticOSUpgrade`](#parameter-enableautomaticosupgrade) | bool | Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. | +| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | +| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. | +| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | +| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. | +| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`gracePeriod`](#parameter-graceperiod) | string | The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). | +| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxBatchInstancePercent`](#parameter-maxbatchinstancepercent) | int | The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. | +| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| [`maxUnhealthyInstancePercent`](#parameter-maxunhealthyinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | +| [`maxUnhealthyUpgradedInstancePercent`](#parameter-maxunhealthyupgradedinstancepercent) | int | The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. | +| [`overprovision`](#parameter-overprovision) | bool | Specifies whether the Virtual Machine Scale Set should be overprovisioned. | +| [`pauseTimeBetweenBatches`](#parameter-pausetimebetweenbatches) | string | The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. | +| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | +| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. | +| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`scaleInPolicy`](#parameter-scaleinpolicy) | object | Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. | +| [`scaleSetFaultDomain`](#parameter-scalesetfaultdomain) | int | Fault Domain count for each placement group. | +| [`scheduledEventsProfile`](#parameter-scheduledeventsprofile) | object | Specifies Scheduled Event related configurations. | +| [`secrets`](#parameter-secrets) | array | Specifies set of certificates that should be installed onto the virtual machines in the scale set. | +| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. | +| [`singlePlacementGroup`](#parameter-singleplacementgroup) | bool | When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. | +| [`skuCapacity`](#parameter-skucapacity) | int | The initial instance count of scale set VMs. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | +| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | +| [`upgradePolicyMode`](#parameter-upgradepolicymode) | string | Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`vmNamePrefix`](#parameter-vmnameprefix) | string | Specifies the computer name prefix for all of the virtual machines in the scale set. | +| [`vmPriority`](#parameter-vmpriority) | string | Specifies the priority for the virtual machine. | +| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | +| [`zoneBalance`](#parameter-zonebalance) | bool | Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `additionalUnattendContent` + +Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `adminPassword` + +When specifying a Windows Virtual Machine, this value should be passed. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `adminUsername` + +Administrator username. +- Required: Yes +- Type: securestring + +### Parameter: `automaticRepairsPolicyEnabled` + +Specifies whether automatic repairs should be enabled on the virtual machine scale set. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `availabilityZones` + +The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `bootDiagnosticStorageAccountName` + +Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `bootDiagnosticStorageAccountUri` + +Storage account boot diagnostic base URI. +- Required: No +- Type: string +- Default: `[format('.blob.{0}/', environment().suffixes.storage)]` + +### Parameter: `customData` + +Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataDisks` + +Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableAutomaticRollback` + +Whether OS image rollback feature should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disablePasswordAuthentication` + +Specifies whether password authentication should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `doNotRunExtensionsOnOverprovisionedVMs` + +When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticOSUpgrade` + +Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticUpdates` + +Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEvictionPolicy` + +Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `encryptionAtHost` + +This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionAntiMalwareConfig` + +The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAzureDiskEncryptionConfig` + +The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptConfig` + +The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDependencyAgentConfig` + +The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinConfig` + +The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinPassword` + +Required if name is specified. Password of the user specified in user parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `extensionDSCConfig` + +The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionMonitoringAgentConfig` + +The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionNetworkWatcherAgentConfig` + +The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `gracePeriod` + +The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). +- Required: No +- Type: string +- Default: `'PT30M'` + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. +- Required: Yes +- Type: object + +### Parameter: `licenseType` + +Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Windows_Client, Windows_Server]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxBatchInstancePercent` + +The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `maxPriceForLowPriorityVm` + +Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `maxUnhealthyInstancePercent` + +The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `maxUnhealthyUpgradedInstancePercent` + +The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. +- Required: No +- Type: int +- Default: `20` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the VMSS. +- Required: Yes +- Type: string + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `overprovision` + +Specifies whether the Virtual Machine Scale Set should be overprovisioned. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `pauseTimeBetweenBatches` + +The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. +- Required: No +- Type: string +- Default: `'PT0S'` + +### Parameter: `plan` + +Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `provisionVMAgent` + +Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicIpDiagnosticSettingsName` + +The name of the diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `publicKeys` + +The list of SSH public keys used to authenticate with linux based VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sasTokenValidityLength` + +SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `scaleInPolicy` + +Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `scaleSetFaultDomain` + +Fault Domain count for each placement group. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `scheduledEventsProfile` + +Specifies Scheduled Event related configurations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `secrets` + +Specifies set of certificates that should be installed onto the virtual machines in the scale set. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secureBootEnabled` + +Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `securityType` + +Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `singlePlacementGroup` + +When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `skuCapacity` + +The initial instance count of scale set VMs. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The SKU size of the VMs. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ultraSSDEnabled` + +The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `upgradePolicyMode` + +Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. +- Required: No +- Type: string +- Default: `'Manual'` +- Allowed: `[Automatic, Manual, Rolling]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vmNamePrefix` + +Specifies the computer name prefix for all of the virtual machines in the scale set. +- Required: No +- Type: string +- Default: `'vmssvm'` + +### Parameter: `vmPriority` + +Specifies the priority for the virtual machine. +- Required: No +- Type: string +- Default: `'Regular'` +- Allowed: `[Low, Regular, Spot]` + +### Parameter: `vTpmEnabled` + +Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `winRM` + +Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneBalance` + +Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the virtual machine scale set. | +| `resourceGroupName` | string | The resource group of the virtual machine scale set. | +| `resourceId` | string | The resource ID of the virtual machine scale set. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `imageReference` diff --git a/modules/compute/virtual-machine-scale-set/extension/README.md b/modules/compute/virtual-machine-scale-set/extension/README.md index 52412ef886..462a5b3111 100644 --- a/modules/compute/virtual-machine-scale-set/extension/README.md +++ b/modules/compute/virtual-machine-scale-set/extension/README.md @@ -19,35 +19,112 @@ This module deploys a Virtual Machine Scale Set Extension. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | -| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | -| `name` | string | The name of the virtual machine scale set extension. | -| `publisher` | string | The name of the extension handler publisher. | -| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". | -| `typeHandlerVersion` | string | Specifies the version of the script handler. | +| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | +| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | +| [`name`](#parameter-name) | string | The name of the virtual machine scale set extension. | +| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. | +| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | +| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualMachineScaleSetName` | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. | +| [`virtualMachineScaleSetName`](#parameter-virtualmachinescalesetname) | string | The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. | -| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. | -| `settings` | object | `{object}` | Any object that contains the extension specific settings. | -| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. | +| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. | +| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | +| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | + +### Parameter: `autoUpgradeMinorVersion` + +Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. +- Required: Yes +- Type: bool + +### Parameter: `enableAutomaticUpgrade` + +Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. +- Required: Yes +- Type: bool + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forceUpdateTag` + +How the extension handler should be forced to update even if the extension configuration has not changed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the virtual machine scale set extension. +- Required: Yes +- Type: string + +### Parameter: `protectedSettings` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `publisher` + +The name of the extension handler publisher. +- Required: Yes +- Type: string + +### Parameter: `settings` + +Any object that contains the extension specific settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `supressFailures` + +Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. +- Required: Yes +- Type: string + +### Parameter: `virtualMachineScaleSetName` + +The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the extension. | | `resourceGroupName` | string | The name of the Resource Group the extension was created in. | diff --git a/modules/compute/virtual-machine-scale-set/extension/main.json b/modules/compute/virtual-machine-scale-set/extension/main.json index 14783762a8..d63e240501 100644 --- a/modules/compute/virtual-machine-scale-set/extension/main.json +++ b/modules/compute/virtual-machine-scale-set/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3045861199823874082" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", diff --git a/modules/compute/virtual-machine-scale-set/main.json b/modules/compute/virtual-machine-scale-set/main.json index 974fbd8b00..59b04e2594 100644 --- a/modules/compute/virtual-machine-scale-set/main.json +++ b/modules/compute/virtual-machine-scale-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12564504054150617860" + "version": "0.22.6.54827", + "templateHash": "1180320046795963031" }, "name": "Virtual Machine Scale Sets", "description": "This module deploys a Virtual Machine Scale Set.", @@ -842,8 +842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1028,8 +1028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1219,8 +1219,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1400,8 +1400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1581,8 +1581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1766,8 +1766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -1957,8 +1957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2143,8 +2143,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7816202249753353774" + "version": "0.22.6.54827", + "templateHash": "5906561479759498703" }, "name": "Virtual Machine Scale Set Extensions", "description": "This module deploys a Virtual Machine Scale Set Extension.", @@ -2326,8 +2326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18352328702844325130" + "version": "0.22.6.54827", + "templateHash": "2683570948982482973" } }, "parameters": { diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index 0a3195f2ef..a635528a68 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -5,10 +5,10 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -25,132 +25,31 @@ This module deploys a Virtual Machine with one or multiple NICs and optionally o | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | | `Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2023-01-01/vaults/backupFabrics/protectionContainers/protectedItems) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `adminUsername` | securestring | | | Administrator username. | -| `configurationProfile` | string | `''` | `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` | The configuration profile of automanage. | -| `imageReference` | object | | | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | -| `nicConfigurations` | array | | | Configures NICs and PIPs. | -| `osDisk` | object | | | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `osType` | string | | `[Linux, Windows]` | The chosen OS type. | -| `vmSize` | string | | | Specifies the size for the VMs. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalUnattendContent` | array | `[]` | | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | -| `adminPassword` | securestring | `''` | | When specifying a Windows Virtual Machine, this value should be passed. | -| `allowExtensionOperations` | bool | `True` | | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | -| `availabilitySetResourceId` | string | `''` | | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | -| `availabilityZone` | int | `0` | `[0, 1, 2, 3]` | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | -| `backupPolicyName` | string | `'DefaultPolicy'` | | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. | -| `backupVaultName` | string | `''` | | Recovery service vault name to add VMs to backup. | -| `backupVaultResourceGroup` | string | `[resourceGroup().name]` | | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. | -| `bootDiagnostics` | bool | `False` | | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. | -| `bootDiagnosticStorageAccountName` | string | `''` | | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. | -| `bootDiagnosticStorageAccountUri` | string | `[format('.blob.{0}/', environment().suffixes.storage)]` | | Storage account boot diagnostic base URI. | -| `certificatesToBeInstalled` | array | `[]` | | Specifies set of certificates that should be installed onto the virtual machine. | -| `computerName` | string | `[parameters('name')]` | | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. | -| `customData` | string | `''` | | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | -| `dataDisks` | array | `[]` | | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `dedicatedHostId` | string | `''` | | Specifies resource ID about the dedicated host that the virtual machine resides in. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disablePasswordAuthentication` | bool | `False` | | Specifies whether password authentication should be disabled. | -| `enableAutomaticUpdates` | bool | `True` | | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEvictionPolicy` | bool | `False` | | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | -| `encryptionAtHost` | bool | `True` | | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | -| `extensionAadJoinConfig` | object | `{object}` | | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAntiMalwareConfig` | object | `{object}` | | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionAzureDiskEncryptionConfig` | object | `{object}` | | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | -| `extensionCustomScriptConfig` | object | `{object}` | | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionCustomScriptProtectedSetting` | secureObject | `{object}` | | Any object that contains the extension specific protected settings. | -| `extensionDependencyAgentConfig` | object | `{object}` | | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinConfig` | object | `{object}` | | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionDomainJoinPassword` | securestring | `''` | | Required if name is specified. Password of the user specified in user parameter. | -| `extensionDSCConfig` | object | `{object}` | | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionMonitoringAgentConfig` | object | `{object}` | | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `extensionNetworkWatcherAgentConfig` | object | `{object}` | | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | -| `licenseType` | string | `''` | `['', Windows_Client, Windows_Server]` | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxPriceForLowPriorityVm` | string | `''` | | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. | -| `name` | string | `[take(toLower(uniqueString(resourceGroup().name)), 10)]` | | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | -| `nicdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `nicDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the NIC diagnostic setting, if deployed. | -| `patchAssessmentMode` | string | `'ImageDefault'` | `[AutomaticByPlatform, ImageDefault]` | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. | -| `patchMode` | string | `''` | `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]` | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. | -| `pipdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `pipdiagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `pipDiagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the PIP diagnostic setting, if deployed. | -| `plan` | object | `{object}` | | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | -| `priority` | string | `'Regular'` | `[Low, Regular, Spot]` | Specifies the priority for the virtual machine. | -| `provisionVMAgent` | bool | `True` | | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | -| `proximityPlacementGroupResourceId` | string | `''` | | Resource ID of a proximity placement group. | -| `publicKeys` | array | `[]` | | The list of SSH public keys used to authenticate with linux based VMs. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sasTokenValidityLength` | string | `'PT8H'` | | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `secureBootEnabled` | bool | `False` | | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `securityType` | string | `''` | | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `''` | | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | -| `ultraSSDEnabled` | bool | `False` | | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `vTpmEnabled` | bool | `False` | | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | -| `winRM` | object | `{object}` | | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the VM. | -| `resourceGroupName` | string | The name of the resource group the VM was created in. | -| `resourceId` | string | The resource ID of the VM. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/network-interface` | Local reference | -| `network/public-ip-address` | Local reference | -| `recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference | - -## Deployment examples +## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Linux

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`. + +- [Linux](#example-1-linux) +- [Linux.Atmg](#example-2-linuxatmg) +- [Linux.Min](#example-3-linuxmin) +- [Windows](#example-4-windows) +- [Windows.Atmg](#example-5-windowsatmg) +- [Windows.Min](#example-6-windowsmin) +- [Windows.Ssecmk](#example-7-windowsssecmk) + +### Example 1: _Linux_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlincom' params: { // Required parameters @@ -662,14 +561,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 2: Linux.Atmg

+### Example 2: _Linux.Atmg_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg' params: { // Required parameters @@ -845,14 +744,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 3: Linux.Min

+### Example 3: _Linux.Min_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmlinmin' params: { // Required parameters @@ -982,14 +881,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 4: Windows

+### Example 4: _Windows_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwincom' params: { // Required parameters @@ -1539,14 +1438,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 5: Windows.Atmg

+### Example 5: _Windows.Atmg_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwinatmg' params: { // Required parameters @@ -1672,14 +1571,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 6: Windows.Min

+### Example 6: _Windows.Min_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwinmin' params: { // Required parameters @@ -1789,14 +1688,14 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

-

Example 7: Windows.Ssecmk

+### Example 7: _Windows.Ssecmk_
via Bicep module ```bicep -module virtualMachine './compute/virtual-machine/main.bicep' = { +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cvmwincmk' params: { // Required parameters @@ -1949,6 +1848,633 @@ module virtualMachine './compute/virtual-machine/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`adminUsername`](#parameter-adminusername) | securestring | Administrator username. | +| [`configurationProfile`](#parameter-configurationprofile) | string | The configuration profile of automanage. | +| [`imageReference`](#parameter-imagereference) | object | OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. | +| [`nicConfigurations`](#parameter-nicconfigurations) | array | Configures NICs and PIPs. | +| [`osDisk`](#parameter-osdisk) | object | Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`osType`](#parameter-ostype) | string | The chosen OS type. | +| [`vmSize`](#parameter-vmsize) | string | Specifies the size for the VMs. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalUnattendContent`](#parameter-additionalunattendcontent) | array | Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. | +| [`adminPassword`](#parameter-adminpassword) | securestring | When specifying a Windows Virtual Machine, this value should be passed. | +| [`allowExtensionOperations`](#parameter-allowextensionoperations) | bool | Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. | +| [`availabilitySetResourceId`](#parameter-availabilitysetresourceid) | string | Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. | +| [`availabilityZone`](#parameter-availabilityzone) | int | If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. | +| [`backupPolicyName`](#parameter-backuppolicyname) | string | Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. | +| [`backupVaultName`](#parameter-backupvaultname) | string | Recovery service vault name to add VMs to backup. | +| [`backupVaultResourceGroup`](#parameter-backupvaultresourcegroup) | string | Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. | +| [`bootDiagnostics`](#parameter-bootdiagnostics) | bool | Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. | +| [`bootDiagnosticStorageAccountName`](#parameter-bootdiagnosticstorageaccountname) | string | Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. | +| [`bootDiagnosticStorageAccountUri`](#parameter-bootdiagnosticstorageaccounturi) | string | Storage account boot diagnostic base URI. | +| [`certificatesToBeInstalled`](#parameter-certificatestobeinstalled) | array | Specifies set of certificates that should be installed onto the virtual machine. | +| [`computerName`](#parameter-computername) | string | Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. | +| [`customData`](#parameter-customdata) | string | Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. | +| [`dataDisks`](#parameter-datadisks) | array | Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`dedicatedHostId`](#parameter-dedicatedhostid) | string | Specifies resource ID about the dedicated host that the virtual machine resides in. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disablePasswordAuthentication`](#parameter-disablepasswordauthentication) | bool | Specifies whether password authentication should be disabled. | +| [`enableAutomaticUpdates`](#parameter-enableautomaticupdates) | bool | Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEvictionPolicy`](#parameter-enableevictionpolicy) | bool | Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. | +| [`encryptionAtHost`](#parameter-encryptionathost) | bool | This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. | +| [`extensionAadJoinConfig`](#parameter-extensionaadjoinconfig) | object | The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAntiMalwareConfig`](#parameter-extensionantimalwareconfig) | object | The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionAzureDiskEncryptionConfig`](#parameter-extensionazurediskencryptionconfig) | object | The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. | +| [`extensionCustomScriptConfig`](#parameter-extensioncustomscriptconfig) | object | The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionCustomScriptProtectedSetting`](#parameter-extensioncustomscriptprotectedsetting) | secureObject | Any object that contains the extension specific protected settings. | +| [`extensionDependencyAgentConfig`](#parameter-extensiondependencyagentconfig) | object | The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinConfig`](#parameter-extensiondomainjoinconfig) | object | The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionDomainJoinPassword`](#parameter-extensiondomainjoinpassword) | securestring | Required if name is specified. Password of the user specified in user parameter. | +| [`extensionDSCConfig`](#parameter-extensiondscconfig) | object | The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionMonitoringAgentConfig`](#parameter-extensionmonitoringagentconfig) | object | The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`extensionNetworkWatcherAgentConfig`](#parameter-extensionnetworkwatcheragentconfig) | object | The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. | +| [`licenseType`](#parameter-licensetype) | string | Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxPriceForLowPriorityVm`](#parameter-maxpriceforlowpriorityvm) | string | Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. | +| [`name`](#parameter-name) | string | The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. | +| [`nicdiagnosticMetricsToEnable`](#parameter-nicdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`nicDiagnosticSettingsName`](#parameter-nicdiagnosticsettingsname) | string | The name of the NIC diagnostic setting, if deployed. | +| [`patchAssessmentMode`](#parameter-patchassessmentmode) | string | VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. | +| [`patchMode`](#parameter-patchmode) | string | VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. | +| [`pipdiagnosticLogCategoriesToEnable`](#parameter-pipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`pipdiagnosticMetricsToEnable`](#parameter-pipdiagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`pipDiagnosticSettingsName`](#parameter-pipdiagnosticsettingsname) | string | The name of the PIP diagnostic setting, if deployed. | +| [`plan`](#parameter-plan) | object | Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. | +| [`priority`](#parameter-priority) | string | Specifies the priority for the virtual machine. | +| [`provisionVMAgent`](#parameter-provisionvmagent) | bool | Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | Resource ID of a proximity placement group. | +| [`publicKeys`](#parameter-publickeys) | array | The list of SSH public keys used to authenticate with linux based VMs. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`secureBootEnabled`](#parameter-securebootenabled) | bool | Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`securityType`](#parameter-securitytype) | string | Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. | +| [`ultraSSDEnabled`](#parameter-ultrassdenabled) | bool | The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`vTpmEnabled`](#parameter-vtpmenabled) | bool | Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. | +| [`winRM`](#parameter-winrm) | object | Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `additionalUnattendContent` + +Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `adminPassword` + +When specifying a Windows Virtual Machine, this value should be passed. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `adminUsername` + +Administrator username. +- Required: Yes +- Type: securestring + +### Parameter: `allowExtensionOperations` + +Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `availabilitySetResourceId` + +Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `availabilityZone` + +If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. +- Required: No +- Type: int +- Default: `0` +- Allowed: `[0, 1, 2, 3]` + +### Parameter: `backupPolicyName` + +Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. +- Required: No +- Type: string +- Default: `'DefaultPolicy'` + +### Parameter: `backupVaultName` + +Recovery service vault name to add VMs to backup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `backupVaultResourceGroup` + +Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `bootDiagnostics` + +Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `bootDiagnosticStorageAccountName` + +Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `bootDiagnosticStorageAccountUri` + +Storage account boot diagnostic base URI. +- Required: No +- Type: string +- Default: `[format('.blob.{0}/', environment().suffixes.storage)]` + +### Parameter: `certificatesToBeInstalled` + +Specifies set of certificates that should be installed onto the virtual machine. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `computerName` + +Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `configurationProfile` + +The configuration profile of automanage. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest, /providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction]` + +### Parameter: `customData` + +Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataDisks` + +Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dedicatedHostId` + +Specifies resource ID about the dedicated host that the virtual machine resides in. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disablePasswordAuthentication` + +Specifies whether password authentication should be disabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableAutomaticUpdates` + +Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEvictionPolicy` + +Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `encryptionAtHost` + +This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionAadJoinConfig` + +The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAntiMalwareConfig` + +The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionAzureDiskEncryptionConfig` + +The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptConfig` + +The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionCustomScriptProtectedSetting` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `extensionDependencyAgentConfig` + +The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinConfig` + +The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionDomainJoinPassword` + +Required if name is specified. Password of the user specified in user parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `extensionDSCConfig` + +The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionMonitoringAgentConfig` + +The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `extensionNetworkWatcherAgentConfig` + +The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. +- Required: Yes +- Type: object + +### Parameter: `licenseType` + +Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Windows_Client, Windows_Server]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxPriceForLowPriorityVm` + +Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. +- Required: No +- Type: string +- Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]` + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. +- Required: Yes +- Type: array + +### Parameter: `nicdiagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `nicDiagnosticSettingsName` + +The name of the NIC diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `patchAssessmentMode` + +VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. +- Required: No +- Type: string +- Default: `'ImageDefault'` +- Allowed: `[AutomaticByPlatform, ImageDefault]` + +### Parameter: `patchMode` + +VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AutomaticByOS, AutomaticByPlatform, ImageDefault, Manual]` + +### Parameter: `pipdiagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` + +### Parameter: `pipdiagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `pipDiagnosticSettingsName` + +The name of the PIP diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `plan` + +Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `priority` + +Specifies the priority for the virtual machine. +- Required: No +- Type: string +- Default: `'Regular'` +- Allowed: `[Low, Regular, Spot]` + +### Parameter: `provisionVMAgent` + +Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `proximityPlacementGroupResourceId` + +Resource ID of a proximity placement group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicKeys` + +The list of SSH public keys used to authenticate with linux based VMs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sasTokenValidityLength` + +SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `secureBootEnabled` + +Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `securityType` + +Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ultraSSDEnabled` + +The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vmSize` + +Specifies the size for the VMs. +- Required: Yes +- Type: string + +### Parameter: `vTpmEnabled` + +Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `winRM` + +Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the VM. | +| `resourceGroupName` | string | The name of the resource group the VM was created in. | +| `resourceId` | string | The resource ID of the VM. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/network-interface` | Local reference | +| `modules/network/public-ip-address` | Local reference | +| `modules/recovery-services/vault/backup-fabric/protection-container/protected-item` | Local reference | + ## Notes ### Automanage considerations diff --git a/modules/compute/virtual-machine/extension/README.md b/modules/compute/virtual-machine/extension/README.md index 7823c9766b..761c7b4d27 100644 --- a/modules/compute/virtual-machine/extension/README.md +++ b/modules/compute/virtual-machine/extension/README.md @@ -19,37 +19,128 @@ This module deploys a Virtual Machine Extension. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `autoUpgradeMinorVersion` | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | -| `enableAutomaticUpgrade` | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | -| `name` | string | The name of the virtual machine extension. | -| `publisher` | string | The name of the extension handler publisher. | -| `type` | string | Specifies the type of the extension; an example is "CustomScriptExtension". | -| `typeHandlerVersion` | string | Specifies the version of the script handler. | +| [`autoUpgradeMinorVersion`](#parameter-autoupgrademinorversion) | bool | Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. | +| [`enableAutomaticUpgrade`](#parameter-enableautomaticupgrade) | bool | Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. | +| [`name`](#parameter-name) | string | The name of the virtual machine extension. | +| [`publisher`](#parameter-publisher) | string | The name of the extension handler publisher. | +| [`type`](#parameter-type) | string | Specifies the type of the extension; an example is "CustomScriptExtension". | +| [`typeHandlerVersion`](#parameter-typehandlerversion) | string | Specifies the version of the script handler. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `virtualMachineName` | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. | +| [`virtualMachineName`](#parameter-virtualmachinename) | string | The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `forceUpdateTag` | string | `''` | How the extension handler should be forced to update even if the extension configuration has not changed. | -| `location` | string | `[resourceGroup().location]` | The location the extension is deployed to. | -| `protectedSettings` | secureObject | `{object}` | Any object that contains the extension specific protected settings. | -| `settings` | object | `{object}` | Any object that contains the extension specific settings. | -| `supressFailures` | bool | `False` | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`forceUpdateTag`](#parameter-forceupdatetag) | string | How the extension handler should be forced to update even if the extension configuration has not changed. | +| [`location`](#parameter-location) | string | The location the extension is deployed to. | +| [`protectedSettings`](#parameter-protectedsettings) | secureObject | Any object that contains the extension specific protected settings. | +| [`settings`](#parameter-settings) | object | Any object that contains the extension specific settings. | +| [`supressFailures`](#parameter-supressfailures) | bool | Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `autoUpgradeMinorVersion` + +Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. +- Required: Yes +- Type: bool + +### Parameter: `enableAutomaticUpgrade` + +Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. +- Required: Yes +- Type: bool + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `forceUpdateTag` + +How the extension handler should be forced to update even if the extension configuration has not changed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +The location the extension is deployed to. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the virtual machine extension. +- Required: Yes +- Type: string + +### Parameter: `protectedSettings` + +Any object that contains the extension specific protected settings. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `publisher` + +The name of the extension handler publisher. +- Required: Yes +- Type: string + +### Parameter: `settings` + +Any object that contains the extension specific settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `supressFailures` + +Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. +- Required: Yes +- Type: string + +### Parameter: `virtualMachineName` + +The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the extension. | diff --git a/modules/compute/virtual-machine/extension/main.json b/modules/compute/virtual-machine/extension/main.json index 9dc0e8298a..782a6fa1ff 100644 --- a/modules/compute/virtual-machine/extension/main.json +++ b/modules/compute/virtual-machine/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", diff --git a/modules/compute/virtual-machine/main.json b/modules/compute/virtual-machine/main.json index 6ba690ab4f..202cf5e053 100644 --- a/modules/compute/virtual-machine/main.json +++ b/modules/compute/virtual-machine/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8956159626460319190" + "version": "0.22.6.54827", + "templateHash": "16514436583417262148" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs.", @@ -844,8 +844,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17678163563393779135" + "version": "0.22.6.54827", + "templateHash": "8548313386789098939" } }, "parameters": { @@ -999,8 +999,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -1333,8 +1333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -1585,8 +1585,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5974456600868040376" + "version": "0.22.6.54827", + "templateHash": "14479255820598719580" }, "name": "Network Interface", "description": "This module deploys a Network Interface.", @@ -1888,8 +1888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10645923556503351364" + "version": "0.22.6.54827", + "templateHash": "11518733977101662334" } }, "parameters": { @@ -2105,8 +2105,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2320,8 +2320,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2530,8 +2530,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2745,8 +2745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -2950,8 +2950,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3155,8 +3155,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3364,8 +3364,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3581,8 +3581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -3791,8 +3791,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3227525972274814852" + "version": "0.22.6.54827", + "templateHash": "16166330808348655128" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension.", @@ -4003,8 +4003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10079924922844886000" + "version": "0.22.6.54827", + "templateHash": "7148492251760573310" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item.", @@ -4172,8 +4172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11877341194593849245" + "version": "0.22.6.54827", + "templateHash": "16523538632311306099" } }, "parameters": { diff --git a/modules/consumption/budget/.test/common/main.test.bicep b/modules/consumption/budget/.test/common/main.test.bicep index 0b3044a0e3..7668018aae 100644 --- a/modules/consumption/budget/.test/common/main.test.bicep +++ b/modules/consumption/budget/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/consumption/budget/.test/min/main.test.bicep b/modules/consumption/budget/.test/min/main.test.bicep index cd1da3812e..a76b439216 100644 --- a/modules/consumption/budget/.test/min/main.test.bicep +++ b/modules/consumption/budget/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/consumption/budget/README.md b/modules/consumption/budget/README.md index 191cc3a890..59a1e90b16 100644 --- a/modules/consumption/budget/README.md +++ b/modules/consumption/budget/README.md @@ -4,75 +4,41 @@ This module deploys a Consumption Budget for Subscriptions. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Consumption/budgets` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Consumption/2021-10-01/budgets) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `amount` | int | The total amount of cost or usage to track with the budget. | -| `name` | string | The name of the budget. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `actionGroups` | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. | -| `contactEmails` | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. | -| `contactRoles` | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `category` | string | `'Cost'` | `[Cost, Usage]` | The category of the budget, whether the budget tracks cost or usage. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endDate` | string | `''` | | The end date for the budget. If not provided, it will default to 10 years from the start date. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `resetPeriod` | string | `'Monthly'` | `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]` | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. | -| `startDate` | string | `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` | | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). | -| `thresholds` | array | `[50, 75, 90, 100, 110]` | | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the budget. | -| `resourceId` | string | The resource ID of the budget. | -| `subscriptionName` | string | The subscription the budget was deployed into. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/consumption.budget:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module budget './consumption/budget/main.bicep' = { +module budget 'br:bicep/modules/consumption.budget:1.0.0' = { name: '${uniqueString(deployment().name)}-test-cbcom' params: { // Required parameters @@ -138,14 +104,17 @@ module budget './consumption/budget/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module budget './consumption/budget/main.bicep' = { +module budget 'br:bicep/modules/consumption.budget:1.0.0' = { name: '${uniqueString(deployment().name)}-test-cbmin' params: { // Required parameters @@ -194,3 +163,130 @@ module budget './consumption/budget/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`amount`](#parameter-amount) | int | The total amount of cost or usage to track with the budget. | +| [`name`](#parameter-name) | string | The name of the budget. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actionGroups`](#parameter-actiongroups) | array | List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. | +| [`contactEmails`](#parameter-contactemails) | array | The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. | +| [`contactRoles`](#parameter-contactroles) | array | The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-category) | string | The category of the budget, whether the budget tracks cost or usage. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endDate`](#parameter-enddate) | string | The end date for the budget. If not provided, it will default to 10 years from the start date. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`resetPeriod`](#parameter-resetperiod) | string | The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. | +| [`startDate`](#parameter-startdate) | string | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). | +| [`thresholds`](#parameter-thresholds) | array | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. | + +### Parameter: `actionGroups` + +List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `amount` + +The total amount of cost or usage to track with the budget. +- Required: Yes +- Type: int + +### Parameter: `category` + +The category of the budget, whether the budget tracks cost or usage. +- Required: No +- Type: string +- Default: `'Cost'` +- Allowed: `[Cost, Usage]` + +### Parameter: `contactEmails` + +The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `contactRoles` + +The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endDate` + +The end date for the budget. If not provided, it will default to 10 years from the start date. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +The name of the budget. +- Required: Yes +- Type: string + +### Parameter: `resetPeriod` + +The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. +- Required: No +- Type: string +- Default: `'Monthly'` +- Allowed: `[Annually, BillingAnnual, BillingMonth, BillingQuarter, Monthly, Quarterly]` + +### Parameter: `startDate` + +The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). +- Required: No +- Type: string +- Default: `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` + +### Parameter: `thresholds` + +Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. +- Required: No +- Type: array +- Default: `[50, 75, 90, 100, 110]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the budget. | +| `resourceId` | string | The resource ID of the budget. | +| `subscriptionName` | string | The subscription the budget was deployed into. | + +## Cross-referenced modules + +_None_ diff --git a/modules/consumption/budget/main.json b/modules/consumption/budget/main.json index 5b676a256c..a65a1bbfe8 100644 --- a/modules/consumption/budget/main.json +++ b/modules/consumption/budget/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14854724529401221825" + "version": "0.22.6.54827", + "templateHash": "2760526032764483110" }, "name": "Consumption Budgets", "description": "This module deploys a Consumption Budget for Subscriptions.", diff --git a/modules/container-instance/container-group/.test/common/main.test.bicep b/modules/container-instance/container-group/.test/common/main.test.bicep index d514033d8f..76374c71e0 100644 --- a/modules/container-instance/container-group/.test/common/main.test.bicep +++ b/modules/container-instance/container-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-instance/container-group/.test/min/main.test.bicep b/modules/container-instance/container-group/.test/min/main.test.bicep index 6136c721aa..240ce76d42 100644 --- a/modules/container-instance/container-group/.test/min/main.test.bicep +++ b/modules/container-instance/container-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md index 9e02a54f3c..f482faa1ad 100644 --- a/modules/container-instance/container-group/README.md +++ b/modules/container-instance/container-group/README.md @@ -4,93 +4,45 @@ This module deploys a Container Instance Container Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.ContainerInstance/containerGroups` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ContainerInstance/2022-09-01/containerGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `containers` | array | The containers and their respective config within the container group. | -| `name` | string | Name for the container group. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | -| `ipAddressPorts` | array | `[]` | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` | Specify level of protection of the domain name label. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `dnsNameLabel` | string | `''` | | The Dns name label for the resource. | -| `dnsNameServers` | array | `[]` | | List of dns servers used by the containers for lookups. | -| `dnsSearchDomains` | string | `''` | | DNS search domain which will be appended to each DNS lookup. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `imageRegistryCredentials` | array | `[]` | | The image registry credentials by which the container group is created from. | -| `initContainers` | array | `[]` | | A list of container definitions which will be executed before the application container starts. | -| `ipAddressType` | string | `'Public'` | `[Private, Public]` | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `osType` | string | `'Linux'` | | The operating system type required by the containers in the container group. - Windows or Linux. | -| `restartPolicy` | string | `'Always'` | `[Always, Never, OnFailure]` | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | -| `sku` | string | `'Standard'` | `[Dedicated, Standard]` | The container group SKU. | -| `subnetId` | string | `''` | | Resource ID of the subnet. Only specify when ipAddressType is Private. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `volumes` | array | `[]` | | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `iPv4Address` | string | The IPv4 address of the container group. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the container group. | -| `resourceGroupName` | string | The resource group the container group was deployed into. | -| `resourceId` | string | The resource ID of the container group. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-instance.container-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Private](#example-4-private) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgcom' params: { // Required parameters @@ -272,14 +224,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgenc' params: { // Required parameters @@ -473,14 +425,17 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgmin' params: { // Required parameters @@ -574,14 +529,14 @@ module containerGroup './container-instance/container-group/main.bicep' = {

-

Example 4: Private

+### Example 4: _Private_
via Bicep module ```bicep -module containerGroup './container-instance/container-group/main.bicep' = { +module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cicgprivate' params: { // Required parameters @@ -806,6 +761,242 @@ module containerGroup './container-instance/container-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | The containers and their respective config within the container group. | +| [`name`](#parameter-name) | string | Name for the container group. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | +| [`ipAddressPorts`](#parameter-ipaddressports) | array | Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Specify level of protection of the domain name label. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`dnsNameLabel`](#parameter-dnsnamelabel) | string | The Dns name label for the resource. | +| [`dnsNameServers`](#parameter-dnsnameservers) | array | List of dns servers used by the containers for lookups. | +| [`dnsSearchDomains`](#parameter-dnssearchdomains) | string | DNS search domain which will be appended to each DNS lookup. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`imageRegistryCredentials`](#parameter-imageregistrycredentials) | array | The image registry credentials by which the container group is created from. | +| [`initContainers`](#parameter-initcontainers) | array | A list of container definitions which will be executed before the application container starts. | +| [`ipAddressType`](#parameter-ipaddresstype) | string | Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`osType`](#parameter-ostype) | string | The operating system type required by the containers in the container group. - Windows or Linux. | +| [`restartPolicy`](#parameter-restartpolicy) | string | Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. | +| [`sku`](#parameter-sku) | string | The container group SKU. | +| [`subnetId`](#parameter-subnetid) | string | Resource ID of the subnet. Only specify when ipAddressType is Private. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`volumes`](#parameter-volumes) | array | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | + +### Parameter: `autoGeneratedDomainNameLabelScope` + +Specify level of protection of the domain name label. +- Required: No +- Type: string +- Default: `'TenantReuse'` +- Allowed: `[Noreuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse, Unsecure]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `containers` + +The containers and their respective config within the container group. +- Required: Yes +- Type: array + +### Parameter: `dnsNameLabel` + +The Dns name label for the resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsNameServers` + +List of dns servers used by the containers for lookups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsSearchDomains` + +DNS search domain which will be appended to each DNS lookup. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `imageRegistryCredentials` + +The image registry credentials by which the container group is created from. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `initContainers` + +A list of container definitions which will be executed before the application container starts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipAddressPorts` + +Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipAddressType` + +Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. +- Required: No +- Type: string +- Default: `'Public'` +- Allowed: `[Private, Public]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name for the container group. +- Required: Yes +- Type: string + +### Parameter: `osType` + +The operating system type required by the containers in the container group. - Windows or Linux. +- Required: No +- Type: string +- Default: `'Linux'` + +### Parameter: `restartPolicy` + +Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. +- Required: No +- Type: string +- Default: `'Always'` +- Allowed: `[Always, Never, OnFailure]` + +### Parameter: `sku` + +The container group SKU. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Dedicated, Standard]` + +### Parameter: `subnetId` + +Resource ID of the subnet. Only specify when ipAddressType is Private. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `iPv4Address` | string | The IPv4 address of the container group. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the container group. | +| `resourceGroupName` | string | The resource group the container group was deployed into. | +| `resourceId` | string | The resource ID of the container group. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `imageRegistryCredentials` diff --git a/modules/container-instance/container-group/main.json b/modules/container-instance/container-group/main.json index cf3d24c34f..de3ed088b2 100644 --- a/modules/container-instance/container-group/main.json +++ b/modules/container-instance/container-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1590771633757024092" + "version": "0.22.6.54827", + "templateHash": "3196122826827836156" }, "name": "Container Instances Container Groups", "description": "This module deploys a Container Instance Container Group.", diff --git a/modules/container-registry/registry/.test/common/main.test.bicep b/modules/container-registry/registry/.test/common/main.test.bicep index 46df910a1b..1cba142a21 100644 --- a/modules/container-registry/registry/.test/common/main.test.bicep +++ b/modules/container-registry/registry/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-registry/registry/.test/min/main.test.bicep b/modules/container-registry/registry/.test/min/main.test.bicep index b861c01634..0db5d24fdd 100644 --- a/modules/container-registry/registry/.test/min/main.test.bicep +++ b/modules/container-registry/registry/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md index 0a5487152b..a9d87096e0 100644 --- a/modules/container-registry/registry/README.md +++ b/modules/container-registry/registry/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Container Registry (ACR). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -24,98 +24,31 @@ This module deploys an Azure Container Registry (ACR). | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of your Azure container registry. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | -| `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | -| `anonymousPullEnabled` | bool | `False` | | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. | -| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | -| `cacheRules` | _[cacheRules](cache-rules/README.md)_ array | `[]` | | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `dataEndpointEnabled` | bool | `False` | | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exportPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the export policy is enabled or not. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkRuleBypassOptions` | string | `'AzureServices'` | `[AzureServices, None]` | Whether to allow trusted Azure services to access a network restricted registry. | -| `networkRuleSetDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The default action of allow or deny when no other rules match. | -| `networkRuleSetIpRules` | array | `[]` | | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. | -| `quarantinePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the quarantine policy is enabled or not. | -| `replications` | array | `[]` | | All replications to create. | -| `retentionPolicyDays` | int | `15` | | The number of days to retain an untagged manifest after which it gets purged. | -| `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | -| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. Default is disabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webhooks` | array | `[]` | | All webhooks to create. | -| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `loginServer` | string | The reference to the Azure container registry. | -| `name` | string | The Name of the Azure container registry. | -| `resourceGroupName` | string | The name of the Azure container registry. | -| `resourceId` | string | The resource ID of the Azure container registry. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-registry.registry:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrcom' params: { // Required parameters @@ -347,14 +280,14 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrencr' params: { // Required parameters @@ -432,14 +365,17 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrmin' params: { // Required parameters @@ -477,14 +413,14 @@ module registry './container-registry/registry/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module registry './container-registry/registry/main.bicep' = { +module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crrpe' params: { // Required parameters @@ -571,3 +507,374 @@ module registry './container-registry/registry/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of your Azure container registry. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`acrAdminUserEnabled`](#parameter-acradminuserenabled) | bool | Enable admin user that have push / pull permission to the registry. | +| [`acrSku`](#parameter-acrsku) | string | Tier of your Azure container registry. | +| [`anonymousPullEnabled`](#parameter-anonymouspullenabled) | bool | Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. | +| [`azureADAuthenticationAsArmPolicyStatus`](#parameter-azureadauthenticationasarmpolicystatus) | string | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | +| [`cacheRules`](#parameter-cacherules) | array | Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`dataEndpointEnabled`](#parameter-dataendpointenabled) | bool | Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exportPolicyStatus`](#parameter-exportpolicystatus) | string | The value that indicates whether the export policy is enabled or not. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkRuleBypassOptions`](#parameter-networkrulebypassoptions) | string | Whether to allow trusted Azure services to access a network restricted registry. | +| [`networkRuleSetDefaultAction`](#parameter-networkrulesetdefaultaction) | string | The default action of allow or deny when no other rules match. | +| [`networkRuleSetIpRules`](#parameter-networkrulesetiprules) | array | The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. | +| [`quarantinePolicyStatus`](#parameter-quarantinepolicystatus) | string | The value that indicates whether the quarantine policy is enabled or not. | +| [`replications`](#parameter-replications) | array | All replications to create. | +| [`retentionPolicyDays`](#parameter-retentionpolicydays) | int | The number of days to retain an untagged manifest after which it gets purged. | +| [`retentionPolicyStatus`](#parameter-retentionpolicystatus) | string | The value that indicates whether the retention policy is enabled or not. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`softDeletePolicyDays`](#parameter-softdeletepolicydays) | int | The number of days after which a soft-deleted item is permanently deleted. | +| [`softDeletePolicyStatus`](#parameter-softdeletepolicystatus) | string | Soft Delete policy status. Default is disabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trustPolicyStatus`](#parameter-trustpolicystatus) | string | The value that indicates whether the trust policy is enabled or not. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webhooks`](#parameter-webhooks) | array | All webhooks to create. | +| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | + +### Parameter: `acrAdminUserEnabled` + +Enable admin user that have push / pull permission to the registry. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `acrSku` + +Tier of your Azure container registry. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `anonymousPullEnabled` + +Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `azureADAuthenticationAsArmPolicyStatus` + +The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `cacheRules` + +Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Note, CMK requires the 'acrSku' to be 'Premium'. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataEndpointEnabled` + +Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ContainerRegistryLoginEvents, ContainerRegistryRepositoryEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportPolicyStatus` + +The value that indicates whether the export policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of your Azure container registry. +- Required: Yes +- Type: string + +### Parameter: `networkRuleBypassOptions` + +Whether to allow trusted Azure services to access a network restricted registry. +- Required: No +- Type: string +- Default: `'AzureServices'` +- Allowed: `[AzureServices, None]` + +### Parameter: `networkRuleSetDefaultAction` + +The default action of allow or deny when no other rules match. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `networkRuleSetIpRules` + +The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `quarantinePolicyStatus` + +The value that indicates whether the quarantine policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `replications` + +All replications to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `retentionPolicyDays` + +The number of days to retain an untagged manifest after which it gets purged. +- Required: No +- Type: int +- Default: `15` + +### Parameter: `retentionPolicyStatus` + +The value that indicates whether the retention policy is enabled or not. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `softDeletePolicyDays` + +The number of days after which a soft-deleted item is permanently deleted. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `softDeletePolicyStatus` + +Soft Delete policy status. Default is disabled. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trustPolicyStatus` + +The value that indicates whether the trust policy is enabled or not. +- Required: No +- Type: string +- Default: `'disabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webhooks` + +All webhooks to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundancy` + +Whether or not zone redundancy is enabled for this container registry. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `loginServer` | string | The reference to the Azure container registry. | +| `name` | string | The Name of the Azure container registry. | +| `resourceGroupName` | string | The name of the Azure container registry. | +| `resourceId` | string | The resource ID of the Azure container registry. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/container-registry/registry/cache-rules/README.md b/modules/container-registry/registry/cache-rules/README.md index 80f65eb47b..75303e848b 100644 --- a/modules/container-registry/registry/cache-rules/README.md +++ b/modules/container-registry/registry/cache-rules/README.md @@ -19,24 +19,64 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | -| `sourceRepository` | string | Source repository pulled from upstream. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`sourceRepository`](#parameter-sourcerepository) | string | Source repository pulled from upstream. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `credentialSetResourceId` | string | `''` | The resource ID of the credential store which is associated with the cache rule. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` | The name of the cache rule. Will be dereived from the source repository name if not defined. | -| `targetRepository` | string | `[parameters('sourceRepository')]` | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentialSetResourceId`](#parameter-credentialsetresourceid) | string | The resource ID of the credential store which is associated with the cache rule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the cache rule. Will be dereived from the source repository name if not defined. | +| [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | + +### Parameter: `credentialSetResourceId` + +The resource ID of the credential store which is associated with the cache rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the cache rule. Will be dereived from the source repository name if not defined. +- Required: No +- Type: string +- Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `sourceRepository` + +Source repository pulled from upstream. +- Required: Yes +- Type: string + +### Parameter: `targetRepository` + +Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. +- Required: No +- Type: string +- Default: `[parameters('sourceRepository')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the Cache Rule. | | `resourceGroupName` | string | The name of the Cache Rule. | diff --git a/modules/container-registry/registry/cache-rules/main.json b/modules/container-registry/registry/cache-rules/main.json index 83a945758f..05e6d97ffd 100644 --- a/modules/container-registry/registry/cache-rules/main.json +++ b/modules/container-registry/registry/cache-rules/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8306764349327428733" + "version": "0.22.6.54827", + "templateHash": "6694265508496204217" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", diff --git a/modules/container-registry/registry/main.json b/modules/container-registry/registry/main.json index 6ffdf39a75..eb1edb3019 100644 --- a/modules/container-registry/registry/main.json +++ b/modules/container-registry/registry/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14469522788734895645" + "version": "0.22.6.54827", + "templateHash": "810724730181048401" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR).", @@ -505,8 +505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9951681110843116683" + "version": "0.22.6.54827", + "templateHash": "3105247041693395359" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", @@ -661,8 +661,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14358887700222348175" + "version": "0.22.6.54827", + "templateHash": "6694265508496204217" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)).", @@ -804,8 +804,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10631233428813928982" + "version": "0.22.6.54827", + "templateHash": "6585565654056170037" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", @@ -1014,8 +1014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10926055476825540288" + "version": "0.22.6.54827", + "templateHash": "16788652740395923269" } }, "parameters": { @@ -1180,8 +1180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1380,8 +1380,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1518,8 +1518,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/container-registry/registry/replication/README.md b/modules/container-registry/registry/replication/README.md index 1c164a9f05..186c4b5e69 100644 --- a/modules/container-registry/registry/replication/README.md +++ b/modules/container-registry/registry/replication/README.md @@ -19,30 +19,78 @@ This module deploys an Azure Container Registry (ACR) Replication. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the replication. | +| [`name`](#parameter-name) | string | The name of the replication. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `regionEndpointEnabled` | bool | `True` | | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`regionEndpointEnabled`](#parameter-regionendpointenabled) | bool | Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the replication. +- Required: Yes +- Type: string + +### Parameter: `regionEndpointEnabled` + +Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundancy` + +Whether or not zone redundancy is enabled for this container registry. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the replication. | diff --git a/modules/container-registry/registry/replication/main.json b/modules/container-registry/registry/replication/main.json index f520fb4066..4e38206ba4 100644 --- a/modules/container-registry/registry/replication/main.json +++ b/modules/container-registry/registry/replication/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "842274698238951310" + "version": "0.22.6.54827", + "templateHash": "3105247041693395359" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication.", diff --git a/modules/container-registry/registry/webhook/README.md b/modules/container-registry/registry/webhook/README.md index 34a74af6cc..a44a03ca55 100644 --- a/modules/container-registry/registry/webhook/README.md +++ b/modules/container-registry/registry/webhook/README.md @@ -19,33 +19,102 @@ This module deploys an Azure Container Registry (ACR) Webhook. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `serviceUri` | string | The service URI for the webhook to post notifications. | +| [`serviceUri`](#parameter-serviceuri) | string | The service URI for the webhook to post notifications. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `registryName` | string | The name of the parent registry. Required if the template is used in a standalone deployment. | +| [`registryName`](#parameter-registryname) | string | The name of the parent registry. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `action` | array | `[chart_delete, chart_push, delete, push, quarantine]` | | The list of actions that trigger the webhook to post notifications. | -| `customHeaders` | object | `{object}` | | Custom headers that will be added to the webhook notifications. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `name` | string | `[format('{0}webhook', parameters('registryName'))]` | | The name of the registry webhook. | -| `scope` | string | `''` | | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. | -| `status` | string | `'enabled'` | `[disabled, enabled]` | The status of the webhook at the time the operation was called. | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`action`](#parameter-action) | array | The list of actions that trigger the webhook to post notifications. | +| [`customHeaders`](#parameter-customheaders) | object | Custom headers that will be added to the webhook notifications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`name`](#parameter-name) | string | The name of the registry webhook. | +| [`scope`](#parameter-scope) | string | The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. | +| [`status`](#parameter-status) | string | The status of the webhook at the time the operation was called. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `action` + +The list of actions that trigger the webhook to post notifications. +- Required: No +- Type: array +- Default: `[chart_delete, chart_push, delete, push, quarantine]` + +### Parameter: `customHeaders` + +Custom headers that will be added to the webhook notifications. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the registry webhook. +- Required: No +- Type: string +- Default: `[format('{0}webhook', parameters('registryName'))]` + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `scope` + +The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceUri` + +The service URI for the webhook to post notifications. +- Required: Yes +- Type: string + +### Parameter: `status` + +The status of the webhook at the time the operation was called. +- Required: No +- Type: string +- Default: `'enabled'` +- Allowed: `[disabled, enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `actions` | array | The actions of the webhook. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/container-registry/registry/webhook/main.json b/modules/container-registry/registry/webhook/main.json index 025bf2a393..13ceaa13ed 100644 --- a/modules/container-registry/registry/webhook/main.json +++ b/modules/container-registry/registry/webhook/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1820627526704627956" + "version": "0.22.6.54827", + "templateHash": "6585565654056170037" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook.", diff --git a/modules/container-service/managed-cluster/.test/min/main.test.bicep b/modules/container-service/managed-cluster/.test/min/main.test.bicep index b63007e8a7..477264b2e2 100644 --- a/modules/container-service/managed-cluster/.test/min/main.test.bicep +++ b/modules/container-service/managed-cluster/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index fb3247fc75..7fb97bc130 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,164 +23,28 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster. | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the AKS cluster. | -| `primaryAgentPoolProfile` | array | Properties of the primary agent pool. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `aksServicePrincipalProfile` | object | `{object}` | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. | -| `appGatewayResourceId` | string | `''` | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `aadProfileAdminGroupObjectIDs` | array | `[]` | | Specifies the AAD group object IDs that will have admin role of the cluster. | -| `aadProfileClientAppID` | string | `''` | | The client AAD application ID. | -| `aadProfileEnableAzureRBAC` | bool | `[parameters('enableRBAC')]` | | Specifies whether to enable Azure RBAC for Kubernetes authorization. | -| `aadProfileManaged` | bool | `True` | | Specifies whether to enable managed AAD integration. | -| `aadProfileServerAppID` | string | `''` | | The server AAD application ID. | -| `aadProfileServerAppSecret` | string | `''` | | The server AAD application secret. | -| `aadProfileTenantId` | string | `[subscription().tenantId]` | | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. | -| `aciConnectorLinuxEnabled` | bool | `False` | | Specifies whether the aciConnectorLinux add-on is enabled or not. | -| `adminUsername` | string | `'azureuser'` | | Specifies the administrator username of Linux virtual machines. | -| `agentPools` | array | `[]` | | Define one or more secondary/additional agent pools. | -| `authorizedIPRanges` | array | `[]` | | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. | -| `autoScalerProfileBalanceSimilarNodeGroups` | string | `'false'` | `[false, true]` | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. | -| `autoScalerProfileExpander` | string | `'random'` | `[least-waste, most-pods, priority, random]` | Specifies the expand strategy for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxEmptyBulkDelete` | string | `'10'` | | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxGracefulTerminationSec` | string | `'600'` | | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. | -| `autoScalerProfileMaxNodeProvisionTime` | string | `'15m'` | | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. | -| `autoScalerProfileMaxTotalUnreadyPercentage` | string | `'45'` | | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. | -| `autoScalerProfileNewPodScaleUpDelay` | string | `'0s'` | | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). | -| `autoScalerProfileOkTotalUnreadyCount` | string | `'3'` | | Specifies the OK total unready count for the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterAdd` | string | `'10m'` | | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterDelete` | string | `'20s'` | | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownDelayAfterFailure` | string | `'3m'` | | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownUnneededTime` | string | `'10m'` | | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScaleDownUnreadyTime` | string | `'20m'` | | Specifies the scale down unready time of the auto-scaler of the AKS cluster. | -| `autoScalerProfileScanInterval` | string | `'10s'` | | Specifies the scan interval of the auto-scaler of the AKS cluster. | -| `autoScalerProfileSkipNodesWithLocalStorage` | string | `'true'` | `[false, true]` | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. | -| `autoScalerProfileSkipNodesWithSystemPods` | string | `'true'` | `[false, true]` | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. | -| `autoScalerProfileUtilizationThreshold` | string | `'0.5'` | | Specifies the utilization threshold of the auto-scaler of the AKS cluster. | -| `autoUpgradeProfileUpgradeChannel` | string | `''` | `['', node-image, none, patch, rapid, stable]` | Auto-upgrade channel on the AKS cluster. | -| `azurePolicyEnabled` | bool | `True` | | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. | -| `azurePolicyVersion` | string | `'v2'` | | Specifies the azure policy version to use. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAccounts` | bool | `False` | | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | -| `disableRunCommand` | bool | `False` | | Whether to disable run command for the cluster or not. | -| `diskEncryptionSetID` | string | `''` | | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. | -| `dnsPrefix` | string | `[parameters('name')]` | | Specifies the DNS prefix specified when creating the managed cluster. | -| `dnsServiceIP` | string | `''` | | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | -| `dnsZoneResourceId` | string | `''` | | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. | -| `enableAzureDefender` | bool | `False` | | Whether to enable Azure Defender. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableDnsZoneContributorRoleAssignment` | bool | `True` | | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. | -| `enableKeyvaultSecretsProvider` | bool | `False` | | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | -| `enableOidcIssuerProfile` | bool | `False` | | Whether the The OIDC issuer profile of the Managed Cluster is enabled. | -| `enablePodSecurityPolicy` | bool | `False` | | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. | -| `enablePrivateCluster` | bool | `False` | | Specifies whether to create the cluster as a private cluster or not. | -| `enablePrivateClusterPublicFQDN` | bool | `False` | | Whether to create additional public FQDN for private cluster or not. | -| `enableRBAC` | bool | `True` | | Whether to enable Kubernetes Role-Based Access Control. | -| `enableSecretRotation` | string | `'false'` | `[false, true]` | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. | -| `enableStorageProfileBlobCSIDriver` | bool | `False` | | Whether the AzureBlob CSI Driver for the storage profile is enabled. | -| `enableStorageProfileDiskCSIDriver` | bool | `False` | | Whether the AzureDisk CSI Driver for the storage profile is enabled. | -| `enableStorageProfileFileCSIDriver` | bool | `False` | | Whether the AzureFile CSI Driver for the storage profile is enabled. | -| `enableStorageProfileSnapshotController` | bool | `False` | | Whether the snapshot controller for the storage profile is enabled. | -| `enableWorkloadIdentity` | bool | `False` | | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. | -| `fluxConfigurationProtectedSettings` | secureObject | `{object}` | | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | -| `fluxExtension` | object | `{object}` | | Settings and configurations for the flux extension. | -| `httpApplicationRoutingEnabled` | bool | `False` | | Specifies whether the httpApplicationRouting add-on is enabled or not. | -| `httpProxyConfig` | object | `{object}` | | Configurations for provisioning the cluster with HTTP proxy servers. | -| `identityProfile` | object | `{object}` | | Identities associated with the cluster. | -| `ingressApplicationGatewayEnabled` | bool | `False` | | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. | -| `kubeDashboardEnabled` | bool | `False` | | Specifies whether the kubeDashboard add-on is enabled or not. | -| `kubernetesVersion` | string | `''` | | Version of Kubernetes specified when creating the managed cluster. | -| `loadBalancerSku` | string | `'standard'` | `[basic, standard]` | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | -| `location` | string | `[resourceGroup().location]` | | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedOutboundIPCount` | int | `0` | | Outbound IP Count for the Load balancer. | -| `monitoringWorkspaceId` | string | `''` | | Resource ID of the monitoring log analytics workspace. | -| `networkDataplane` | string | `''` | `['', azure, cilium]` | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | -| `networkPlugin` | string | `''` | `['', azure, kubenet]` | Specifies the network plugin used for building Kubernetes network. | -| `networkPluginMode` | string | `''` | `['', overlay]` | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | -| `networkPolicy` | string | `''` | `['', azure, calico]` | Specifies the network policy used for building Kubernetes network. - calico or azure. | -| `nodeResourceGroup` | string | `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` | | Name of the resource group containing agent pool nodes. | -| `omsAgentEnabled` | bool | `True` | | Specifies whether the OMS agent is enabled. | -| `openServiceMeshEnabled` | bool | `False` | | Specifies whether the openServiceMesh add-on is enabled or not. | -| `outboundType` | string | `'loadBalancer'` | `[loadBalancer, userDefinedRouting]` | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. | -| `podCidr` | string | `''` | | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. | -| `podIdentityProfileAllowNetworkPluginKubenet` | bool | `False` | | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. | -| `podIdentityProfileEnable` | bool | `False` | | Whether the pod identity addon is enabled. | -| `podIdentityProfileUserAssignedIdentities` | array | `[]` | | The pod identities to use in the cluster. | -| `podIdentityProfileUserAssignedIdentityExceptions` | array | `[]` | | The pod identity exceptions to allow. | -| `privateDNSZone` | string | `''` | | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceCidr` | string | `''` | | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | -| `skuTier` | string | `'Free'` | `[Free, Premium, Standard]` | Tier of a managed cluster SKU. - Free or Standard. | -| `sshPublicKey` | string | `''` | | Specifies the SSH RSA public key string for the Linux nodes. | -| `supportPlan` | string | `'KubernetesOfficial'` | `[AKSLongTermSupport, KubernetesOfficial]` | The support plan for the Managed Cluster. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webApplicationRoutingEnabled` | bool | `False` | | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. | -| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. | -| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. | -| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. | -| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the managed cluster. | -| `oidcIssuerUrl` | string | The OIDC token issuer URL. | -| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. | -| `resourceGroupName` | string | The resource group the managed cluster was deployed into. | -| `resourceId` | string | The resource ID of the managed cluster. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `kubernetes-configuration/extension` | Local reference | -| `kubernetes-configuration/flux-configuration` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Azure

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/container-service.managed-cluster:1.0.0`. + +- [Azure](#example-1-azure) +- [Kubenet](#example-2-kubenet) +- [Using only defaults](#example-3-using-only-defaults) +- [Priv](#example-4-priv) + +### Example 1: _Azure_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmaz' params: { // Required parameters @@ -624,14 +488,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 2: Kubenet

+### Example 2: _Kubenet_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmkube' params: { // Required parameters @@ -873,14 +737,17 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmmin' params: { // Required parameters @@ -940,14 +807,14 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

-

Example 4: Priv

+### Example 4: _Priv_
via Bicep module ```bicep -module managedCluster './container-service/managed-cluster/main.bicep' = { +module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-csmpriv' params: { // Required parameters @@ -1194,6 +1061,857 @@ module managedCluster './container-service/managed-cluster/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the AKS cluster. | +| [`primaryAgentPoolProfile`](#parameter-primaryagentpoolprofile) | array | Properties of the primary agent pool. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aksServicePrincipalProfile`](#parameter-aksserviceprincipalprofile) | object | Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. | +| [`appGatewayResourceId`](#parameter-appgatewayresourceid) | string | Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`aadProfileAdminGroupObjectIDs`](#parameter-aadprofileadmingroupobjectids) | array | Specifies the AAD group object IDs that will have admin role of the cluster. | +| [`aadProfileClientAppID`](#parameter-aadprofileclientappid) | string | The client AAD application ID. | +| [`aadProfileEnableAzureRBAC`](#parameter-aadprofileenableazurerbac) | bool | Specifies whether to enable Azure RBAC for Kubernetes authorization. | +| [`aadProfileManaged`](#parameter-aadprofilemanaged) | bool | Specifies whether to enable managed AAD integration. | +| [`aadProfileServerAppID`](#parameter-aadprofileserverappid) | string | The server AAD application ID. | +| [`aadProfileServerAppSecret`](#parameter-aadprofileserverappsecret) | string | The server AAD application secret. | +| [`aadProfileTenantId`](#parameter-aadprofiletenantid) | string | Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. | +| [`aciConnectorLinuxEnabled`](#parameter-aciconnectorlinuxenabled) | bool | Specifies whether the aciConnectorLinux add-on is enabled or not. | +| [`adminUsername`](#parameter-adminusername) | string | Specifies the administrator username of Linux virtual machines. | +| [`agentPools`](#parameter-agentpools) | array | Define one or more secondary/additional agent pools. | +| [`authorizedIPRanges`](#parameter-authorizedipranges) | array | IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. | +| [`autoScalerProfileBalanceSimilarNodeGroups`](#parameter-autoscalerprofilebalancesimilarnodegroups) | string | Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileExpander`](#parameter-autoscalerprofileexpander) | string | Specifies the expand strategy for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxEmptyBulkDelete`](#parameter-autoscalerprofilemaxemptybulkdelete) | string | Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxGracefulTerminationSec`](#parameter-autoscalerprofilemaxgracefulterminationsec) | string | Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileMaxNodeProvisionTime`](#parameter-autoscalerprofilemaxnodeprovisiontime) | string | Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. | +| [`autoScalerProfileMaxTotalUnreadyPercentage`](#parameter-autoscalerprofilemaxtotalunreadypercentage) | string | Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. | +| [`autoScalerProfileNewPodScaleUpDelay`](#parameter-autoscalerprofilenewpodscaleupdelay) | string | For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). | +| [`autoScalerProfileOkTotalUnreadyCount`](#parameter-autoscalerprofileoktotalunreadycount) | string | Specifies the OK total unready count for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterAdd`](#parameter-autoscalerprofilescaledowndelayafteradd) | string | Specifies the scale down delay after add of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterDelete`](#parameter-autoscalerprofilescaledowndelayafterdelete) | string | Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownDelayAfterFailure`](#parameter-autoscalerprofilescaledowndelayafterfailure) | string | Specifies scale down delay after failure of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownUnneededTime`](#parameter-autoscalerprofilescaledownunneededtime) | string | Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScaleDownUnreadyTime`](#parameter-autoscalerprofilescaledownunreadytime) | string | Specifies the scale down unready time of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileScanInterval`](#parameter-autoscalerprofilescaninterval) | string | Specifies the scan interval of the auto-scaler of the AKS cluster. | +| [`autoScalerProfileSkipNodesWithLocalStorage`](#parameter-autoscalerprofileskipnodeswithlocalstorage) | string | Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileSkipNodesWithSystemPods`](#parameter-autoscalerprofileskipnodeswithsystempods) | string | Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. | +| [`autoScalerProfileUtilizationThreshold`](#parameter-autoscalerprofileutilizationthreshold) | string | Specifies the utilization threshold of the auto-scaler of the AKS cluster. | +| [`autoUpgradeProfileUpgradeChannel`](#parameter-autoupgradeprofileupgradechannel) | string | Auto-upgrade channel on the AKS cluster. | +| [`azurePolicyEnabled`](#parameter-azurepolicyenabled) | bool | Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. | +| [`azurePolicyVersion`](#parameter-azurepolicyversion) | string | Specifies the azure policy version to use. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAccounts`](#parameter-disablelocalaccounts) | bool | If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. | +| [`disableRunCommand`](#parameter-disableruncommand) | bool | Whether to disable run command for the cluster or not. | +| [`diskEncryptionSetID`](#parameter-diskencryptionsetid) | string | The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. | +| [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | +| [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | +| [`dnsZoneResourceId`](#parameter-dnszoneresourceid) | string | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. | +| [`enableAzureDefender`](#parameter-enableazuredefender) | bool | Whether to enable Azure Defender. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableDnsZoneContributorRoleAssignment`](#parameter-enablednszonecontributorroleassignment) | bool | Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. | +| [`enableKeyvaultSecretsProvider`](#parameter-enablekeyvaultsecretsprovider) | bool | Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. | +| [`enableOidcIssuerProfile`](#parameter-enableoidcissuerprofile) | bool | Whether the The OIDC issuer profile of the Managed Cluster is enabled. | +| [`enablePodSecurityPolicy`](#parameter-enablepodsecuritypolicy) | bool | Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. | +| [`enablePrivateCluster`](#parameter-enableprivatecluster) | bool | Specifies whether to create the cluster as a private cluster or not. | +| [`enablePrivateClusterPublicFQDN`](#parameter-enableprivateclusterpublicfqdn) | bool | Whether to create additional public FQDN for private cluster or not. | +| [`enableRBAC`](#parameter-enablerbac) | bool | Whether to enable Kubernetes Role-Based Access Control. | +| [`enableSecretRotation`](#parameter-enablesecretrotation) | string | Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. | +| [`enableStorageProfileBlobCSIDriver`](#parameter-enablestorageprofileblobcsidriver) | bool | Whether the AzureBlob CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileDiskCSIDriver`](#parameter-enablestorageprofilediskcsidriver) | bool | Whether the AzureDisk CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileFileCSIDriver`](#parameter-enablestorageprofilefilecsidriver) | bool | Whether the AzureFile CSI Driver for the storage profile is enabled. | +| [`enableStorageProfileSnapshotController`](#parameter-enablestorageprofilesnapshotcontroller) | bool | Whether the snapshot controller for the storage profile is enabled. | +| [`enableWorkloadIdentity`](#parameter-enableworkloadidentity) | bool | Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. | +| [`fluxConfigurationProtectedSettings`](#parameter-fluxconfigurationprotectedsettings) | secureObject | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | +| [`fluxExtension`](#parameter-fluxextension) | object | Settings and configurations for the flux extension. | +| [`httpApplicationRoutingEnabled`](#parameter-httpapplicationroutingenabled) | bool | Specifies whether the httpApplicationRouting add-on is enabled or not. | +| [`httpProxyConfig`](#parameter-httpproxyconfig) | object | Configurations for provisioning the cluster with HTTP proxy servers. | +| [`identityProfile`](#parameter-identityprofile) | object | Identities associated with the cluster. | +| [`ingressApplicationGatewayEnabled`](#parameter-ingressapplicationgatewayenabled) | bool | Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. | +| [`kubeDashboardEnabled`](#parameter-kubedashboardenabled) | bool | Specifies whether the kubeDashboard add-on is enabled or not. | +| [`kubernetesVersion`](#parameter-kubernetesversion) | string | Version of Kubernetes specified when creating the managed cluster. | +| [`loadBalancerSku`](#parameter-loadbalancersku) | string | Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. | +| [`location`](#parameter-location) | string | Specifies the location of AKS cluster. It picks up Resource Group's location by default. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedOutboundIPCount`](#parameter-managedoutboundipcount) | int | Outbound IP Count for the Load balancer. | +| [`monitoringWorkspaceId`](#parameter-monitoringworkspaceid) | string | Resource ID of the monitoring log analytics workspace. | +| [`networkDataplane`](#parameter-networkdataplane) | string | Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. | +| [`networkPlugin`](#parameter-networkplugin) | string | Specifies the network plugin used for building Kubernetes network. | +| [`networkPluginMode`](#parameter-networkpluginmode) | string | Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. | +| [`networkPolicy`](#parameter-networkpolicy) | string | Specifies the network policy used for building Kubernetes network. - calico or azure. | +| [`nodeResourceGroup`](#parameter-noderesourcegroup) | string | Name of the resource group containing agent pool nodes. | +| [`omsAgentEnabled`](#parameter-omsagentenabled) | bool | Specifies whether the OMS agent is enabled. | +| [`openServiceMeshEnabled`](#parameter-openservicemeshenabled) | bool | Specifies whether the openServiceMesh add-on is enabled or not. | +| [`outboundType`](#parameter-outboundtype) | string | Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. | +| [`podCidr`](#parameter-podcidr) | string | Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. | +| [`podIdentityProfileAllowNetworkPluginKubenet`](#parameter-podidentityprofileallownetworkpluginkubenet) | bool | Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. | +| [`podIdentityProfileEnable`](#parameter-podidentityprofileenable) | bool | Whether the pod identity addon is enabled. | +| [`podIdentityProfileUserAssignedIdentities`](#parameter-podidentityprofileuserassignedidentities) | array | The pod identities to use in the cluster. | +| [`podIdentityProfileUserAssignedIdentityExceptions`](#parameter-podidentityprofileuserassignedidentityexceptions) | array | The pod identity exceptions to allow. | +| [`privateDNSZone`](#parameter-privatednszone) | string | Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceCidr`](#parameter-servicecidr) | string | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | +| [`skuTier`](#parameter-skutier) | string | Tier of a managed cluster SKU. - Free or Standard. | +| [`sshPublicKey`](#parameter-sshpublickey) | string | Specifies the SSH RSA public key string for the Linux nodes. | +| [`supportPlan`](#parameter-supportplan) | string | The support plan for the Managed Cluster. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | + +### Parameter: `aadProfileAdminGroupObjectIDs` + +Specifies the AAD group object IDs that will have admin role of the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aadProfileClientAppID` + +The client AAD application ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileEnableAzureRBAC` + +Specifies whether to enable Azure RBAC for Kubernetes authorization. +- Required: No +- Type: bool +- Default: `[parameters('enableRBAC')]` + +### Parameter: `aadProfileManaged` + +Specifies whether to enable managed AAD integration. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `aadProfileServerAppID` + +The server AAD application ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileServerAppSecret` + +The server AAD application secret. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `aadProfileTenantId` + +Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. +- Required: No +- Type: string +- Default: `[subscription().tenantId]` + +### Parameter: `aciConnectorLinuxEnabled` + +Specifies whether the aciConnectorLinux add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `adminUsername` + +Specifies the administrator username of Linux virtual machines. +- Required: No +- Type: string +- Default: `'azureuser'` + +### Parameter: `agentPools` + +Define one or more secondary/additional agent pools. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `aksServicePrincipalProfile` + +Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `appGatewayResourceId` + +Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authorizedIPRanges` + +IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `autoScalerProfileBalanceSimilarNodeGroups` + +Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileExpander` + +Specifies the expand strategy for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'random'` +- Allowed: `[least-waste, most-pods, priority, random]` + +### Parameter: `autoScalerProfileMaxEmptyBulkDelete` + +Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10'` + +### Parameter: `autoScalerProfileMaxGracefulTerminationSec` + +Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'600'` + +### Parameter: `autoScalerProfileMaxNodeProvisionTime` + +Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. +- Required: No +- Type: string +- Default: `'15m'` + +### Parameter: `autoScalerProfileMaxTotalUnreadyPercentage` + +Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. +- Required: No +- Type: string +- Default: `'45'` + +### Parameter: `autoScalerProfileNewPodScaleUpDelay` + +For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). +- Required: No +- Type: string +- Default: `'0s'` + +### Parameter: `autoScalerProfileOkTotalUnreadyCount` + +Specifies the OK total unready count for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'3'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterAdd` + +Specifies the scale down delay after add of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10m'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterDelete` + +Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'20s'` + +### Parameter: `autoScalerProfileScaleDownDelayAfterFailure` + +Specifies scale down delay after failure of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'3m'` + +### Parameter: `autoScalerProfileScaleDownUnneededTime` + +Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10m'` + +### Parameter: `autoScalerProfileScaleDownUnreadyTime` + +Specifies the scale down unready time of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'20m'` + +### Parameter: `autoScalerProfileScanInterval` + +Specifies the scan interval of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'10s'` + +### Parameter: `autoScalerProfileSkipNodesWithLocalStorage` + +Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'true'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileSkipNodesWithSystemPods` + +Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'true'` +- Allowed: `[false, true]` + +### Parameter: `autoScalerProfileUtilizationThreshold` + +Specifies the utilization threshold of the auto-scaler of the AKS cluster. +- Required: No +- Type: string +- Default: `'0.5'` + +### Parameter: `autoUpgradeProfileUpgradeChannel` + +Auto-upgrade channel on the AKS cluster. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', node-image, none, patch, rapid, stable]` + +### Parameter: `azurePolicyEnabled` + +Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `azurePolicyVersion` + +Specifies the azure policy version to use. +- Required: No +- Type: string +- Default: `'v2'` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, cluster-autoscaler, guard, kube-apiserver, kube-audit, kube-audit-admin, kube-controller-manager, kube-scheduler]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAccounts` + +If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `disableRunCommand` + +Whether to disable run command for the cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `diskEncryptionSetID` + +The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsPrefix` + +Specifies the DNS prefix specified when creating the managed cluster. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `dnsServiceIP` + +Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dnsZoneResourceId` + +Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableAzureDefender` + +Whether to enable Azure Defender. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDnsZoneContributorRoleAssignment` + +Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableKeyvaultSecretsProvider` + +Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableOidcIssuerProfile` + +Whether the The OIDC issuer profile of the Managed Cluster is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePodSecurityPolicy` + +Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePrivateCluster` + +Specifies whether to create the cluster as a private cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enablePrivateClusterPublicFQDN` + +Whether to create additional public FQDN for private cluster or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRBAC` + +Whether to enable Kubernetes Role-Based Access Control. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableSecretRotation` + +Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. +- Required: No +- Type: string +- Default: `'false'` +- Allowed: `[false, true]` + +### Parameter: `enableStorageProfileBlobCSIDriver` + +Whether the AzureBlob CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileDiskCSIDriver` + +Whether the AzureDisk CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileFileCSIDriver` + +Whether the AzureFile CSI Driver for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableStorageProfileSnapshotController` + +Whether the snapshot controller for the storage profile is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableWorkloadIdentity` + +Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `fluxConfigurationProtectedSettings` + +Configuration settings that are sensitive, as name-value pairs for configuring this extension. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `fluxExtension` + +Settings and configurations for the flux extension. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `httpApplicationRoutingEnabled` + +Specifies whether the httpApplicationRouting add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `httpProxyConfig` + +Configurations for provisioning the cluster with HTTP proxy servers. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `identityProfile` + +Identities associated with the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `ingressApplicationGatewayEnabled` + +Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kubeDashboardEnabled` + +Specifies whether the kubeDashboard add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kubernetesVersion` + +Version of Kubernetes specified when creating the managed cluster. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerSku` + +Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. +- Required: No +- Type: string +- Default: `'standard'` +- Allowed: `[basic, standard]` + +### Parameter: `location` + +Specifies the location of AKS cluster. It picks up Resource Group's location by default. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedOutboundIPCount` + +Outbound IP Count for the Load balancer. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `monitoringWorkspaceId` + +Resource ID of the monitoring log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Specifies the name of the AKS cluster. +- Required: Yes +- Type: string + +### Parameter: `networkDataplane` + +Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, cilium]` + +### Parameter: `networkPlugin` + +Specifies the network plugin used for building Kubernetes network. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, kubenet]` + +### Parameter: `networkPluginMode` + +Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', overlay]` + +### Parameter: `networkPolicy` + +Specifies the network policy used for building Kubernetes network. - calico or azure. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', azure, calico]` + +### Parameter: `nodeResourceGroup` + +Name of the resource group containing agent pool nodes. +- Required: No +- Type: string +- Default: `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` + +### Parameter: `omsAgentEnabled` + +Specifies whether the OMS agent is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `openServiceMeshEnabled` + +Specifies whether the openServiceMesh add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `outboundType` + +Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. +- Required: No +- Type: string +- Default: `'loadBalancer'` +- Allowed: `[loadBalancer, userDefinedRouting]` + +### Parameter: `podCidr` + +Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `podIdentityProfileAllowNetworkPluginKubenet` + +Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `podIdentityProfileEnable` + +Whether the pod identity addon is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `podIdentityProfileUserAssignedIdentities` + +The pod identities to use in the cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `podIdentityProfileUserAssignedIdentityExceptions` + +The pod identity exceptions to allow. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `primaryAgentPoolProfile` + +Properties of the primary agent pool. +- Required: Yes +- Type: array + +### Parameter: `privateDNSZone` + +Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceCidr` + +A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `skuTier` + +Tier of a managed cluster SKU. - Free or Standard. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: `[Free, Premium, Standard]` + +### Parameter: `sshPublicKey` + +Specifies the SSH RSA public key string for the Linux nodes. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportPlan` + +The support plan for the Managed Cluster. +- Required: No +- Type: string +- Default: `'KubernetesOfficial'` +- Allowed: `[AKSLongTermSupport, KubernetesOfficial]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webApplicationRoutingEnabled` + +Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `addonProfiles` | object | The addonProfiles of the Kubernetes cluster. | +| `controlPlaneFQDN` | string | The control plane FQDN of the managed cluster. | +| `keyvaultIdentityClientId` | string | The Client ID of the Key Vault Secrets Provider identity. | +| `keyvaultIdentityObjectId` | string | The Object ID of the Key Vault Secrets Provider identity. | +| `kubeletidentityObjectId` | string | The Object ID of the AKS identity. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the managed cluster. | +| `oidcIssuerUrl` | string | The OIDC token issuer URL. | +| `omsagentIdentityObjectId` | string | The Object ID of the OMS agent identity. | +| `resourceGroupName` | string | The resource group the managed cluster was deployed into. | +| `resourceId` | string | The resource ID of the managed cluster. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/kubernetes-configuration/extension` | Local reference | +| `modules/kubernetes-configuration/flux-configuration` | Local reference | + ## Notes ### Parameter Usage: `httpProxyConfig` diff --git a/modules/container-service/managed-cluster/agent-pool/README.md b/modules/container-service/managed-cluster/agent-pool/README.md index 56fd616524..3c02efae7a 100644 --- a/modules/container-service/managed-cluster/agent-pool/README.md +++ b/modules/container-service/managed-cluster/agent-pool/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,60 +19,324 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the agent pool. | +| [`name`](#parameter-name) | string | Name of the agent pool. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `managedClusterName` | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | +| [`managedClusterName`](#parameter-managedclustername) | string | The name of the parent managed cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `availabilityZones` | array | `[]` | | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". | -| `count` | int | `1` | | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | -| `enableAutoScaling` | bool | `False` | | Whether to enable auto-scaler. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableEncryptionAtHost` | bool | `False` | | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. | -| `enableFIPS` | bool | `False` | | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. | -| `enableNodePublicIP` | bool | `False` | | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). | -| `enableUltraSSD` | bool | `False` | | Whether to enable UltraSSD. | -| `gpuInstanceProfile` | string | `''` | `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]` | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | -| `kubeletDiskType` | string | `''` | | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | -| `maxCount` | int | `-1` | | The maximum number of nodes for auto-scaling. | -| `maxPods` | int | `-1` | | The maximum number of pods that can run on a node. | -| `maxSurge` | string | `''` | | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. | -| `minCount` | int | `-1` | | The minimum number of nodes for auto-scaling. | -| `mode` | string | `''` | | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. | -| `nodeLabels` | object | `{object}` | | The node labels to be persisted across all nodes in agent pool. | -| `nodePublicIpPrefixId` | string | `''` | | ResourceId of the node PublicIPPrefix. | -| `nodeTaints` | array | `[]` | | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | -| `orchestratorVersion` | string | `''` | | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). | -| `osDiskSizeGB` | int | `0` | | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | -| `osDiskType` | string | `''` | `['', Ephemeral, Managed]` | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). | -| `osSku` | string | `''` | `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]` | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | -| `osType` | string | `'Linux'` | `[Linux, Windows]` | The operating system type. The default is Linux. | -| `podSubnetId` | string | `''` | | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | -| `proximityPlacementGroupResourceId` | string | `''` | | The ID for the Proximity Placement Group. | -| `scaleDownMode` | string | `'Delete'` | `[Deallocate, Delete]` | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). | -| `scaleSetEvictionPolicy` | string | `'Delete'` | `[Deallocate, Delete]` | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. | -| `scaleSetPriority` | string | `''` | `['', Regular, Spot]` | The Virtual Machine Scale Set priority. | -| `sourceResourceId` | string | `''` | | This is the ARM ID of the source object to be used to create the target object. | -| `spotMaxPrice` | int | `-1` | | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `type` | string | `''` | | The type of Agent Pool. | -| `vmSize` | string | `'Standard_D2s_v3'` | | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. | -| `vnetSubnetId` | string | `''` | | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | -| `workloadRuntime` | string | `''` | | Determines the type of workload a node can run. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`availabilityZones`](#parameter-availabilityzones) | array | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". | +| [`count`](#parameter-count) | int | Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | +| [`enableAutoScaling`](#parameter-enableautoscaling) | bool | Whether to enable auto-scaler. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableEncryptionAtHost`](#parameter-enableencryptionathost) | bool | This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. | +| [`enableFIPS`](#parameter-enablefips) | bool | See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. | +| [`enableNodePublicIP`](#parameter-enablenodepublicip) | bool | Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). | +| [`enableUltraSSD`](#parameter-enableultrassd) | bool | Whether to enable UltraSSD. | +| [`gpuInstanceProfile`](#parameter-gpuinstanceprofile) | string | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | +| [`kubeletDiskType`](#parameter-kubeletdisktype) | string | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | +| [`maxCount`](#parameter-maxcount) | int | The maximum number of nodes for auto-scaling. | +| [`maxPods`](#parameter-maxpods) | int | The maximum number of pods that can run on a node. | +| [`maxSurge`](#parameter-maxsurge) | string | This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. | +| [`minCount`](#parameter-mincount) | int | The minimum number of nodes for auto-scaling. | +| [`mode`](#parameter-mode) | string | A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. | +| [`nodeLabels`](#parameter-nodelabels) | object | The node labels to be persisted across all nodes in agent pool. | +| [`nodePublicIpPrefixId`](#parameter-nodepublicipprefixid) | string | ResourceId of the node PublicIPPrefix. | +| [`nodeTaints`](#parameter-nodetaints) | array | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | +| [`orchestratorVersion`](#parameter-orchestratorversion) | string | As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). | +| [`osDiskSizeGB`](#parameter-osdisksizegb) | int | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | +| [`osDiskType`](#parameter-osdisktype) | string | The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). | +| [`osSku`](#parameter-ossku) | string | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | +| [`osType`](#parameter-ostype) | string | The operating system type. The default is Linux. | +| [`podSubnetId`](#parameter-podsubnetid) | string | Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | +| [`proximityPlacementGroupResourceId`](#parameter-proximityplacementgroupresourceid) | string | The ID for the Proximity Placement Group. | +| [`scaleDownMode`](#parameter-scaledownmode) | string | Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). | +| [`scaleSetEvictionPolicy`](#parameter-scalesetevictionpolicy) | string | The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. | +| [`scaleSetPriority`](#parameter-scalesetpriority) | string | The Virtual Machine Scale Set priority. | +| [`sourceResourceId`](#parameter-sourceresourceid) | string | This is the ARM ID of the source object to be used to create the target object. | +| [`spotMaxPrice`](#parameter-spotmaxprice) | int | Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`type`](#parameter-type) | string | The type of Agent Pool. | +| [`vmSize`](#parameter-vmsize) | string | VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. | +| [`vnetSubnetId`](#parameter-vnetsubnetid) | string | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | +| [`workloadRuntime`](#parameter-workloadruntime) | string | Determines the type of workload a node can run. | + +### Parameter: `availabilityZones` + +The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `count` + +Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `enableAutoScaling` + +Whether to enable auto-scaler. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableEncryptionAtHost` + +This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableFIPS` + +See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableNodePublicIP` + +Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableUltraSSD` + +Whether to enable UltraSSD. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gpuInstanceProfile` + +GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', MIG1g, MIG2g, MIG3g, MIG4g, MIG7g]` + +### Parameter: `kubeletDiskType` + +Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managedClusterName` + +The name of the parent managed cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `maxCount` + +The maximum number of nodes for auto-scaling. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `maxPods` + +The maximum number of pods that can run on a node. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `maxSurge` + +This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `minCount` + +The minimum number of nodes for auto-scaling. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `mode` + +A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the agent pool. +- Required: Yes +- Type: string + +### Parameter: `nodeLabels` + +The node labels to be persisted across all nodes in agent pool. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `nodePublicIpPrefixId` + +ResourceId of the node PublicIPPrefix. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `nodeTaints` + +The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `orchestratorVersion` + +As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `osDiskSizeGB` + +OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `osDiskType` + +The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Ephemeral, Managed]` + +### Parameter: `osSku` + +Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AzureLinux, CBLMariner, Ubuntu, Windows2019, Windows2022]` + +### Parameter: `osType` + +The operating system type. The default is Linux. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `podSubnetId` + +Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `proximityPlacementGroupResourceId` + +The ID for the Proximity Placement Group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scaleDownMode` + +Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Deallocate, Delete]` + +### Parameter: `scaleSetEvictionPolicy` + +The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Deallocate, Delete]` + +### Parameter: `scaleSetPriority` + +The Virtual Machine Scale Set priority. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Regular, Spot]` + +### Parameter: `sourceResourceId` + +This is the ARM ID of the source object to be used to create the target object. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `spotMaxPrice` + +Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of Agent Pool. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vmSize` + +VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. +- Required: No +- Type: string +- Default: `'Standard_D2s_v3'` + +### Parameter: `vnetSubnetId` + +Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `workloadRuntime` + +Determines the type of workload a node can run. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the agent pool. | | `resourceGroupName` | string | The resource group the agent pool was deployed into. | diff --git a/modules/container-service/managed-cluster/agent-pool/main.json b/modules/container-service/managed-cluster/agent-pool/main.json index a99f675bf9..9325db5ebe 100644 --- a/modules/container-service/managed-cluster/agent-pool/main.json +++ b/modules/container-service/managed-cluster/agent-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15838012443949702483" + "version": "0.22.6.54827", + "templateHash": "4102221439423294777" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index ee3d0499c8..ad17d46755 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1411508113014099928" + "version": "0.22.6.54827", + "templateHash": "5840083578872726906" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -1102,8 +1102,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15838012443949702483" + "version": "0.22.6.54827", + "templateHash": "4102221439423294777" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -1545,8 +1545,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14913275975998013893" + "version": "0.22.6.54827", + "templateHash": "5002606439705018990" }, "name": "Kubernetes Configuration Extensions", "description": "This module deploys a Kubernetes Configuration Extension.", @@ -1708,8 +1708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", @@ -1929,8 +1929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11132457537180081397" + "version": "0.22.6.54827", + "templateHash": "921005320898310167" } }, "parameters": { diff --git a/modules/data-factory/factory/.test/common/main.test.bicep b/modules/data-factory/factory/.test/common/main.test.bicep index 31c1fa8500..9d7ac74872 100644 --- a/modules/data-factory/factory/.test/common/main.test.bicep +++ b/modules/data-factory/factory/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-factory/factory/.test/min/main.test.bicep b/modules/data-factory/factory/.test/min/main.test.bicep index 9f0e43eef7..f5dadd9372 100644 --- a/modules/data-factory/factory/.test/min/main.test.bicep +++ b/modules/data-factory/factory/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md index 02ca57084e..63240b312e 100644 --- a/modules/data-factory/factory/README.md +++ b/modules/data-factory/factory/README.md @@ -4,14 +4,14 @@ This module deploys a Data Factory. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -25,91 +25,29 @@ This module deploys a Data Factory. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Factory to create. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gitAccountName` | string | `''` | | The account name. | -| `gitCollaborationBranch` | string | `'main'` | | The collaboration branch name. Default is 'main'. | -| `gitConfigureLater` | bool | `True` | | Boolean to define whether or not to configure git during template deployment. | -| `gitDisablePublish` | bool | `False` | | Disable manual publish operation in ADF studio to favor automated publish. | -| `gitHostName` | string | `''` | | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. | -| `gitProjectName` | string | `''` | | The project name. Only relevant for 'FactoryVSTSConfiguration'. | -| `gitRepositoryName` | string | `''` | | The repository name. | -| `gitRepoType` | string | `'FactoryVSTSConfiguration'` | | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. | -| `gitRootFolder` | string | `'/'` | | The root folder path name. Default is '/'. | -| `globalParameters` | object | `{object}` | | List of Global Parameters for the factory. | -| `integrationRuntimes` | array | `[]` | | An array of objects for the configuration of an Integration Runtime. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedPrivateEndpoints` | array | `[]` | | An array of managed private endpoints objects created in the Data Factory managed virtual network. | -| `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | -| `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the Azure Data Factory instance. | -| `resourceGroupName` | string | The name of the Resource Group with the Data factory. | -| `resourceId` | string | The Resource ID of the Data factory. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-factory.factory:1.0.0`. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module factory './data-factory/factory/main.bicep' = { +module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dffcom' params: { // Required parameters @@ -333,14 +271,17 @@ module factory './data-factory/factory/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module factory './data-factory/factory/main.bicep' = { +module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dffmin' params: { // Required parameters @@ -379,6 +320,317 @@ module factory './data-factory/factory/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Factory to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gitAccountName`](#parameter-gitaccountname) | string | The account name. | +| [`gitCollaborationBranch`](#parameter-gitcollaborationbranch) | string | The collaboration branch name. Default is 'main'. | +| [`gitConfigureLater`](#parameter-gitconfigurelater) | bool | Boolean to define whether or not to configure git during template deployment. | +| [`gitDisablePublish`](#parameter-gitdisablepublish) | bool | Disable manual publish operation in ADF studio to favor automated publish. | +| [`gitHostName`](#parameter-githostname) | string | The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. | +| [`gitProjectName`](#parameter-gitprojectname) | string | The project name. Only relevant for 'FactoryVSTSConfiguration'. | +| [`gitRepositoryName`](#parameter-gitrepositoryname) | string | The repository name. | +| [`gitRepoType`](#parameter-gitrepotype) | string | Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. | +| [`gitRootFolder`](#parameter-gitrootfolder) | string | The root folder path name. Default is '/'. | +| [`globalParameters`](#parameter-globalparameters) | object | List of Global Parameters for the factory. | +| [`integrationRuntimes`](#parameter-integrationruntimes) | array | An array of objects for the configuration of an Integration Runtime. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', ActivityRuns, allLogs, PipelineRuns, SSISIntegrationRuntimeLogs, SSISPackageEventMessageContext, SSISPackageEventMessages, SSISPackageExecutableStatistics, SSISPackageExecutionComponentPhases, SSISPackageExecutionDataStatistics, TriggerRuns]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitAccountName` + +The account name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitCollaborationBranch` + +The collaboration branch name. Default is 'main'. +- Required: No +- Type: string +- Default: `'main'` + +### Parameter: `gitConfigureLater` + +Boolean to define whether or not to configure git during template deployment. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitDisablePublish` + +Disable manual publish operation in ADF studio to favor automated publish. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gitHostName` + +The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitProjectName` + +The project name. Only relevant for 'FactoryVSTSConfiguration'. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitRepositoryName` + +The repository name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `gitRepoType` + +Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. +- Required: No +- Type: string +- Default: `'FactoryVSTSConfiguration'` + +### Parameter: `gitRootFolder` + +The root folder path name. Default is '/'. +- Required: No +- Type: string +- Default: `'/'` + +### Parameter: `globalParameters` + +List of Global Parameters for the factory. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `integrationRuntimes` + +An array of objects for the configuration of an Integration Runtime. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedPrivateEndpoints` + +An array of managed private endpoints objects created in the Data Factory managed virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `managedVirtualNetworkName` + +The name of the Managed Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Azure Factory to create. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the Azure Data Factory instance. | +| `resourceGroupName` | string | The name of the Resource Group with the Data factory. | +| `resourceId` | string | The Resource ID of the Data factory. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `managedPrivateEndpoints` diff --git a/modules/data-factory/factory/integration-runtime/README.md b/modules/data-factory/factory/integration-runtime/README.md index 420d090782..27111ad237 100644 --- a/modules/data-factory/factory/integration-runtime/README.md +++ b/modules/data-factory/factory/integration-runtime/README.md @@ -4,13 +4,13 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,29 +20,69 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the Integration Runtime. | -| `type` | string | `[Managed, SelfHosted]` | The type of Integration Runtime. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Integration Runtime. | +| [`type`](#parameter-type) | string | The type of Integration Runtime. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `managedVirtualNetworkName` | string | `''` | The name of the Managed Virtual Network if using type "Managed" . | -| `typeProperties` | object | `{object}` | Integration Runtime type properties. Required if type is "Managed". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network if using type "Managed" . | +| [`typeProperties`](#parameter-typeproperties) | object | Integration Runtime type properties. Required if type is "Managed". | + +### Parameter: `dataFactoryName` + +The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedVirtualNetworkName` + +The name of the Managed Virtual Network if using type "Managed" . +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Integration Runtime. +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of Integration Runtime. +- Required: Yes +- Type: string +- Allowed: `[Managed, SelfHosted]` + +### Parameter: `typeProperties` + +Integration Runtime type properties. Required if type is "Managed". +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Integration Runtime. | | `resourceGroupName` | string | The name of the Resource Group the Integration Runtime was created in. | diff --git a/modules/data-factory/factory/integration-runtime/main.json b/modules/data-factory/factory/integration-runtime/main.json index bb811c619f..1622eb4e06 100644 --- a/modules/data-factory/factory/integration-runtime/main.json +++ b/modules/data-factory/factory/integration-runtime/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3532154338917341406" + "version": "0.22.6.54827", + "templateHash": "2407789138740487733" }, "name": "Data Factory Integration RunTimes", "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.", diff --git a/modules/data-factory/factory/main.json b/modules/data-factory/factory/main.json index 377ac5f940..ca428834bc 100644 --- a/modules/data-factory/factory/main.json +++ b/modules/data-factory/factory/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "636961564143694705" + "version": "0.22.6.54827", + "templateHash": "5636410891768038353" }, "name": "Data Factories", "description": "This module deploys a Data Factory.", @@ -396,8 +396,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7244200630080980053" + "version": "0.22.6.54827", + "templateHash": "14273608975905052502" }, "name": "Data Factory Managed Virtual Networks", "description": "This module deploys a Data Factory Managed Virtual Network.", @@ -497,8 +497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8218881783737158619" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", @@ -666,8 +666,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1297850532911310740" + "version": "0.22.6.54827", + "templateHash": "2407789138740487733" }, "name": "Data Factory Integration RunTimes", "description": "This module deploys a Data Factory Managed or Self-Hosted Integration Runtime.", @@ -810,8 +810,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18228102662712097574" + "version": "0.22.6.54827", + "templateHash": "18126264566074899156" } }, "parameters": { @@ -971,8 +971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1171,8 +1171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1309,8 +1309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/data-factory/factory/managed-virtual-network/README.md b/modules/data-factory/factory/managed-virtual-network/README.md index cda18555b9..59b92e31fe 100644 --- a/modules/data-factory/factory/managed-virtual-network/README.md +++ b/modules/data-factory/factory/managed-virtual-network/README.md @@ -4,13 +4,13 @@ This module deploys a Data Factory Managed Virtual Network. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,27 +21,53 @@ This module deploys a Data Factory Managed Virtual Network. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Managed Virtual Network. | +| [`name`](#parameter-name) | string | The name of the Managed Virtual Network. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `managedPrivateEndpoints` | array | `[]` | An array of managed private endpoints objects created in the Data Factory managed virtual network. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | + +### Parameter: `dataFactoryName` + +The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `managedPrivateEndpoints` + +An array of managed private endpoints objects created in the Data Factory managed virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the Managed Virtual Network. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Managed Virtual Network. | | `resourceGroupName` | string | The name of the Resource Group the Managed Virtual Network was created in. | diff --git a/modules/data-factory/factory/managed-virtual-network/main.json b/modules/data-factory/factory/managed-virtual-network/main.json index 2885cf59b4..96dc5dd33b 100644 --- a/modules/data-factory/factory/managed-virtual-network/main.json +++ b/modules/data-factory/factory/managed-virtual-network/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12310194736024387290" + "version": "0.22.6.54827", + "templateHash": "14273608975905052502" }, "name": "Data Factory Managed Virtual Networks", "description": "This module deploys a Data Factory Managed Virtual Network.", @@ -105,8 +105,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17089196483393073819" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md index 7d3631961a..8d1265830d 100644 --- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md +++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md @@ -19,30 +19,73 @@ This module deploys a Data Factory Managed Virtual Network Managed Private Endpo **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `fqdns` | array | Fully qualified domain names. | -| `groupId` | string | The groupId to which the managed private endpoint is created. | -| `managedVirtualNetworkName` | string | The name of the parent managed virtual network. | -| `name` | string | The managed private endpoint resource name. | -| `privateLinkResourceId` | string | The ARM resource ID of the resource to which the managed private endpoint is created. | +| [`fqdns`](#parameter-fqdns) | array | Fully qualified domain names. | +| [`groupId`](#parameter-groupid) | string | The groupId to which the managed private endpoint is created. | +| [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the parent managed virtual network. | +| [`name`](#parameter-name) | string | The managed private endpoint resource name. | +| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The ARM resource ID of the resource to which the managed private endpoint is created. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `dataFactoryName` | string | The name of the parent data factory. Required if the template is used in a standalone deployment. | +| [`dataFactoryName`](#parameter-datafactoryname) | string | The name of the parent data factory. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `dataFactoryName` + +The name of the parent data factory. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fqdns` + +Fully qualified domain names. +- Required: Yes +- Type: array + +### Parameter: `groupId` + +The groupId to which the managed private endpoint is created. +- Required: Yes +- Type: string + +### Parameter: `managedVirtualNetworkName` + +The name of the parent managed virtual network. +- Required: Yes +- Type: string + +### Parameter: `name` + +The managed private endpoint resource name. +- Required: Yes +- Type: string + +### Parameter: `privateLinkResourceId` + +The ARM resource ID of the resource to which the managed private endpoint is created. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed managed private endpoint. | | `resourceGroupName` | string | The resource group of the deployed managed private endpoint. | diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json index aa4a6643bf..96606099ca 100644 --- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json +++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17089196483393073819" + "version": "0.22.6.54827", + "templateHash": "1490870890954327678" }, "name": "Data Factory Managed Virtual Network Managed PrivateEndpoints", "description": "This module deploys a Data Factory Managed Virtual Network Managed Private Endpoint.", diff --git a/modules/data-protection/backup-vault/.test/common/main.test.bicep b/modules/data-protection/backup-vault/.test/common/main.test.bicep index 218affe3d4..18be93ad16 100644 --- a/modules/data-protection/backup-vault/.test/common/main.test.bicep +++ b/modules/data-protection/backup-vault/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-protection/backup-vault/.test/min/main.test.bicep b/modules/data-protection/backup-vault/.test/min/main.test.bicep index 8fdcfd95c0..e96ec60caf 100644 --- a/modules/data-protection/backup-vault/.test/min/main.test.bicep +++ b/modules/data-protection/backup-vault/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md index f0e7d4caee..0e772779bd 100644 --- a/modules/data-protection/backup-vault/README.md +++ b/modules/data-protection/backup-vault/README.md @@ -5,10 +5,10 @@ This module deploys a Data Protection Backup Vault. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -20,61 +20,29 @@ This module deploys a Data Protection Backup Vault. | `Microsoft.DataProtection/backupVaults` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults) | | `Microsoft.DataProtection/backupVaults/backupPolicies` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/backupVaults/backupPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Backup Vault. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `azureMonitorAlertSettingsAlertsForAllJobFailures` | string | `'Enabled'` | `[Disabled, Enabled]` | Settings for Azure Monitor based alerts for job failures. | -| `backupPolicies` | array | `[]` | | List of all backup policies. | -| `dataStoreType` | string | `'VaultStore'` | `[ArchiveStore, OperationalStore, VaultStore]` | The datastore type to use. ArchiveStore does not support ZoneRedundancy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `featureSettings` | object | `{object}` | | Feature settings for the backup vault. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `securitySettings` | object | `{object}` | | Security settings for the backup vault. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. | -| `type` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ZoneRedundant]` | The vault redundancy level to use. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the backup vault. | -| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | -| `resourceId` | string | The resource ID of the backup vault. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/data-protection.backup-vault:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module backupVault './data-protection/backup-vault/main.bicep' = { +module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dpbvcom' params: { // Required parameters @@ -282,14 +250,17 @@ module backupVault './data-protection/backup-vault/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module backupVault './data-protection/backup-vault/main.bicep' = { +module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dpbvmin' params: { // Required parameters @@ -328,6 +299,140 @@ module backupVault './data-protection/backup-vault/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Backup Vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureMonitorAlertSettingsAlertsForAllJobFailures`](#parameter-azuremonitoralertsettingsalertsforalljobfailures) | string | Settings for Azure Monitor based alerts for job failures. | +| [`backupPolicies`](#parameter-backuppolicies) | array | List of all backup policies. | +| [`dataStoreType`](#parameter-datastoretype) | string | The datastore type to use. ArchiveStore does not support ZoneRedundancy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`featureSettings`](#parameter-featuresettings) | object | Feature settings for the backup vault. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`securitySettings`](#parameter-securitysettings) | object | Security settings for the backup vault. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. | +| [`type`](#parameter-type) | string | The vault redundancy level to use. | + +### Parameter: `azureMonitorAlertSettingsAlertsForAllJobFailures` + +Settings for Azure Monitor based alerts for job failures. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `backupPolicies` + +List of all backup policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataStoreType` + +The datastore type to use. ArchiveStore does not support ZoneRedundancy. +- Required: No +- Type: string +- Default: `'VaultStore'` +- Allowed: `[ArchiveStore, OperationalStore, VaultStore]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `featureSettings` + +Feature settings for the backup vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Backup Vault. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `securitySettings` + +Security settings for the backup vault. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Recovery Service Vault resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The vault redundancy level to use. +- Required: No +- Type: string +- Default: `'GeoRedundant'` +- Allowed: `[GeoRedundant, LocallyRedundant, ZoneRedundant]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the backup vault. | +| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. | +| `resourceId` | string | The resource ID of the backup vault. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `backupPolicies` diff --git a/modules/data-protection/backup-vault/backup-policy/README.md b/modules/data-protection/backup-vault/backup-policy/README.md index dea9657139..169a76f3d5 100644 --- a/modules/data-protection/backup-vault/backup-policy/README.md +++ b/modules/data-protection/backup-vault/backup-policy/README.md @@ -20,22 +20,49 @@ This module deploys a Data Protection Backup Vault Backup Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `backupVaultName` | string | The name of the backup vault. | +| [`backupVaultName`](#parameter-backupvaultname) | string | The name of the backup vault. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'DefaultPolicy'` | The name of the backup policy. | -| `properties` | object | `{object}` | The properties of the backup policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the backup policy. | +| [`properties`](#parameter-properties) | object | The properties of the backup policy. | + +### Parameter: `backupVaultName` + +The name of the backup vault. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the backup policy. +- Required: No +- Type: string +- Default: `'DefaultPolicy'` + +### Parameter: `properties` + +The properties of the backup policy. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the backup policy. | | `resourceGroupName` | string | The name of the resource group the backup policy was created in. | diff --git a/modules/data-protection/backup-vault/backup-policy/main.json b/modules/data-protection/backup-vault/backup-policy/main.json index 259cf9ab04..9717619f41 100644 --- a/modules/data-protection/backup-vault/backup-policy/main.json +++ b/modules/data-protection/backup-vault/backup-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13351591046039775322" + "version": "0.22.6.54827", + "templateHash": "4068293382331739919" }, "name": "Data Protection Backup Vault Backup Policies", "description": "This module deploys a Data Protection Backup Vault Backup Policy.", diff --git a/modules/data-protection/backup-vault/main.json b/modules/data-protection/backup-vault/main.json index 6f38347abd..0251fbd6b9 100644 --- a/modules/data-protection/backup-vault/main.json +++ b/modules/data-protection/backup-vault/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9192043285599381556" + "version": "0.22.6.54827", + "templateHash": "758221244478675783" }, "name": "Data Protection Backup Vaults", "description": "This module deploys a Data Protection Backup Vault.", @@ -212,8 +212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7012714576885585177" + "version": "0.22.6.54827", + "templateHash": "4068293382331739919" }, "name": "Data Protection Backup Vault Backup Policies", "description": "This module deploys a Data Protection Backup Vault Backup Policy.", @@ -333,8 +333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5799522460784182968" + "version": "0.22.6.54827", + "templateHash": "14959625805292931026" } }, "parameters": { diff --git a/modules/databricks/access-connector/.test/common/main.test.bicep b/modules/databricks/access-connector/.test/common/main.test.bicep index e6854b68ae..81dfb69963 100644 --- a/modules/databricks/access-connector/.test/common/main.test.bicep +++ b/modules/databricks/access-connector/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/access-connector/.test/min/main.test.bicep b/modules/databricks/access-connector/.test/min/main.test.bicep index 3a950aaa5f..1c8b923b29 100644 --- a/modules/databricks/access-connector/.test/min/main.test.bicep +++ b/modules/databricks/access-connector/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md index d530fdb979..0d47ea63d1 100644 --- a/modules/databricks/access-connector/README.md +++ b/modules/databricks/access-connector/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Databricks Access Connector. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,29 @@ This module deploys an Azure Databricks Access Connector. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Databricks/accessConnectors` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2022-10-01-preview/accessConnectors) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Databricks access connector to create. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed access connector. | -| `resourceGroupName` | string | The resource group of the deployed access connector. | -| `resourceId` | string | The resource ID of the deployed access connector. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.access-connector:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module accessConnector './databricks/access-connector/main.bicep' = { +module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-daccom' params: { // Required parameters @@ -156,14 +130,17 @@ module accessConnector './databricks/access-connector/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module accessConnector './databricks/access-connector/main.bicep' = { +module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dacmin' params: { // Required parameters @@ -200,3 +177,94 @@ module accessConnector './databricks/access-connector/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Databricks access connector to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Databricks access connector to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed access connector. | +| `resourceGroupName` | string | The resource group of the deployed access connector. | +| `resourceId` | string | The resource ID of the deployed access connector. | + +## Cross-referenced modules + +_None_ diff --git a/modules/databricks/access-connector/main.json b/modules/databricks/access-connector/main.json index 0dff655dda..e7e834fff8 100644 --- a/modules/databricks/access-connector/main.json +++ b/modules/databricks/access-connector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18141386081798006601" + "version": "0.22.6.54827", + "templateHash": "8282781227910546878" }, "name": "Azure Databricks Access Connectors", "description": "This module deploys an Azure Databricks Access Connector.", @@ -149,8 +149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8744521398620405286" + "version": "0.22.6.54827", + "templateHash": "9290418788736930611" } }, "parameters": { diff --git a/modules/databricks/workspace/.test/common/main.test.bicep b/modules/databricks/workspace/.test/common/main.test.bicep index 9dbc424bf9..cd9bef2b09 100644 --- a/modules/databricks/workspace/.test/common/main.test.bicep +++ b/modules/databricks/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/workspace/.test/min/main.test.bicep b/modules/databricks/workspace/.test/min/main.test.bicep index 85cd2ef8dc..00e0a9cd89 100644 --- a/modules/databricks/workspace/.test/min/main.test.bicep +++ b/modules/databricks/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md index 064f045a46..9a20519101 100644 --- a/modules/databricks/workspace/README.md +++ b/modules/databricks/workspace/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Databricks Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,94 +22,29 @@ This module deploys an Azure Databricks Workspace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Databricks workspace to create. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKManagedDisksKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKManagedServicesKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `amlWorkspaceResourceId` | string | `''` | | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. | -| `cMKManagedDisksKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled` | bool | `True` | | Enable Auto Rotation of Key. | -| `cMKManagedDisksKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKManagedServicesKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKManagedServicesKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `customPrivateSubnetName` | string | `''` | | The name of the Private Subnet within the Virtual Network. | -| `customPublicSubnetName` | string | `''` | | The name of a Public Subnet within the Virtual Network. | -| `customVirtualNetworkResourceId` | string | `''` | | The resource ID of a Virtual Network where this Databricks Cluster should be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disablePublicIp` | bool | `False` | | Disable Public IP. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `loadBalancerBackendPoolName` | string | `''` | | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | -| `loadBalancerResourceId` | string | `''` | | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedResourceGroupResourceId` | string | `''` | | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. | -| `natGatewayName` | string | `''` | | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | -| `prepareEncryption` | bool | `False` | | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicIpName` | string | `''` | | Name of the Public IP for No Public IP workspace with managed vNet. | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing workspace. Set value to disabled to access workspace only via private link. | -| `requiredNsgRules` | string | `'AllRules'` | `[AllRules, NoAzureDatabricksRules]` | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. | -| `requireInfrastructureEncryption` | bool | `False` | | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'premium'` | `[premium, standard, trial]` | The pricing tier of workspace. | -| `storageAccountName` | string | `''` | | Default DBFS storage account name. | -| `storageAccountSkuName` | string | `'Standard_GRS'` | | Storage account SKU name. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `vnetAddressPrefix` | string | `'10.139'` | | Address prefix for Managed virtual network. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed databricks workspace. | -| `resourceGroupName` | string | The resource group of the deployed databricks workspace. | -| `resourceId` | string | The resource ID of the deployed databricks workspace. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/databricks.workspace:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './databricks/workspace/main.bicep' = { +module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dwcom' params: { // Required parameters @@ -341,14 +276,17 @@ module workspace './databricks/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './databricks/workspace/main.bicep' = { +module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dwmin' params: { // Required parameters @@ -387,6 +325,349 @@ module workspace './databricks/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Databricks workspace to create. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKManagedDisksKeyVaultResourceId`](#parameter-cmkmanageddiskskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKManagedServicesKeyVaultResourceId`](#parameter-cmkmanagedserviceskeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`amlWorkspaceResourceId`](#parameter-amlworkspaceresourceid) | string | The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. | +| [`cMKManagedDisksKeyName`](#parameter-cmkmanageddiskskeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKManagedDisksKeyRotationToLatestKeyVersionEnabled`](#parameter-cmkmanageddiskskeyrotationtolatestkeyversionenabled) | bool | Enable Auto Rotation of Key. | +| [`cMKManagedDisksKeyVersion`](#parameter-cmkmanageddiskskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`cMKManagedServicesKeyName`](#parameter-cmkmanagedserviceskeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKManagedServicesKeyVersion`](#parameter-cmkmanagedserviceskeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`customPrivateSubnetName`](#parameter-customprivatesubnetname) | string | The name of the Private Subnet within the Virtual Network. | +| [`customPublicSubnetName`](#parameter-custompublicsubnetname) | string | The name of a Public Subnet within the Virtual Network. | +| [`customVirtualNetworkResourceId`](#parameter-customvirtualnetworkresourceid) | string | The resource ID of a Virtual Network where this Databricks Cluster should be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disablePublicIp`](#parameter-disablepublicip) | bool | Disable Public IP. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`loadBalancerBackendPoolName`](#parameter-loadbalancerbackendpoolname) | string | Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). | +| [`loadBalancerResourceId`](#parameter-loadbalancerresourceid) | string | Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managedResourceGroupResourceId`](#parameter-managedresourcegroupresourceid) | string | The managed resource group ID. It is created by the module as per the to-be resource ID you provide. | +| [`natGatewayName`](#parameter-natgatewayname) | string | Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. | +| [`prepareEncryption`](#parameter-prepareencryption) | bool | Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicIpName`](#parameter-publicipname) | string | Name of the Public IP for No Public IP workspace with managed vNet. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | The network access type for accessing workspace. Set value to disabled to access workspace only via private link. | +| [`requiredNsgRules`](#parameter-requirednsgrules) | string | Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | The pricing tier of workspace. | +| [`storageAccountName`](#parameter-storageaccountname) | string | Default DBFS storage account name. | +| [`storageAccountSkuName`](#parameter-storageaccountskuname) | string | Storage account SKU name. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`vnetAddressPrefix`](#parameter-vnetaddressprefix) | string | Address prefix for Managed virtual network. | + +### Parameter: `amlWorkspaceResourceId` + +The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyRotationToLatestKeyVersionEnabled` + +Enable Auto Rotation of Key. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `cMKManagedDisksKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedDisksKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKManagedServicesKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customPrivateSubnetName` + +The name of the Private Subnet within the Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customPublicSubnetName` + +The name of a Public Subnet within the Virtual Network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customVirtualNetworkResourceId` + +The resource ID of a Virtual Network where this Databricks Cluster should be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', accounts, allLogs, clusters, dbfs, instancePools, jobs, notebook, secrets, sqlPermissions, ssh, workspace]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disablePublicIp` + +Disable Public IP. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `loadBalancerBackendPoolName` + +Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerResourceId` + +Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managedResourceGroupResourceId` + +The managed resource group ID. It is created by the module as per the to-be resource ID you provide. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Azure Databricks workspace to create. +- Required: Yes +- Type: string + +### Parameter: `natGatewayName` + +Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `prepareEncryption` + +Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIpName` + +Name of the Public IP for No Public IP workspace with managed vNet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `publicNetworkAccess` + + The network access type for accessing workspace. Set value to disabled to access workspace only via private link. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `requiredNsgRules` + +Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. +- Required: No +- Type: string +- Default: `'AllRules'` +- Allowed: `[AllRules, NoAzureDatabricksRules]` + +### Parameter: `requireInfrastructureEncryption` + +A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The pricing tier of workspace. +- Required: No +- Type: string +- Default: `'premium'` +- Allowed: `[premium, standard, trial]` + +### Parameter: `storageAccountName` + +Default DBFS storage account name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountSkuName` + +Storage account SKU name. +- Required: No +- Type: string +- Default: `'Standard_GRS'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vnetAddressPrefix` + +Address prefix for Managed virtual network. +- Required: No +- Type: string +- Default: `'10.139'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed databricks workspace. | +| `resourceGroupName` | string | The resource group of the deployed databricks workspace. | +| `resourceId` | string | The resource ID of the deployed databricks workspace. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `customPublicSubnetName` and `customPrivateSubnetName` diff --git a/modules/databricks/workspace/main.json b/modules/databricks/workspace/main.json index f9dd854434..c729c6ec4f 100644 --- a/modules/databricks/workspace/main.json +++ b/modules/databricks/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4229571861676210045" + "version": "0.22.6.54827", + "templateHash": "11204795410714061974" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace.", @@ -423,8 +423,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6437441931020419683" + "version": "0.22.6.54827", + "templateHash": "3551736854871241675" } }, "parameters": { @@ -583,8 +583,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -783,8 +783,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -921,8 +921,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep index 49cc626f3d..61b5a01a27 100644 --- a/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep +++ b/modules/db-for-my-sql/flexible-server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md index 613aacfd8d..54064d38b2 100644 --- a/modules/db-for-my-sql/flexible-server/README.md +++ b/modules/db-for-my-sql/flexible-server/README.md @@ -5,10 +5,10 @@ This module deploys a DBforMySQL Flexible Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,97 +22,30 @@ This module deploys a DBforMySQL Flexible Server. | `Microsoft.DBforMySQL/flexibleServers/firewallRules` | [2022-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforMySQL/2022-01-01/flexibleServers/firewallRules) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the MySQL flexible server. | -| `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | -| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | -| `geoBackupCMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | -| `geoBackupCMKUserAssignedIdentityResourceId` | string | `''` | | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | -| `privateDnsZoneResourceId` | string | `''` | | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. | -| `restorePointInTime` | string | `''` | | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". | -| `sourceServerResourceId` | string | `''` | | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". | -| `storageAutoGrow` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `administratorLogin` | string | `''` | | The administrator login name of a server. Can only be specified when the MySQL server is being created. | -| `administratorLoginPassword` | securestring | `''` | | The administrator login password. | -| `administrators` | array | `[]` | | The Azure AD administrators when AAD authentication enabled. | -| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. | -| `backupRetentionDays` | int | `7` | | Backup retention days for the server. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `createMode` | string | `'Default'` | `[Default, GeoRestore, PointInTimeRestore, Replica]` | The mode to create a new MySQL server. | -| `databases` | array | `[]` | | The databases to create in the server. | -| `delegatedSubnetResourceId` | string | `''` | | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallRules` | array | `[]` | | The firewall rules to create in the MySQL flexible server. | -| `geoBackupCMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". | -| `geoBackupCMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. | -| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. | -| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceWindow` | object | `{object}` | | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | -| `replicationRole` | string | `'None'` | `[None, Replica, Source]` | The replication role. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". | -| `storageAutoIoScaling` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. | -| `storageIOPS` | int | `1000` | | Storage IOPS for a server. Max IOPS are determined by compute size. | -| `storageSizeGB` | int | `64` | `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `version` | string | `'5.7'` | `[5.7, 8.0.21]` | MySQL Server version. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed MySQL Flexible server. | -| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. | -| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-my-sql.flexible-server:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Private](#example-2-private) +- [Public](#example-3-public) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfsmin' params: { // Required parameters @@ -166,14 +99,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

-

Example 2: Private

+### Example 2: _Private_
via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfspvt' params: { // Required parameters @@ -351,14 +284,14 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

-

Example 3: Public

+### Example 3: _Public_
via Bicep module ```bicep -module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfmsfsp' params: { // Required parameters @@ -595,3 +528,405 @@ module flexibleServer './db-for-my-sql/flexible-server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the MySQL flexible server. | +| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | +| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | +| [`geoBackupCMKKeyVaultResourceId`](#parameter-geobackupcmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | +| [`geoBackupCMKUserAssignedIdentityResourceId`](#parameter-geobackupcmkuserassignedidentityresourceid) | string | Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". | +| [`privateDnsZoneResourceId`](#parameter-privatednszoneresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. | +| [`restorePointInTime`](#parameter-restorepointintime) | string | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". | +| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". | +| [`storageAutoGrow`](#parameter-storageautogrow) | string | Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the MySQL server is being created. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. | +| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. | +| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. | +| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`createMode`](#parameter-createmode) | string | The mode to create a new MySQL server. | +| [`databases`](#parameter-databases) | array | The databases to create in the server. | +| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the MySQL flexible server. | +| [`geoBackupCMKKeyName`](#parameter-geobackupcmkkeyname) | string | The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". | +| [`geoBackupCMKKeyVersion`](#parameter-geobackupcmkkeyversion) | string | The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. | +| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. | +| [`highAvailability`](#parameter-highavailability) | string | The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | +| [`replicationRole`](#parameter-replicationrole) | string | The replication role. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". | +| [`storageAutoIoScaling`](#parameter-storageautoioscaling) | string | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. | +| [`storageIOPS`](#parameter-storageiops) | int | Storage IOPS for a server. Max IOPS are determined by compute size. | +| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`version`](#parameter-version) | string | MySQL Server version. | + +### Parameter: `administratorLogin` + +The administrator login name of a server. Can only be specified when the MySQL server is being created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `administratorLoginPassword` + +The administrator login password. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `administrators` + +The Azure AD administrators when AAD authentication enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `availabilityZone` + +Availability zone information of the server. Default will have no preference set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1, 2, 3]` + +### Parameter: `backupRetentionDays` + +Backup retention days for the server. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `createMode` + +The mode to create a new MySQL server. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, GeoRestore, PointInTimeRestore, Replica]` + +### Parameter: `databases` + +The databases to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegatedSubnetResourceId` + +Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, MySqlAuditLogs, MySqlSlowLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallRules` + +The firewall rules to create in the MySQL flexible server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `geoBackupCMKKeyName` + +The name of the customer managed key to use for encryption when geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKKeyVersion` + +The version of the customer managed key to reference for encryption when geoRedundantBackup is "Enabled". If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoBackupCMKUserAssignedIdentityResourceId` + +Geo backup user identity resource ID as identity cant cross region, need identity in same region as geo backup. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty and geoRedundantBackup is "Enabled". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `geoRedundantBackup` + +A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `highAvailability` + +The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, SameZone, ZoneRedundant]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceWindow` + +Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the MySQL flexible server. +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneResourceId` + +Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `replicationRole` + +The replication role. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[None, Replica, Source]` + +### Parameter: `restorePointInTime` + +Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. +- Required: Yes +- Type: string + +### Parameter: `sourceServerResourceId` + +The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAutoGrow` + +Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageAutoIoScaling` + +Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `storageIOPS` + +Storage IOPS for a server. Max IOPS are determined by compute size. +- Required: No +- Type: int +- Default: `1000` + +### Parameter: `storageSizeGB` + +Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. +- Required: No +- Type: int +- Default: `64` +- Allowed: `[20, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". +- Required: Yes +- Type: string +- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if "cMKKeyName" is not empty. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `version` + +MySQL Server version. +- Required: No +- Type: string +- Default: `'5.7'` +- Allowed: `[5.7, 8.0.21]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed MySQL Flexible server. | +| `resourceGroupName` | string | The resource group of the deployed MySQL Flexible server. | +| `resourceId` | string | The resource ID of the deployed MySQL Flexible server. | + +## Cross-referenced modules + +_None_ diff --git a/modules/db-for-my-sql/flexible-server/administrator/README.md b/modules/db-for-my-sql/flexible-server/administrator/README.md index fe8dbf343e..247e680d29 100644 --- a/modules/db-for-my-sql/flexible-server/administrator/README.md +++ b/modules/db-for-my-sql/flexible-server/administrator/README.md @@ -19,30 +19,75 @@ This module deploys a DBforMySQL Flexible Server Administrator. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `identityResourceId` | string | The resource ID of the identity used for AAD Authentication. | -| `login` | string | Login name of the server administrator. | -| `sid` | string | SID (object ID) of the server administrator. | +| [`identityResourceId`](#parameter-identityresourceid) | string | The resource ID of the identity used for AAD Authentication. | +| [`login`](#parameter-login) | string | Login name of the server administrator. | +| [`sid`](#parameter-sid) | string | SID (object ID) of the server administrator. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `identityResourceId` + +The resource ID of the identity used for AAD Authentication. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `login` + +Login name of the server administrator. +- Required: Yes +- Type: string + +### Parameter: `sid` + +SID (object ID) of the server administrator. +- Required: Yes +- Type: string + +### Parameter: `tenantId` + +The tenantId of the Active Directory administrator. +- Required: No +- Type: string +- Default: `[tenant().tenantId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed administrator. | | `resourceGroupName` | string | The resource group of the deployed administrator. | diff --git a/modules/db-for-my-sql/flexible-server/administrator/main.json b/modules/db-for-my-sql/flexible-server/administrator/main.json index 926f61fac5..41ee008d22 100644 --- a/modules/db-for-my-sql/flexible-server/administrator/main.json +++ b/modules/db-for-my-sql/flexible-server/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6026324512499502510" + "version": "0.22.6.54827", + "templateHash": "16367563858411209197" }, "name": "DBforMySQL Flexible Server Administrators", "description": "This module deploys a DBforMySQL Flexible Server Administrator.", diff --git a/modules/db-for-my-sql/flexible-server/database/README.md b/modules/db-for-my-sql/flexible-server/database/README.md index f6394d9998..f2cced0ae4 100644 --- a/modules/db-for-my-sql/flexible-server/database/README.md +++ b/modules/db-for-my-sql/flexible-server/database/README.md @@ -19,29 +19,69 @@ This module deploys a DBforMySQL Flexible Server Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the database. | +| [`name`](#parameter-name) | string | The name of the database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `charset` | string | `'utf8_general_ci'` | The charset of the database. | -| `collation` | string | `'utf8'` | The collation of the database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`charset`](#parameter-charset) | string | The charset of the database. | +| [`collation`](#parameter-collation) | string | The collation of the database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `charset` + +The charset of the database. +- Required: No +- Type: string +- Default: `'utf8_general_ci'` + +### Parameter: `collation` + +The collation of the database. +- Required: No +- Type: string +- Default: `'utf8'` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the database. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/db-for-my-sql/flexible-server/database/main.json b/modules/db-for-my-sql/flexible-server/database/main.json index a2fa950dd3..4a68e48562 100644 --- a/modules/db-for-my-sql/flexible-server/database/main.json +++ b/modules/db-for-my-sql/flexible-server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12647720847614647024" + "version": "0.22.6.54827", + "templateHash": "16649222900362138505" }, "name": "DBforMySQL Flexible Server Databases", "description": "This module deploys a DBforMySQL Flexible Server Database.", diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md index 6c3b17dcdf..ee7be0779a 100644 --- a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md @@ -19,28 +19,59 @@ This module deploys a DBforMySQL Flexible Server Firewall Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `name` | string | The name of the MySQL flexible server Firewall Rule. | -| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`name`](#parameter-name) | string | The name of the MySQL flexible server Firewall Rule. | +| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endIpAddress` + +The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the MySQL flexible server Firewall Rule. +- Required: Yes +- Type: string + +### Parameter: `startIpAddress` + +The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | | `resourceGroupName` | string | The resource group of the deployed firewall rule. | diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json index c6c49e9e71..4b909f3882 100644 --- a/modules/db-for-my-sql/flexible-server/firewall-rule/main.json +++ b/modules/db-for-my-sql/flexible-server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5263296307327888660" + "version": "0.22.6.54827", + "templateHash": "12840531816938690352" }, "name": "DBforMySQL Flexible Server Firewall Rules", "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.", diff --git a/modules/db-for-my-sql/flexible-server/main.json b/modules/db-for-my-sql/flexible-server/main.json index c3f53162a6..da56c4087f 100644 --- a/modules/db-for-my-sql/flexible-server/main.json +++ b/modules/db-for-my-sql/flexible-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11042164284975783101" + "version": "0.22.6.54827", + "templateHash": "1515305312622683890" }, "name": "DBforMySQL Flexible Servers", "description": "This module deploys a DBforMySQL Flexible Server.", @@ -548,8 +548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17154165990398141081" + "version": "0.22.6.54827", + "templateHash": "17516117596765839904" } }, "parameters": { @@ -695,8 +695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17356615394418311167" + "version": "0.22.6.54827", + "templateHash": "16649222900362138505" }, "name": "DBforMySQL Flexible Server Databases", "description": "This module deploys a DBforMySQL Flexible Server Database.", @@ -834,8 +834,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10162316213188664200" + "version": "0.22.6.54827", + "templateHash": "12840531816938690352" }, "name": "DBforMySQL Flexible Server Firewall Rules", "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.", @@ -962,8 +962,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6026324512499502510" + "version": "0.22.6.54827", + "templateHash": "16367563858411209197" }, "name": "DBforMySQL Flexible Server Administrators", "description": "This module deploys a DBforMySQL Flexible Server Administrator.", diff --git a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep index 788d7c3423..1386d47e69 100644 --- a/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep +++ b/modules/db-for-postgre-sql/flexible-server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md index bb12fbcf62..9df28d3705 100644 --- a/modules/db-for-postgre-sql/flexible-server/README.md +++ b/modules/db-for-postgre-sql/flexible-server/README.md @@ -5,10 +5,10 @@ This module deploys a DBforPostgreSQL Flexible Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -23,93 +23,30 @@ This module deploys a DBforPostgreSQL Flexible Server. | `Microsoft.DBforPostgreSQL/flexibleServers/firewallRules` | [2022-12-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DBforPostgreSQL/2022-12-01/flexibleServers/firewallRules) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | The name of the PostgreSQL flexible server. | -| `skuName` | string | | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | -| `tier` | string | `[Burstable, GeneralPurpose, MemoryOptimized]` | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. | -| `pointInTimeUTC` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". | -| `sourceServerResourceId` | string | `''` | Required if "createMode" is set to "PointInTimeRestore". | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeDirectoryAuth` | string | `'Enabled'` | `[Disabled, Enabled]` | If Enabled, Azure Active Directory authentication is enabled. | -| `administratorLogin` | string | `''` | | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | -| `administratorLoginPassword` | securestring | `''` | | The administrator login password. | -| `administrators` | array | `[]` | | The Azure AD administrators when AAD authentication enabled. | -| `availabilityZone` | string | `''` | `['', 1, 2, 3]` | Availability zone information of the server. Default will have no preference set. | -| `backupRetentionDays` | int | `7` | | Backup retention days for the server. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `configurations` | array | `[]` | | The configurations to create in the server. | -| `createMode` | string | `'Default'` | `[Create, Default, PointInTimeRestore, Update]` | The mode to create a new PostgreSQL server. | -| `databases` | array | `[]` | | The databases to create in the server. | -| `delegatedSubnetResourceId` | string | `''` | | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallRules` | array | `[]` | | The firewall rules to create in the PostgreSQL flexible server. | -| `geoRedundantBackup` | string | `'Disabled'` | `[Disabled, Enabled]` | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. | -| `highAvailability` | string | `'Disabled'` | `[Disabled, SameZone, ZoneRedundant]` | The mode for high availability. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceWindow` | object | `{object}` | | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | -| `passwordAuth` | string | `'Disabled'` | `[Disabled, Enabled]` | If Enabled, password authentication is enabled. | -| `privateDnsZoneArmResourceId` | string | `''` | | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `storageSizeGB` | int | `32` | `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` | Max storage allowed for a server. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantId` | string | `''` | | Tenant id of the server. | -| `version` | string | `'15'` | `[11, 12, 13, 14, 15]` | PostgreSQL Server version. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed PostgreSQL Flexible server. | -| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. | -| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Private](#example-2-private) +- [Public](#example-3-public) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsmin' params: { // Required parameters @@ -163,14 +100,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

-

Example 2: Private

+### Example 2: _Private_
via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfspvt' params: { // Required parameters @@ -312,14 +249,14 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

-

Example 3: Public

+### Example 3: _Public_
via Bicep module ```bicep -module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = { +module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dfpsfsp' params: { // Required parameters @@ -530,3 +467,372 @@ module flexibleServer './db-for-postgre-sql/flexible-server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server. | +| [`skuName`](#parameter-skuname) | string | The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. | +| [`tier`](#parameter-tier) | string | The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. | +| [`pointInTimeUTC`](#parameter-pointintimeutc) | string | Required if "createMode" is set to "PointInTimeRestore". | +| [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | Required if "createMode" is set to "PointInTimeRestore". | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeDirectoryAuth`](#parameter-activedirectoryauth) | string | If Enabled, Azure Active Directory authentication is enabled. | +| [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. | +| [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. | +| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. | +| [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. | +| [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`configurations`](#parameter-configurations) | array | The configurations to create in the server. | +| [`createMode`](#parameter-createmode) | string | The mode to create a new PostgreSQL server. | +| [`databases`](#parameter-databases) | array | The databases to create in the server. | +| [`delegatedSubnetResourceId`](#parameter-delegatedsubnetresourceid) | string | Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the PostgreSQL flexible server. | +| [`geoRedundantBackup`](#parameter-georedundantbackup) | string | A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. | +| [`highAvailability`](#parameter-highavailability) | string | The mode for high availability. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". | +| [`passwordAuth`](#parameter-passwordauth) | string | If Enabled, password authentication is enabled. | +| [`privateDnsZoneArmResourceId`](#parameter-privatednszonearmresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tenantId`](#parameter-tenantid) | string | Tenant id of the server. | +| [`version`](#parameter-version) | string | PostgreSQL Server version. | + +### Parameter: `activeDirectoryAuth` + +If Enabled, Azure Active Directory authentication is enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `administratorLogin` + +The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `administratorLoginPassword` + +The administrator login password. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `administrators` + +The Azure AD administrators when AAD authentication enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `availabilityZone` + +Availability zone information of the server. Default will have no preference set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1, 2, 3]` + +### Parameter: `backupRetentionDays` + +Backup retention days for the server. +- Required: No +- Type: int +- Default: `7` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `configurations` + +The configurations to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `createMode` + +The mode to create a new PostgreSQL server. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Create, Default, PointInTimeRestore, Update]` + +### Parameter: `databases` + +The databases to create in the server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegatedSubnetResourceId` + +Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, PostgreSQLFlexDatabaseXacts, PostgreSQLFlexQueryStoreRuntime, PostgreSQLFlexQueryStoreWaitStats, PostgreSQLFlexSessions, PostgreSQLFlexTableStats, PostgreSQLLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallRules` + +The firewall rules to create in the PostgreSQL flexible server. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `geoRedundantBackup` + +A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `highAvailability` + +The mode for high availability. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, SameZone, ZoneRedundant]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceWindow` + +Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +The name of the PostgreSQL flexible server. +- Required: Yes +- Type: string + +### Parameter: `passwordAuth` + +If Enabled, password authentication is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `pointInTimeUTC` + +Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateDnsZoneArmResourceId` + +Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. +- Required: Yes +- Type: string + +### Parameter: `sourceServerResourceId` + +Required if "createMode" is set to "PointInTimeRestore". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageSizeGB` + +Max storage allowed for a server. +- Required: No +- Type: int +- Default: `32` +- Allowed: `[32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tenantId` + +Tenant id of the server. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". +- Required: Yes +- Type: string +- Allowed: `[Burstable, GeneralPurpose, MemoryOptimized]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `version` + +PostgreSQL Server version. +- Required: No +- Type: string +- Default: `'15'` +- Allowed: `[11, 12, 13, 14, 15]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed PostgreSQL Flexible server. | +| `resourceGroupName` | string | The resource group of the deployed PostgreSQL Flexible server. | +| `resourceId` | string | The resource ID of the deployed PostgreSQL Flexible server. | + +## Cross-referenced modules + +_None_ diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md index 34cfa2b0b7..64e08316bd 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/README.md +++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md @@ -19,30 +19,76 @@ This module deploys a DBforPostgreSQL Flexible Server Administrator. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `objectId` | string | | The objectId of the Active Directory administrator. | -| `principalName` | string | | Active Directory administrator principal name. | -| `principalType` | string | `[Group, ServicePrincipal, Unknown, User]` | The principal type used to represent the type of Active Directory Administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`objectId`](#parameter-objectid) | string | The objectId of the Active Directory administrator. | +| [`principalName`](#parameter-principalname) | string | Active Directory administrator principal name. | +| [`principalType`](#parameter-principaltype) | string | The principal type used to represent the type of Active Directory Administrator. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tenantId` | string | `[tenant().tenantId]` | The tenantId of the Active Directory administrator. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `objectId` + +The objectId of the Active Directory administrator. +- Required: Yes +- Type: string + +### Parameter: `principalName` + +Active Directory administrator principal name. +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type used to represent the type of Active Directory Administrator. +- Required: Yes +- Type: string +- Allowed: `[Group, ServicePrincipal, Unknown, User]` + +### Parameter: `tenantId` + +The tenantId of the Active Directory administrator. +- Required: No +- Type: string +- Default: `[tenant().tenantId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed administrator. | | `resourceGroupName` | string | The resource group of the deployed administrator. | diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/main.json b/modules/db-for-postgre-sql/flexible-server/administrator/main.json index eb10947fcc..6ac911a9e5 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/main.json +++ b/modules/db-for-postgre-sql/flexible-server/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14812998248518641282" + "version": "0.22.6.54827", + "templateHash": "3514176123135146796" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/README.md b/modules/db-for-postgre-sql/flexible-server/configuration/README.md index 5a98fdc548..d156b0635a 100644 --- a/modules/db-for-postgre-sql/flexible-server/configuration/README.md +++ b/modules/db-for-postgre-sql/flexible-server/configuration/README.md @@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Configuration. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the configuration. | +| [`name`](#parameter-name) | string | The name of the configuration. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `source` | string | `''` | Source of the configuration. | -| `value` | string | `''` | Value of the configuration. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`source`](#parameter-source) | string | Source of the configuration. | +| [`value`](#parameter-value) | string | Value of the configuration. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the configuration. +- Required: Yes +- Type: string + +### Parameter: `source` + +Source of the configuration. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `value` + +Value of the configuration. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed configuration. | | `resourceGroupName` | string | The resource group of the deployed configuration. | diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/main.json b/modules/db-for-postgre-sql/flexible-server/configuration/main.json index 92aa1e45be..54b8e1f4b7 100644 --- a/modules/db-for-postgre-sql/flexible-server/configuration/main.json +++ b/modules/db-for-postgre-sql/flexible-server/configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5586008567080780040" + "version": "0.22.6.54827", + "templateHash": "12961146168624492771" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", diff --git a/modules/db-for-postgre-sql/flexible-server/database/README.md b/modules/db-for-postgre-sql/flexible-server/database/README.md index 700caebc88..57ba0b45a5 100644 --- a/modules/db-for-postgre-sql/flexible-server/database/README.md +++ b/modules/db-for-postgre-sql/flexible-server/database/README.md @@ -19,29 +19,69 @@ This module deploys a DBforPostgreSQL Flexible Server Database. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the database. | +| [`name`](#parameter-name) | string | The name of the database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `charset` | string | `''` | The charset of the database. | -| `collation` | string | `''` | The collation of the database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`charset`](#parameter-charset) | string | The charset of the database. | +| [`collation`](#parameter-collation) | string | The collation of the database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `charset` + +The charset of the database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `collation` + +The collation of the database. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the database. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/db-for-postgre-sql/flexible-server/database/main.json b/modules/db-for-postgre-sql/flexible-server/database/main.json index 0b0f806020..bc43485c4f 100644 --- a/modules/db-for-postgre-sql/flexible-server/database/main.json +++ b/modules/db-for-postgre-sql/flexible-server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7432917940199201712" + "version": "0.22.6.54827", + "templateHash": "15866259518448635553" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md index d4f092e9f6..de0f21fadf 100644 --- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md @@ -19,28 +19,59 @@ This module deploys a DBforPostgreSQL Flexible Server Firewall Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `endIpAddress` | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | -| `name` | string | The name of the PostgreSQL flexible server Firewall Rule. | -| `startIpAddress` | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | +| [`name`](#parameter-name) | string | The name of the PostgreSQL flexible server Firewall Rule. | +| [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `flexibleServerName` | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | +| [`flexibleServerName`](#parameter-flexibleservername) | string | The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endIpAddress` + +The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the PostgreSQL flexible server Firewall Rule. +- Required: Yes +- Type: string + +### Parameter: `startIpAddress` + +The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed firewall rule. | | `resourceGroupName` | string | The resource group of the deployed firewall rule. | diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json index 19cc04b358..79c31b0bfb 100644 --- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json +++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3071080362723739241" + "version": "0.22.6.54827", + "templateHash": "13418631602887252631" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", diff --git a/modules/db-for-postgre-sql/flexible-server/main.json b/modules/db-for-postgre-sql/flexible-server/main.json index 316363a8c8..e737116aa5 100644 --- a/modules/db-for-postgre-sql/flexible-server/main.json +++ b/modules/db-for-postgre-sql/flexible-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16240139018001575474" + "version": "0.22.6.54827", + "templateHash": "2675797994216094359" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", @@ -521,8 +521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4898014763123062752" + "version": "0.22.6.54827", + "templateHash": "6100419547048418453" } }, "parameters": { @@ -667,8 +667,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16660732763595780206" + "version": "0.22.6.54827", + "templateHash": "15866259518448635553" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", @@ -806,8 +806,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7935033505380784919" + "version": "0.22.6.54827", + "templateHash": "13418631602887252631" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", @@ -904,7 +904,9 @@ { "copy": { "name": "flexibleServer_configurations", - "count": "[length(parameters('configurations'))]" + "count": "[length(parameters('configurations'))]", + "mode": "serial", + "batchSize": 1 }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -933,8 +935,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10954863077388190830" + "version": "0.22.6.54827", + "templateHash": "12961146168624492771" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", @@ -1071,8 +1073,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14812998248518641282" + "version": "0.22.6.54827", + "templateHash": "3514176123135146796" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep index 959990ac7c..673b79551f 100644 --- a/modules/desktop-virtualization/application-group/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/application-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep index e5a99a1d1e..8dae8dc2d4 100644 --- a/modules/desktop-virtualization/application-group/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/application-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md index 696349103d..29c5853ae4 100644 --- a/modules/desktop-virtualization/application-group/README.md +++ b/modules/desktop-virtualization/application-group/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,64 +20,29 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group. | `Microsoft.DesktopVirtualization/applicationGroups/applications` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/applicationGroups/applications) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `applicationGroupType` | string | `[Desktop, RemoteApp]` | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. | -| `hostpoolName` | string | | Name of the Host Pool to be linked to this Application Group. | -| `name` | string | | Name of the Application Group to create this application in. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applications` | array | `[]` | | List of applications to be created in the Application Group. | -| `description` | string | `''` | | The description of the Application Group to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of log analytics. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Application Group to be created. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD application group. | -| `resourceGroupName` | string | The resource group the AVD application group was deployed into. | -| `resourceId` | string | The resource ID of the AVD application group. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.application-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGroup './desktop-virtualization/application-group/main.bicep' = { +module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvagcom' params: { // Required parameters @@ -225,14 +190,17 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module applicationGroup './desktop-virtualization/application-group/main.bicep' = { +module applicationGroup 'br:bicep/modules/desktop-virtualization.application-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvagmin' params: { // Required parameters @@ -277,3 +245,166 @@ module applicationGroup './desktop-virtualization/application-group/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationGroupType`](#parameter-applicationgrouptype) | string | The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. | +| [`hostpoolName`](#parameter-hostpoolname) | string | Name of the Host Pool to be linked to this Application Group. | +| [`name`](#parameter-name) | string | Name of the Application Group to create this application in. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applications`](#parameter-applications) | array | List of applications to be created in the Application Group. | +| [`description`](#parameter-description) | string | The description of the Application Group to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of log analytics. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Application Group to be created. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `applicationGroupType` + +The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. +- Required: Yes +- Type: string +- Allowed: `[Desktop, RemoteApp]` + +### Parameter: `applications` + +List of applications to be created in the Application Group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the Application Group to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Checkpoint, Error, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of log analytics. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Application Group to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hostpoolName` + +Name of the Host Pool to be linked to this Application Group. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Group to create this application in. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD application group. | +| `resourceGroupName` | string | The resource group the AVD application group was deployed into. | +| `resourceId` | string | The resource ID of the AVD application group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/application-group/application/README.md b/modules/desktop-virtualization/application-group/application/README.md index 7d87db5d0c..cc46be1fbe 100644 --- a/modules/desktop-virtualization/application-group/application/README.md +++ b/modules/desktop-virtualization/application-group/application/README.md @@ -4,12 +4,12 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,34 +19,108 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `filePath` | string | Specifies a path for the executable file for the application. | -| `friendlyName` | string | Friendly name of Application.. | -| `name` | string | Name of the Application to be created in the Application Group. | +| [`filePath`](#parameter-filepath) | string | Specifies a path for the executable file for the application. | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of Application.. | +| [`name`](#parameter-name) | string | Name of the Application to be created in the Application Group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appGroupName` | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. | +| [`appGroupName`](#parameter-appgroupname) | string | The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `commandLineArguments` | string | `''` | | Command-Line Arguments for Application. | -| `commandLineSetting` | string | `'DoNotAllow'` | `[Allow, DoNotAllow, Require]` | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. | -| `description` | string | `''` | | Description of Application.. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `iconIndex` | int | `0` | | Index of the icon. | -| `iconPath` | string | `''` | | Path to icon. | -| `showInPortal` | bool | `False` | | Specifies whether to show the RemoteApp program in the RD Web Access server. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`commandLineArguments`](#parameter-commandlinearguments) | string | Command-Line Arguments for Application. | +| [`commandLineSetting`](#parameter-commandlinesetting) | string | Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. | +| [`description`](#parameter-description) | string | Description of Application.. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`iconIndex`](#parameter-iconindex) | int | Index of the icon. | +| [`iconPath`](#parameter-iconpath) | string | Path to icon. | +| [`showInPortal`](#parameter-showinportal) | bool | Specifies whether to show the RemoteApp program in the RD Web Access server. | + +### Parameter: `appGroupName` + +The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `commandLineArguments` + +Command-Line Arguments for Application. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `commandLineSetting` + +Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. +- Required: No +- Type: string +- Default: `'DoNotAllow'` +- Allowed: `[Allow, DoNotAllow, Require]` + +### Parameter: `description` + +Description of Application.. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `filePath` + +Specifies a path for the executable file for the application. +- Required: Yes +- Type: string + +### Parameter: `friendlyName` + +Friendly name of Application.. +- Required: Yes +- Type: string + +### Parameter: `iconIndex` + +Index of the icon. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `iconPath` + +Path to icon. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the Application to be created in the Application Group. +- Required: Yes +- Type: string + +### Parameter: `showInPortal` + +Specifies whether to show the RemoteApp program in the RD Web Access server. +- Required: No +- Type: bool +- Default: `False` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The Name of the Application Group to register the Application in. | | `resourceGroupName` | string | The name of the Resource Group the AVD Application was created in. | diff --git a/modules/desktop-virtualization/application-group/application/main.json b/modules/desktop-virtualization/application-group/application/main.json index 2621a89ffe..70e339a8b2 100644 --- a/modules/desktop-virtualization/application-group/application/main.json +++ b/modules/desktop-virtualization/application-group/application/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7619639220591936340" + "version": "0.22.6.54827", + "templateHash": "10616827856455579307" }, "name": "Azure Virtual Desktop (AVD) Application Group Applications", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.", diff --git a/modules/desktop-virtualization/application-group/main.json b/modules/desktop-virtualization/application-group/main.json index 351595b955..a84976fdda 100644 --- a/modules/desktop-virtualization/application-group/main.json +++ b/modules/desktop-virtualization/application-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6445435320297948317" + "version": "0.22.6.54827", + "templateHash": "8705022781837382520" }, "name": "Azure Virtual Desktop (AVD) Application Groups", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group.", @@ -261,8 +261,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "110356307048121387" + "version": "0.22.6.54827", + "templateHash": "10616827856455579307" }, "name": "Azure Virtual Desktop (AVD) Application Group Applications", "description": "This module deploys an Azure Virtual Desktop (AVD) Application Group Application.", @@ -442,8 +442,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9771114878684828045" + "version": "0.22.6.54827", + "templateHash": "16875966944342044136" } }, "parameters": { diff --git a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep index 6f581c0315..ae07838fee 100644 --- a/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/host-pool/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep index 9a7bbfd580..7691ccaa51 100644 --- a/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/host-pool/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md index 9d96667dba..004589bda7 100644 --- a/modules/desktop-virtualization/host-pool/README.md +++ b/modules/desktop-virtualization/host-pool/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,90 +19,29 @@ This module deploys an Azure Virtual Desktop (AVD) Host Pool. | `Microsoft.DesktopVirtualization/hostPools` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/hostPools) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Host Pool. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `agentUpdate` | object | `{object}` | | The session host configuration for updating agent, monitoring agent, and stack component. | -| `agentUpdateMaintenanceWindowDayOfWeek` | string | `'Sunday'` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Update day for scheduled agent updates. | -| `agentUpdateMaintenanceWindowHour` | int | `22` | | Update hour for scheduled agent updates. | -| `agentUpdateMaintenanceWindows` | array | `[System.Management.Automation.OrderedHashtable]` | | List of maintenance windows for scheduled agent updates. | -| `agentUpdateMaintenanceWindowTimeZone` | string | `'Central Standard Time'` | | Time zone for scheduled agent updates. | -| `agentUpdateType` | string | `'Default'` | `[Default, Scheduled]` | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. | -| `agentUpdateUseSessionHostLocalTime` | bool | `False` | | Whether to use localTime of the virtual machine for scheduled agent updates. | -| `customRdpProperty` | string | `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` | | Host Pool RDP properties. | -| `description` | string | `''` | | The description of the Host Pool to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Host Pool to be created. | -| `loadBalancerType` | string | `'BreadthFirst'` | `[BreadthFirst, DepthFirst, Persistent]` | Type of load balancer algorithm. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxSessionLimit` | int | `99999` | | Maximum number of sessions. | -| `personalDesktopAssignmentType` | string | `''` | `['', Automatic, Direct]` | Set the type of assignment for a Personal Host Pool type. | -| `preferredAppGroupType` | string | `'Desktop'` | `[Desktop, None, RailApplications]` | The type of preferred application group type, default to Desktop Application Group. | -| `ring` | int | `-1` | | The ring number of HostPool. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ssoadfsAuthority` | string | `''` | | URL to customer ADFS server for signing WVD SSO certificates. | -| `ssoClientId` | string | `''` | | ClientId for the registered Relying Party used to issue WVD SSO certificates. | -| `ssoClientSecretKeyVaultPath` | string | `''` | | Path to Azure KeyVault storing the secret used for communication to ADFS. | -| `ssoSecretType` | string | `''` | `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]` | The type of single sign on Secret Type. | -| `startVMOnConnect` | bool | `False` | | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tokenValidityLength` | string | `'PT8H'` | | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. | -| `type` | string | `'Pooled'` | `[Personal, Pooled]` | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | -| `validationEnvironment` | bool | `False` | | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. | -| `vmTemplate` | object | `{object}` | | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. | - -**Generated parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not provide a value! This date value is used to generate a registration token. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD host pool. | -| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. | -| `resourceId` | string | The resource ID of the AVD host pool. | -| `tokenExpirationTime` | string | The expiration time for the registration token. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.host-pool:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module hostPool './desktop-virtualization/host-pool/main.bicep' = { +module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvhpcom' params: { // Required parameters @@ -292,14 +231,17 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module hostPool './desktop-virtualization/host-pool/main.bicep' = { +module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvhpmin' params: { // Required parameters @@ -336,3 +278,340 @@ module hostPool './desktop-virtualization/host-pool/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Host Pool. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`agentUpdate`](#parameter-agentupdate) | object | The session host configuration for updating agent, monitoring agent, and stack component. | +| [`agentUpdateMaintenanceWindowDayOfWeek`](#parameter-agentupdatemaintenancewindowdayofweek) | string | Update day for scheduled agent updates. | +| [`agentUpdateMaintenanceWindowHour`](#parameter-agentupdatemaintenancewindowhour) | int | Update hour for scheduled agent updates. | +| [`agentUpdateMaintenanceWindows`](#parameter-agentupdatemaintenancewindows) | array | List of maintenance windows for scheduled agent updates. | +| [`agentUpdateMaintenanceWindowTimeZone`](#parameter-agentupdatemaintenancewindowtimezone) | string | Time zone for scheduled agent updates. | +| [`agentUpdateType`](#parameter-agentupdatetype) | string | Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. | +| [`agentUpdateUseSessionHostLocalTime`](#parameter-agentupdateusesessionhostlocaltime) | bool | Whether to use localTime of the virtual machine for scheduled agent updates. | +| [`customRdpProperty`](#parameter-customrdpproperty) | string | Host Pool RDP properties. | +| [`description`](#parameter-description) | string | The description of the Host Pool to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Host Pool to be created. | +| [`loadBalancerType`](#parameter-loadbalancertype) | string | Type of load balancer algorithm. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxSessionLimit`](#parameter-maxsessionlimit) | int | Maximum number of sessions. | +| [`personalDesktopAssignmentType`](#parameter-personaldesktopassignmenttype) | string | Set the type of assignment for a Personal Host Pool type. | +| [`preferredAppGroupType`](#parameter-preferredappgrouptype) | string | The type of preferred application group type, default to Desktop Application Group. | +| [`ring`](#parameter-ring) | int | The ring number of HostPool. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ssoadfsAuthority`](#parameter-ssoadfsauthority) | string | URL to customer ADFS server for signing WVD SSO certificates. | +| [`ssoClientId`](#parameter-ssoclientid) | string | ClientId for the registered Relying Party used to issue WVD SSO certificates. | +| [`ssoClientSecretKeyVaultPath`](#parameter-ssoclientsecretkeyvaultpath) | string | Path to Azure KeyVault storing the secret used for communication to ADFS. | +| [`ssoSecretType`](#parameter-ssosecrettype) | string | The type of single sign on Secret Type. | +| [`startVMOnConnect`](#parameter-startvmonconnect) | bool | Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tokenValidityLength`](#parameter-tokenvaliditylength) | string | Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. | +| [`type`](#parameter-type) | string | Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. | +| [`validationEnvironment`](#parameter-validationenvironment) | bool | Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. | +| [`vmTemplate`](#parameter-vmtemplate) | object | The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. | + +**Generated parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | + +### Parameter: `agentUpdate` + +The session host configuration for updating agent, monitoring agent, and stack component. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `agentUpdateMaintenanceWindowDayOfWeek` + +Update day for scheduled agent updates. +- Required: No +- Type: string +- Default: `'Sunday'` +- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` + +### Parameter: `agentUpdateMaintenanceWindowHour` + +Update hour for scheduled agent updates. +- Required: No +- Type: int +- Default: `22` + +### Parameter: `agentUpdateMaintenanceWindows` + +List of maintenance windows for scheduled agent updates. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `agentUpdateMaintenanceWindowTimeZone` + +Time zone for scheduled agent updates. +- Required: No +- Type: string +- Default: `'Central Standard Time'` + +### Parameter: `agentUpdateType` + +Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, Scheduled]` + +### Parameter: `agentUpdateUseSessionHostLocalTime` + +Whether to use localTime of the virtual machine for scheduled agent updates. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `customRdpProperty` + +Host Pool RDP properties. +- Required: No +- Type: string +- Default: `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` + +### Parameter: `description` + +The description of the Host Pool to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AgentHealthStatus, allLogs, Checkpoint, Connection, Error, HostRegistration, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Host Pool to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `loadBalancerType` + +Type of load balancer algorithm. +- Required: No +- Type: string +- Default: `'BreadthFirst'` +- Allowed: `[BreadthFirst, DepthFirst, Persistent]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxSessionLimit` + +Maximum number of sessions. +- Required: No +- Type: int +- Default: `99999` + +### Parameter: `name` + +Name of the Host Pool. +- Required: Yes +- Type: string + +### Parameter: `personalDesktopAssignmentType` + +Set the type of assignment for a Personal Host Pool type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Automatic, Direct]` + +### Parameter: `preferredAppGroupType` + +The type of preferred application group type, default to Desktop Application Group. +- Required: No +- Type: string +- Default: `'Desktop'` +- Allowed: `[Desktop, None, RailApplications]` + +### Parameter: `ring` + +The ring number of HostPool. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ssoadfsAuthority` + +URL to customer ADFS server for signing WVD SSO certificates. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoClientId` + +ClientId for the registered Relying Party used to issue WVD SSO certificates. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoClientSecretKeyVaultPath` + +Path to Azure KeyVault storing the secret used for communication to ADFS. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `ssoSecretType` + +The type of single sign on Secret Type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Certificate, CertificateInKeyVault, SharedKey, SharedKeyInKeyVault]` + +### Parameter: `startVMOnConnect` + +Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tokenValidityLength` + +Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `type` + +Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. +- Required: No +- Type: string +- Default: `'Pooled'` +- Allowed: `[Personal, Pooled]` + +### Parameter: `validationEnvironment` + +Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vmTemplate` + +The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD host pool. | +| `resourceGroupName` | string | The resource group the AVD host pool was deployed into. | +| `resourceId` | string | The resource ID of the AVD host pool. | +| `tokenExpirationTime` | string | The expiration time for the registration token. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep index 5423566864..b346cfc8ad 100644 --- a/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/scaling-plan/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep index d2476d9b7b..9eac3af179 100644 --- a/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/scaling-plan/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/scaling-plan/README.md b/modules/desktop-virtualization/scaling-plan/README.md index 3476b8e9f1..605198db62 100644 --- a/modules/desktop-virtualization/scaling-plan/README.md +++ b/modules/desktop-virtualization/scaling-plan/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,64 +18,29 @@ This module deploys an Azure Virtual Desktop (AVD) Scaling Plan. | `Microsoft.DesktopVirtualization/scalingPlans` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/scalingPlans) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the scaling plan. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `[parameters('name')]` | | Description of the scaling plan. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Autoscale]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exclusionTag` | string | `''` | | Provide a tag to be used for hosts that should not be affected by the scaling plan. | -| `friendlyName` | string | `[parameters('name')]` | | Friendly Name of the scaling plan. | -| `hostPoolReferences` | array | `[]` | | An array of references to hostpools. | -| `hostPoolType` | string | `'Pooled'` | `[Pooled]` | The type of hostpool where this scaling plan should be applied. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `schedules` | array | `[System.Management.Automation.OrderedHashtable]` | | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `timeZone` | string | `'W. Europe Standard Time'` | | Timezone to be used for the scaling plan. | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD scaling plan. | -| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. | -| `resourceId` | string | The resource ID of the AVD scaling plan. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0`. -_None_ +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = { +module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvspcom' params: { // Required parameters @@ -255,14 +220,17 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = { +module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvspmin' params: { // Required parameters @@ -299,3 +267,167 @@ module scalingPlan './desktop-virtualization/scaling-plan/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the scaling plan. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Description of the scaling plan. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exclusionTag`](#parameter-exclusiontag) | string | Provide a tag to be used for hosts that should not be affected by the scaling plan. | +| [`friendlyName`](#parameter-friendlyname) | string | Friendly Name of the scaling plan. | +| [`hostPoolReferences`](#parameter-hostpoolreferences) | array | An array of references to hostpools. | +| [`hostPoolType`](#parameter-hostpooltype) | string | The type of hostpool where this scaling plan should be applied. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`schedules`](#parameter-schedules) | array | The schedules related to this scaling plan. If no value is provided a default schedule will be provided. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`timeZone`](#parameter-timezone) | string | Timezone to be used for the scaling plan. | + +### Parameter: `description` + +Description of the scaling plan. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Autoscale]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exclusionTag` + +Provide a tag to be used for hosts that should not be affected by the scaling plan. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `friendlyName` + +Friendly Name of the scaling plan. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `hostPoolReferences` + +An array of references to hostpools. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hostPoolType` + +The type of hostpool where this scaling plan should be applied. +- Required: No +- Type: string +- Default: `'Pooled'` +- Allowed: `[Pooled]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the scaling plan. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +The schedules related to this scaling plan. If no value is provided a default schedule will be provided. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `timeZone` + +Timezone to be used for the scaling plan. +- Required: No +- Type: string +- Default: `'W. Europe Standard Time'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD scaling plan. | +| `resourceGroupName` | string | The resource group the AVD scaling plan was deployed into. | +| `resourceId` | string | The resource ID of the AVD scaling plan. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep index 6a603dc442..d98e112b0f 100644 --- a/modules/desktop-virtualization/workspace/.test/common/main.test.bicep +++ b/modules/desktop-virtualization/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep index 845f5ef455..78df110582 100644 --- a/modules/desktop-virtualization/workspace/.test/min/main.test.bicep +++ b/modules/desktop-virtualization/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md index 6512110609..afa296c1a2 100644 --- a/modules/desktop-virtualization/workspace/README.md +++ b/modules/desktop-virtualization/workspace/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,62 +19,29 @@ This module deploys an Azure Virtual Desktop (AVD) Workspace. | `Microsoft.DesktopVirtualization/workspaces` | [2022-09-09](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2022-09-09/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the workspace to be attach to new Application Group. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `appGroupResourceIds` | array | `[]` | | Resource IDs for the existing Application groups this workspace will group together. | -| `description` | string | `''` | | The description of the Workspace to be created. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Checkpoint, Error, Feed, Management]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `friendlyName` | string | `''` | | The friendly name of the Workspace to be created. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the AVD workspace. | -| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. | -| `resourceId` | string | The resource ID of the AVD workspace. | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/desktop-virtualization.workspace:1.0.0`. -## Cross-referenced modules +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -_None_ +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module workspace './desktop-virtualization/workspace/main.bicep' = { +module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvwcom' params: { // Required parameters @@ -184,14 +151,17 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './desktop-virtualization/workspace/main.bicep' = { +module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dvwmin' params: { // Required parameters @@ -228,3 +198,151 @@ module workspace './desktop-virtualization/workspace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the workspace to be attach to new Application Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appGroupResourceIds`](#parameter-appgroupresourceids) | array | Resource IDs for the existing Application groups this workspace will group together. | +| [`description`](#parameter-description) | string | The description of the Workspace to be created. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`friendlyName`](#parameter-friendlyname) | string | The friendly name of the Workspace to be created. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `appGroupResourceIds` + +Resource IDs for the existing Application groups this workspace will group together. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the Workspace to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Checkpoint, Error, Feed, Management]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `friendlyName` + +The friendly name of the Workspace to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the workspace to be attach to new Application Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the AVD workspace. | +| `resourceGroupName` | string | The resource group the AVD workspace was deployed into. | +| `resourceId` | string | The resource ID of the AVD workspace. | + +## Cross-referenced modules + +_None_ diff --git a/modules/desktop-virtualization/workspace/main.json b/modules/desktop-virtualization/workspace/main.json index 6c0aa6b332..b96c1b5e6c 100644 --- a/modules/desktop-virtualization/workspace/main.json +++ b/modules/desktop-virtualization/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10679736874154725054" + "version": "0.22.6.54827", + "templateHash": "8129248040868416848" }, "name": "Azure Virtual Desktop (AVD) Workspaces", "description": "This module deploys an Azure Virtual Desktop (AVD) Workspace.", @@ -237,8 +237,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12071774351316031070" + "version": "0.22.6.54827", + "templateHash": "10387281728055526723" } }, "parameters": { diff --git a/modules/dev-test-lab/lab/.test/common/main.test.bicep b/modules/dev-test-lab/lab/.test/common/main.test.bicep index 2f0565eb03..c63a75d0ae 100644 --- a/modules/dev-test-lab/lab/.test/common/main.test.bicep +++ b/modules/dev-test-lab/lab/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/dev-test-lab/lab/.test/min/main.test.bicep b/modules/dev-test-lab/lab/.test/min/main.test.bicep index 70e5d551d1..7989d9f4d2 100644 --- a/modules/dev-test-lab/lab/.test/min/main.test.bicep +++ b/modules/dev-test-lab/lab/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md index 9b21814ef3..d6cd84d920 100644 --- a/modules/dev-test-lab/lab/README.md +++ b/modules/dev-test-lab/lab/README.md @@ -5,10 +5,10 @@ This module deploys a DevTest Lab. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -24,83 +24,29 @@ This module deploys a DevTest Lab. | `Microsoft.DevTestLab/labs/schedules` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/schedules) | | `Microsoft.DevTestLab/labs/virtualnetworks` | [2018-09-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DevTestLab/2018-09-15/labs/virtualnetworks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the lab. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `encryptionDiskEncryptionSetId` | string | `''` | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". | -| `notificationchannels` | array | `[]` | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `announcement` | object | `{object}` | | The properties of any lab announcement associated with this lab. | -| `artifactsources` | array | `[]` | | Artifact sources to create for the lab. | -| `artifactsStorageAccount` | string | `''` | | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. | -| `browserConnect` | string | `'Disabled'` | `[Disabled, Enabled]` | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. | -| `costs` | object | `{object}` | | Costs to create for the lab. | -| `disableAutoUpgradeCseMinorVersion` | bool | `False` | | Disable auto upgrade custom script extension minor version. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'EncryptionAtRestWithPlatformKey'` | `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]` | Specify how OS and data disks created as part of the lab are encrypted. | -| `environmentPermission` | string | `'Reader'` | `[Contributor, Reader]` | The access rights to be granted to the user when provisioning an environment. | -| `extendedProperties` | object | `{object}` | | Extended properties of the lab used for experimental features. | -| `isolateLabResources` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable lab resources isolation from the public internet. | -| `labStorageType` | string | `'Premium'` | `[Premium, Standard, StandardSSD]` | Type of storage used by the lab. It can be either Premium or Standard. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementIdentities` | object | `{object}` | | The ID(s) to assign to the virtual machines associated with this lab. | -| `mandatoryArtifactsResourceIdsLinux` | array | `[]` | | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. | -| `mandatoryArtifactsResourceIdsWindows` | array | `[]` | | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. | -| `policies` | array | `[]` | | Policies to create for the lab. | -| `premiumDataDisks` | string | `'Disabled'` | `[Disabled, Enabled]` | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `schedules` | array | `[]` | | Schedules to create for the lab. | -| `support` | object | `{object}` | | The properties of any lab support message associated with this lab. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualnetworks` | array | `[]` | | Virtual networks to create for the lab. | -| `vmCreationResourceGroupId` | string | `[resourceGroup().id]` | | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the lab. | -| `resourceGroupName` | string | The resource group the lab was deployed into. | -| `resourceId` | string | The resource ID of the lab. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | -| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/dev-test-lab.lab:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module lab './dev-test-lab/lab/main.bicep' = { +module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtllcom' params: { // Required parameters @@ -626,14 +572,17 @@ module lab './dev-test-lab/lab/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module lab './dev-test-lab/lab/main.bicep' = { +module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtllmin' params: { // Required parameters @@ -670,3 +619,275 @@ module lab './dev-test-lab/lab/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the lab. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`encryptionDiskEncryptionSetId`](#parameter-encryptiondiskencryptionsetid) | string | The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". | +| [`notificationchannels`](#parameter-notificationchannels) | array | Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`announcement`](#parameter-announcement) | object | The properties of any lab announcement associated with this lab. | +| [`artifactsources`](#parameter-artifactsources) | array | Artifact sources to create for the lab. | +| [`artifactsStorageAccount`](#parameter-artifactsstorageaccount) | string | The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. | +| [`browserConnect`](#parameter-browserconnect) | string | Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. | +| [`costs`](#parameter-costs) | object | Costs to create for the lab. | +| [`disableAutoUpgradeCseMinorVersion`](#parameter-disableautoupgradecseminorversion) | bool | Disable auto upgrade custom script extension minor version. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | Specify how OS and data disks created as part of the lab are encrypted. | +| [`environmentPermission`](#parameter-environmentpermission) | string | The access rights to be granted to the user when provisioning an environment. | +| [`extendedProperties`](#parameter-extendedproperties) | object | Extended properties of the lab used for experimental features. | +| [`isolateLabResources`](#parameter-isolatelabresources) | string | Enable lab resources isolation from the public internet. | +| [`labStorageType`](#parameter-labstoragetype) | string | Type of storage used by the lab. It can be either Premium or Standard. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managementIdentities`](#parameter-managementidentities) | object | The ID(s) to assign to the virtual machines associated with this lab. | +| [`mandatoryArtifactsResourceIdsLinux`](#parameter-mandatoryartifactsresourceidslinux) | array | The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. | +| [`mandatoryArtifactsResourceIdsWindows`](#parameter-mandatoryartifactsresourceidswindows) | array | The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. | +| [`policies`](#parameter-policies) | array | Policies to create for the lab. | +| [`premiumDataDisks`](#parameter-premiumdatadisks) | string | The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`schedules`](#parameter-schedules) | array | Schedules to create for the lab. | +| [`support`](#parameter-support) | object | The properties of any lab support message associated with this lab. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualnetworks`](#parameter-virtualnetworks) | array | Virtual networks to create for the lab. | +| [`vmCreationResourceGroupId`](#parameter-vmcreationresourcegroupid) | string | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. | + +### Parameter: `announcement` + +The properties of any lab announcement associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `artifactsources` + +Artifact sources to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `artifactsStorageAccount` + +The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `browserConnect` + +Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `costs` + +Costs to create for the lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `disableAutoUpgradeCseMinorVersion` + +Disable auto upgrade custom script extension minor version. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionDiskEncryptionSetId` + +The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `encryptionType` + +Specify how OS and data disks created as part of the lab are encrypted. +- Required: No +- Type: string +- Default: `'EncryptionAtRestWithPlatformKey'` +- Allowed: `[EncryptionAtRestWithCustomerKey, EncryptionAtRestWithPlatformKey]` + +### Parameter: `environmentPermission` + +The access rights to be granted to the user when provisioning an environment. +- Required: No +- Type: string +- Default: `'Reader'` +- Allowed: `[Contributor, Reader]` + +### Parameter: `extendedProperties` + +Extended properties of the lab used for experimental features. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `isolateLabResources` + +Enable lab resources isolation from the public internet. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `labStorageType` + +Type of storage used by the lab. It can be either Premium or Standard. +- Required: No +- Type: string +- Default: `'Premium'` +- Allowed: `[Premium, Standard, StandardSSD]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementIdentities` + +The ID(s) to assign to the virtual machines associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mandatoryArtifactsResourceIdsLinux` + +The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `mandatoryArtifactsResourceIdsWindows` + +The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the lab. +- Required: Yes +- Type: string + +### Parameter: `notificationchannels` + +Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policies` + +Policies to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `premiumDataDisks` + +The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +Schedules to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `support` + +The properties of any lab support message associated with this lab. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualnetworks` + +Virtual networks to create for the lab. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `vmCreationResourceGroupId` + +Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. +- Required: No +- Type: string +- Default: `[resourceGroup().id]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the lab. | +| `resourceGroupName` | string | The resource group the lab was deployed into. | +| `resourceId` | string | The resource ID of the lab. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +| `uniqueIdentifier` | string | The unique identifier for the lab. Used to track tags that the lab applies to each resource that it creates. | + +## Cross-referenced modules + +_None_ diff --git a/modules/dev-test-lab/lab/artifactsource/README.md b/modules/dev-test-lab/lab/artifactsource/README.md index 0318c83d13..26aa3c0d4f 100644 --- a/modules/dev-test-lab/lab/artifactsource/README.md +++ b/modules/dev-test-lab/lab/artifactsource/README.md @@ -21,35 +21,118 @@ An artifact source allows you to create custom artifacts for the VMs in the lab, **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the artifact source. | -| `uri` | string | The artifact source's URI. | +| [`name`](#parameter-name) | string | The name of the artifact source. | +| [`uri`](#parameter-uri) | string | The artifact source's URI. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `armTemplateFolderPath` | string | `''` | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. | -| `folderPath` | string | `''` | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`armTemplateFolderPath`](#parameter-armtemplatefolderpath) | string | The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. | +| [`folderPath`](#parameter-folderpath) | string | The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `branchRef` | string | `''` | | The artifact source's branch reference (e.g. main or master). | -| `displayName` | string | `[parameters('name')]` | | The artifact source's display name. Default is the name of the artifact source. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `securityToken` | securestring | `''` | | The security token to authenticate to the artifact source. | -| `sourceType` | string | `''` | `['', GitHub, StorageAccount, VsoGit]` | The artifact source's type. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`branchRef`](#parameter-branchref) | string | The artifact source's branch reference (e.g. main or master). | +| [`displayName`](#parameter-displayname) | string | The artifact source's display name. Default is the name of the artifact source. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`securityToken`](#parameter-securitytoken) | securestring | The security token to authenticate to the artifact source. | +| [`sourceType`](#parameter-sourcetype) | string | The artifact source's type. | +| [`status`](#parameter-status) | string | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `armTemplateFolderPath` + +The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `branchRef` + +The artifact source's branch reference (e.g. main or master). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The artifact source's display name. Default is the name of the artifact source. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `folderPath` + +The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the artifact source. +- Required: Yes +- Type: string + +### Parameter: `securityToken` + +The security token to authenticate to the artifact source. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `sourceType` + +The artifact source's type. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', GitHub, StorageAccount, VsoGit]` + +### Parameter: `status` + +Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uri` + +The artifact source's URI. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the artifact source. | | `resourceGroupName` | string | The name of the resource group the artifact source was created in. | diff --git a/modules/dev-test-lab/lab/artifactsource/main.json b/modules/dev-test-lab/lab/artifactsource/main.json index 9056139395..946b4a505a 100644 --- a/modules/dev-test-lab/lab/artifactsource/main.json +++ b/modules/dev-test-lab/lab/artifactsource/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10765635521160351928" + "version": "0.22.6.54827", + "templateHash": "4180084937723506143" }, "name": "DevTest Lab Artifact Sources", "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.", diff --git a/modules/dev-test-lab/lab/cost/README.md b/modules/dev-test-lab/lab/cost/README.md index 7ad70ef322..69d66fdbc7 100644 --- a/modules/dev-test-lab/lab/cost/README.md +++ b/modules/dev-test-lab/lab/cost/README.md @@ -21,42 +21,185 @@ Manage lab costs by setting a spending target that can be viewed in the Monthly **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `cycleType` | string | `[CalendarMonth, Custom]` | Reporting cycle type. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cycleType`](#parameter-cycletype) | string | Reporting cycle type. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cycleEndDateTime` | string | `''` | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | -| `cycleStartDateTime` | string | `''` | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cycleEndDateTime`](#parameter-cycleenddatetime) | string | Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | +| [`cycleStartDateTime`](#parameter-cyclestartdatetime) | string | Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `currencyCode` | string | `'USD'` | | The currency code of the cost. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | Target cost status. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `target` | int | `0` | | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. | -| `thresholdValue100DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue100SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue125DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue125SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue25DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue25SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue50DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue50SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -| `thresholdValue75DisplayOnChart` | string | `'Disabled'` | `[Disabled, Enabled]` | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. | -| `thresholdValue75SendNotificationWhenExceeded` | string | `'Disabled'` | `[Disabled, Enabled]` | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`currencyCode`](#parameter-currencycode) | string | The currency code of the cost. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`status`](#parameter-status) | string | Target cost status. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`target`](#parameter-target) | int | Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. | +| [`thresholdValue100DisplayOnChart`](#parameter-thresholdvalue100displayonchart) | string | Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue100SendNotificationWhenExceeded`](#parameter-thresholdvalue100sendnotificationwhenexceeded) | string | Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue125DisplayOnChart`](#parameter-thresholdvalue125displayonchart) | string | Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue125SendNotificationWhenExceeded`](#parameter-thresholdvalue125sendnotificationwhenexceeded) | string | Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue25DisplayOnChart`](#parameter-thresholdvalue25displayonchart) | string | Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue25SendNotificationWhenExceeded`](#parameter-thresholdvalue25sendnotificationwhenexceeded) | string | Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue50DisplayOnChart`](#parameter-thresholdvalue50displayonchart) | string | Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue50SendNotificationWhenExceeded`](#parameter-thresholdvalue50sendnotificationwhenexceeded) | string | Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | +| [`thresholdValue75DisplayOnChart`](#parameter-thresholdvalue75displayonchart) | string | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. | +| [`thresholdValue75SendNotificationWhenExceeded`](#parameter-thresholdvalue75sendnotificationwhenexceeded) | string | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | + +### Parameter: `currencyCode` + +The currency code of the cost. +- Required: No +- Type: string +- Default: `'USD'` + +### Parameter: `cycleEndDateTime` + +Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cycleStartDateTime` + +Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cycleType` + +Reporting cycle type. +- Required: Yes +- Type: string +- Allowed: `[CalendarMonth, Custom]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `status` + +Target cost status. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `target` + +Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `thresholdValue100DisplayOnChart` + +Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue100SendNotificationWhenExceeded` + +Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue125DisplayOnChart` + +Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue125SendNotificationWhenExceeded` + +Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue25DisplayOnChart` + +Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue25SendNotificationWhenExceeded` + +Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue50DisplayOnChart` + +Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue50SendNotificationWhenExceeded` + +Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue75DisplayOnChart` + +Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `thresholdValue75SendNotificationWhenExceeded` + +Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the cost. | | `resourceGroupName` | string | The name of the resource group the cost was created in. | diff --git a/modules/dev-test-lab/lab/cost/main.json b/modules/dev-test-lab/lab/cost/main.json index 5c385935d5..89f70cfd1f 100644 --- a/modules/dev-test-lab/lab/cost/main.json +++ b/modules/dev-test-lab/lab/cost/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4166206931202072952" + "version": "0.22.6.54827", + "templateHash": "17587308196408831883" }, "name": "DevTest Lab Costs", "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.", diff --git a/modules/dev-test-lab/lab/main.json b/modules/dev-test-lab/lab/main.json index a8f2ba4948..a83a20dd30 100644 --- a/modules/dev-test-lab/lab/main.json +++ b/modules/dev-test-lab/lab/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11215744490422832347" + "version": "0.22.6.54827", + "templateHash": "12564230212135431557" }, "name": "DevTest Labs", "description": "This module deploys a DevTest Lab.", @@ -347,8 +347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10585523023574394931" + "version": "0.22.6.54827", + "templateHash": "5213684482874022181" }, "name": "DevTest Lab Virtual Networks", "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.", @@ -511,8 +511,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8971513022315177152" + "version": "0.22.6.54827", + "templateHash": "7402281637422771358" }, "name": "DevTest Lab Policy Sets Policies", "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.", @@ -715,8 +715,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12263098724597801740" + "version": "0.22.6.54827", + "templateHash": "853057685884144049" }, "name": "DevTest Lab Schedules", "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.", @@ -929,8 +929,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17695938428337610065" + "version": "0.22.6.54827", + "templateHash": "7575060424945865003" }, "name": "DevTest Lab Notification Channels", "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.", @@ -1103,8 +1103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9073888459731266435" + "version": "0.22.6.54827", + "templateHash": "4180084937723506143" }, "name": "DevTest Lab Artifact Sources", "description": "This module deploys a DevTest Lab Artifact Source.\r\n\r\nAn artifact source allows you to create custom artifacts for the VMs in the lab, or use Azure Resource Manager templates to create a custom test environment. You must add a private Git repository for the artifacts or Resource Manager templates that your team creates. The repository can be hosted on GitHub or on Azure DevOps Services.", @@ -1309,8 +1309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15716544808866806342" + "version": "0.22.6.54827", + "templateHash": "17587308196408831883" }, "name": "DevTest Lab Costs", "description": "This module deploys a DevTest Lab Cost.\r\n\r\nManage lab costs by setting a spending target that can be viewed in the Monthly Estimated Cost Trend chart. DevTest Labs can send a notification when spending reaches the specified target threshold.", @@ -1636,8 +1636,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4976650846797191229" + "version": "0.22.6.54827", + "templateHash": "5435640009728678460" } }, "parameters": { diff --git a/modules/dev-test-lab/lab/notificationchannel/README.md b/modules/dev-test-lab/lab/notificationchannel/README.md index 432c8b1d1b..d78d419ad8 100644 --- a/modules/dev-test-lab/lab/notificationchannel/README.md +++ b/modules/dev-test-lab/lab/notificationchannel/README.md @@ -21,32 +21,94 @@ Notification channels are used by the schedule resource type in order to send no **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `events` | array | | The list of event for which this notification is enabled. | -| `name` | string | `[autoShutdown, costThreshold]` | The name of the notification channel. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`events`](#parameter-events) | array | The list of event for which this notification is enabled. | +| [`name`](#parameter-name) | string | The name of the notification channel. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `emailRecipient` | string | `''` | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. | -| `labName` | string | | The name of the parent lab. Required if the template is used in a standalone deployment. | -| `webHookUrl` | string | `''` | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`emailRecipient`](#parameter-emailrecipient) | string | The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`webHookUrl`](#parameter-webhookurl) | string | The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | Description of notification. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `notificationLocale` | string | `'en'` | The locale to use when sending a notification (fallback for unsupported languages is EN). | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Description of notification. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`notificationLocale`](#parameter-notificationlocale) | string | The locale to use when sending a notification (fallback for unsupported languages is EN). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `description` + +Description of notification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `emailRecipient` + +The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `events` + +The list of event for which this notification is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the notification channel. +- Required: Yes +- Type: string +- Allowed: `[autoShutdown, costThreshold]` + +### Parameter: `notificationLocale` + +The locale to use when sending a notification (fallback for unsupported languages is EN). +- Required: No +- Type: string +- Default: `'en'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webHookUrl` + +The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the notification channel. | | `resourceGroupName` | string | The name of the resource group the notification channel was created in. | diff --git a/modules/dev-test-lab/lab/notificationchannel/main.json b/modules/dev-test-lab/lab/notificationchannel/main.json index 0a723cda14..6251464ffc 100644 --- a/modules/dev-test-lab/lab/notificationchannel/main.json +++ b/modules/dev-test-lab/lab/notificationchannel/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16877948453352231958" + "version": "0.22.6.54827", + "templateHash": "7575060424945865003" }, "name": "DevTest Lab Notification Channels", "description": "This module deploys a DevTest Lab Notification Channel.\r\n\r\nNotification channels are used by the schedule resource type in order to send notifications or events to email addresses and/or webhooks.", diff --git a/modules/dev-test-lab/lab/policyset/policy/README.md b/modules/dev-test-lab/lab/policyset/policy/README.md index fcf05efe7c..cc9746dea5 100644 --- a/modules/dev-test-lab/lab/policyset/policy/README.md +++ b/modules/dev-test-lab/lab/policyset/policy/README.md @@ -21,34 +21,109 @@ DevTest lab policies are used to modify the lab settings such as only allowing c **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `evaluatorType` | string | `[AllowedValuesPolicy, MaxValuePolicy]` | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). | -| `factName` | string | `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]` | The fact name of the policy. | -| `name` | string | | The name of the policy. | -| `threshold` | string | | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`evaluatorType`](#parameter-evaluatortype) | string | The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). | +| [`factName`](#parameter-factname) | string | The fact name of the policy. | +| [`name`](#parameter-name) | string | The name of the policy. | +| [`threshold`](#parameter-threshold) | string | The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The description of the policy. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `factData` | string | `''` | | The fact data of the policy. | -| `policySetName` | string | `'default'` | | The name of the parent policy set. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the policy. | -| `tags` | object | `{object}` | | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`factData`](#parameter-factdata) | string | The fact data of the policy. | +| [`policySetName`](#parameter-policysetname) | string | The name of the parent policy set. | +| [`status`](#parameter-status) | string | The status of the policy. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `description` + +The description of the policy. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluatorType` + +The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). +- Required: Yes +- Type: string +- Allowed: `[AllowedValuesPolicy, MaxValuePolicy]` + +### Parameter: `factData` + +The fact data of the policy. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `factName` + +The fact name of the policy. +- Required: Yes +- Type: string +- Allowed: `[EnvironmentTemplate, GalleryImage, LabPremiumVmCount, LabTargetCost, LabVmCount, LabVmSize, ScheduleEditPermission, UserOwnedLabPremiumVmCount, UserOwnedLabVmCount, UserOwnedLabVmCountInSubnet]` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the policy. +- Required: Yes +- Type: string + +### Parameter: `policySetName` + +The name of the parent policy set. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `status` + +The status of the policy. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `threshold` + +The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the policy. | | `resourceGroupName` | string | The name of the resource group the policy was created in. | diff --git a/modules/dev-test-lab/lab/policyset/policy/main.json b/modules/dev-test-lab/lab/policyset/policy/main.json index 5f4ddafad9..18e4b827e3 100644 --- a/modules/dev-test-lab/lab/policyset/policy/main.json +++ b/modules/dev-test-lab/lab/policyset/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9961899772573814013" + "version": "0.22.6.54827", + "templateHash": "7402281637422771358" }, "name": "DevTest Lab Policy Sets Policies", "description": "This module deploys a DevTest Lab Policy Sets Policy.\r\n\r\nDevTest lab policies are used to modify the lab settings such as only allowing certain VM Size SKUs, marketplace image types, number of VMs allowed per user and other settings.", diff --git a/modules/dev-test-lab/lab/schedule/README.md b/modules/dev-test-lab/lab/schedule/README.md index 181ecedd78..5d197319c3 100644 --- a/modules/dev-test-lab/lab/schedule/README.md +++ b/modules/dev-test-lab/lab/schedule/README.md @@ -21,36 +21,128 @@ Lab schedules are used to modify the settings for auto-shutdown, auto-start for **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[LabVmAutoStart, LabVmsShutdown]` | The name of the schedule. | -| `taskType` | string | `[LabVmsShutdownTask, LabVmsStartupTask]` | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the schedule. | +| [`taskType`](#parameter-tasktype) | string | The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dailyRecurrence` | object | `{object}` | | If the schedule will occur once each day of the week, specify the daily recurrence. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hourlyRecurrence` | object | `{object}` | | If the schedule will occur multiple times a day, specify the hourly recurrence. | -| `notificationSettingsStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | If notifications are enabled for this schedule (i.e. Enabled, Disabled). | -| `notificationSettingsTimeInMinutes` | int | `30` | | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. | -| `status` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the schedule (i.e. Enabled, Disabled). | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetResourceId` | string | `''` | | The resource ID to which the schedule belongs. | -| `timeZoneId` | string | `'Pacific Standard time'` | | The time zone ID (e.g. Pacific Standard time). | -| `weeklyRecurrence` | object | `{object}` | | If the schedule will occur only some days of the week, specify the weekly recurrence. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dailyRecurrence`](#parameter-dailyrecurrence) | object | If the schedule will occur once each day of the week, specify the daily recurrence. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hourlyRecurrence`](#parameter-hourlyrecurrence) | object | If the schedule will occur multiple times a day, specify the hourly recurrence. | +| [`notificationSettingsStatus`](#parameter-notificationsettingsstatus) | string | If notifications are enabled for this schedule (i.e. Enabled, Disabled). | +| [`notificationSettingsTimeInMinutes`](#parameter-notificationsettingstimeinminutes) | int | Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. | +| [`status`](#parameter-status) | string | The status of the schedule (i.e. Enabled, Disabled). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`targetResourceId`](#parameter-targetresourceid) | string | The resource ID to which the schedule belongs. | +| [`timeZoneId`](#parameter-timezoneid) | string | The time zone ID (e.g. Pacific Standard time). | +| [`weeklyRecurrence`](#parameter-weeklyrecurrence) | object | If the schedule will occur only some days of the week, specify the weekly recurrence. | + +### Parameter: `dailyRecurrence` + +If the schedule will occur once each day of the week, specify the daily recurrence. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hourlyRecurrence` + +If the schedule will occur multiple times a day, specify the hourly recurrence. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the schedule. +- Required: Yes +- Type: string +- Allowed: `[LabVmAutoStart, LabVmsShutdown]` + +### Parameter: `notificationSettingsStatus` + +If notifications are enabled for this schedule (i.e. Enabled, Disabled). +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `notificationSettingsTimeInMinutes` + +Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. +- Required: No +- Type: int +- Default: `30` + +### Parameter: `status` + +The status of the schedule (i.e. Enabled, Disabled). +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceId` + +The resource ID to which the schedule belongs. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `taskType` + +The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). +- Required: Yes +- Type: string +- Allowed: `[LabVmsShutdownTask, LabVmsStartupTask]` + +### Parameter: `timeZoneId` + +The time zone ID (e.g. Pacific Standard time). +- Required: No +- Type: string +- Default: `'Pacific Standard time'` + +### Parameter: `weeklyRecurrence` + +If the schedule will occur only some days of the week, specify the weekly recurrence. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the schedule. | | `resourceGroupName` | string | The name of the resource group the schedule was created in. | diff --git a/modules/dev-test-lab/lab/schedule/main.json b/modules/dev-test-lab/lab/schedule/main.json index a4efd42401..96c2fa8537 100644 --- a/modules/dev-test-lab/lab/schedule/main.json +++ b/modules/dev-test-lab/lab/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12427678703978539260" + "version": "0.22.6.54827", + "templateHash": "853057685884144049" }, "name": "DevTest Lab Schedules", "description": "This module deploys a DevTest Lab Schedule.\r\n\r\nLab schedules are used to modify the settings for auto-shutdown, auto-start for lab virtual machines.", diff --git a/modules/dev-test-lab/lab/virtualnetwork/README.md b/modules/dev-test-lab/lab/virtualnetwork/README.md index cb4f24b6dd..c2eaf8a2bc 100644 --- a/modules/dev-test-lab/lab/virtualnetwork/README.md +++ b/modules/dev-test-lab/lab/virtualnetwork/README.md @@ -21,31 +21,84 @@ Lab virtual machines must be deployed into a virtual network. This resource type **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `externalProviderResourceId` | string | The resource ID of the virtual network. | -| `name` | string | The name of the virtual network. | +| [`externalProviderResourceId`](#parameter-externalproviderresourceid) | string | The resource ID of the virtual network. | +| [`name`](#parameter-name) | string | The name of the virtual network. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `labName` | string | The name of the parent lab. Required if the template is used in a standalone deployment. | +| [`labName`](#parameter-labname) | string | The name of the parent lab. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowedSubnets` | array | `[]` | The allowed subnets of the virtual network. | -| `description` | string | `''` | The description of the virtual network. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `subnetOverrides` | array | `[]` | The subnet overrides of the virtual network. | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedSubnets`](#parameter-allowedsubnets) | array | The allowed subnets of the virtual network. | +| [`description`](#parameter-description) | string | The description of the virtual network. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`subnetOverrides`](#parameter-subnetoverrides) | array | The subnet overrides of the virtual network. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `allowedSubnets` + +The allowed subnets of the virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of the virtual network. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalProviderResourceId` + +The resource ID of the virtual network. +- Required: Yes +- Type: string + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the virtual network. +- Required: Yes +- Type: string + +### Parameter: `subnetOverrides` + +The subnet overrides of the virtual network. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lab virtual network. | | `resourceGroupName` | string | The name of the resource group the lab virtual network was created in. | diff --git a/modules/dev-test-lab/lab/virtualnetwork/main.json b/modules/dev-test-lab/lab/virtualnetwork/main.json index 1449aed564..71e0cb54e5 100644 --- a/modules/dev-test-lab/lab/virtualnetwork/main.json +++ b/modules/dev-test-lab/lab/virtualnetwork/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3541849489263903716" + "version": "0.22.6.54827", + "templateHash": "5213684482874022181" }, "name": "DevTest Lab Virtual Networks", "description": "This module deploys a DevTest Lab Virtual Network.\r\n\r\nLab virtual machines must be deployed into a virtual network. This resource type allows configuring the virtual network and subnet settings used for the lab virtual machines.", diff --git a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep index 73b4bd8fae..fceb1ad4b6 100644 --- a/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep +++ b/modules/digital-twins/digital-twins-instance/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep index e923ca1679..f970096185 100644 --- a/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep +++ b/modules/digital-twins/digital-twins-instance/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index b7fd3b5123..54a57b7e84 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Digital Twins Instance. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -23,72 +23,29 @@ This module deploys an Azure Digital Twins Instance. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Digital Twin Instance. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `eventGridEndpoint` | object | `{object}` | | Event Grid Endpoint. | -| `eventHubEndpoint` | object | `{object}` | | Event Hub Endpoint. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceBusEndpoint` | object | `{object}` | | Service Bus Endpoint. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostname` | string | The hostname of the Digital Twins Instance. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Digital Twins Instance. | -| `resourceGroupName` | string | The name of the resource group the resource was created in. | -| `resourceId` | string | The resource ID of the Digital Twins Instance. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/digital-twins.digital-twins-instance:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = { +module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtdticom' params: { // Required parameters @@ -248,14 +205,17 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep' = { +module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instance:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dtdtimin' params: { // Required parameters @@ -292,3 +252,198 @@ module digitalTwinsInstance './digital-twins/digital-twins-instance/main.bicep'

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Digital Twin Instance. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`eventGridEndpoint`](#parameter-eventgridendpoint) | object | Event Grid Endpoint. | +| [`eventHubEndpoint`](#parameter-eventhubendpoint) | object | Event Hub Endpoint. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceBusEndpoint`](#parameter-servicebusendpoint) | object | Service Bus Endpoint. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DataHistoryOperation, DigitalTwinsOperation, EventRoutesOperation, ModelsOperation, QueryOperation, ResourceProviderOperation]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. +- Required: No +- Type: string +- Default: `[format('{0}-diagnosticSettings', parameters('name'))]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventGridEndpoint` + +Event Grid Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `eventHubEndpoint` + +Event Hub Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Digital Twin Instance. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceBusEndpoint` + +Service Bus Endpoint. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostname` | string | The hostname of the Digital Twins Instance. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Digital Twins Instance. | +| `resourceGroupName` | string | The name of the resource group the resource was created in. | +| `resourceId` | string | The resource ID of the Digital Twins Instance. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md index 70a63cb0a6..0b66892ffa 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md @@ -19,30 +19,76 @@ This module deploys a Digital Twins Instance Event Grid Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventGridDomainResourceId` | string | The resource ID of the Event Grid to get access keys from. | -| `topicEndpoint` | string | EventGrid Topic Endpoint. | +| [`eventGridDomainResourceId`](#parameter-eventgriddomainresourceid) | string | The resource ID of the Event Grid to get access keys from. | +| [`topicEndpoint`](#parameter-topicendpoint) | string | EventGrid Topic Endpoint. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `digitalTwinInstanceName` | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `deadLetterSecret` | securestring | `''` | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `'EventGridEndpoint'` | The name of the Digital Twin Endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventGridDomainResourceId` + +The resource ID of the Event Grid to get access keys from. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'EventGridEndpoint'` + +### Parameter: `topicEndpoint` + +EventGrid Topic Endpoint. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md index 89cb8b96b9..ea2990793c 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md @@ -19,30 +19,114 @@ This module deploys a Digital Twins Instance EventHub Endpoint. **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `connectionStringPrimaryKey` | securestring | `''` | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | -| `digitalTwinInstanceName` | string | | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`connectionStringPrimaryKey`](#parameter-connectionstringprimarykey) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationType` | string | `'IdentityBased'` | `[IdentityBased, KeyBased]` | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| `connectionStringSecondaryKey` | securestring | `''` | | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | -| `deadLetterSecret` | securestring | `''` | | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpointUri` | string | `''` | | The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). | -| `entityPath` | string | `''` | | The EventHub name in the EventHub namespace for identity-based authentication. | -| `name` | string | `'EventHubEndpoint'` | | The name of the Digital Twin Endpoint. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `userAssignedIdentity` | string | `''` | | The ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | +| [`connectionStringSecondaryKey`](#parameter-connectionstringsecondarykey) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`endpointUri`](#parameter-endpointuri) | string | The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). | +| [`entityPath`](#parameter-entitypath) | string | The EventHub name in the EventHub namespace for identity-based authentication. | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedIdentity`](#parameter-userassignedidentity) | string | The ID to assign to the resource. | + +### Parameter: `authenticationType` + +Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. +- Required: No +- Type: string +- Default: `'IdentityBased'` +- Allowed: `[IdentityBased, KeyBased]` + +### Parameter: `connectionStringPrimaryKey` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `connectionStringSecondaryKey` + +SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointUri` + +The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `entityPath` + +The EventHub name in the EventHub namespace for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'EventHubEndpoint'` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentity` + +The ID to assign to the resource. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md index 3f448d3791..eeae357cd9 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md @@ -19,30 +19,114 @@ This module deploys a Digital Twins Instance ServiceBus Endpoint. **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `digitalTwinInstanceName` | string | | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | -| `primaryConnectionString` | securestring | `''` | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | +| [`primaryConnectionString`](#parameter-primaryconnectionstring) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationType` | string | `'IdentityBased'` | `[IdentityBased, KeyBased]` | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| `deadLetterSecret` | securestring | `''` | | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| `deadLetterUri` | string | `''` | | Dead letter storage URL for identity-based authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `endpointUri` | string | `''` | | The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). | -| `entityPath` | string | `''` | | The ServiceBus Topic name for identity-based authentication. | -| `name` | string | `'ServiceBusEndpoint'` | | The name of the Digital Twin Endpoint. | -| `secondaryConnectionString` | securestring | `''` | | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `userAssignedIdentity` | string | `''` | | The ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | +| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | +| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`endpointUri`](#parameter-endpointuri) | string | The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). | +| [`entityPath`](#parameter-entitypath) | string | The ServiceBus Topic name for identity-based authentication. | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +| [`secondaryConnectionString`](#parameter-secondaryconnectionstring) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedIdentity`](#parameter-userassignedidentity) | string | The ID to assign to the resource. | + +### Parameter: `authenticationType` + +Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. +- Required: No +- Type: string +- Default: `'IdentityBased'` +- Allowed: `[IdentityBased, KeyBased]` + +### Parameter: `deadLetterSecret` + +Dead letter storage secret for key-based authentication. Will be obfuscated during read. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `deadLetterUri` + +Dead letter storage URL for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointUri` + +The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `entityPath` + +The ServiceBus Topic name for identity-based authentication. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the Digital Twin Endpoint. +- Required: No +- Type: string +- Default: `'ServiceBusEndpoint'` + +### Parameter: `primaryConnectionString` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `secondaryConnectionString` + +SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `userAssignedIdentity` + +The ID to assign to the resource. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md index 3eea1daa41..f89ecfce3d 100644 --- a/modules/document-db/database-account/README.md +++ b/modules/document-db/database-account/README.md @@ -5,10 +5,10 @@ This module deploys a DocumentDB Database Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -27,85 +27,28 @@ This module deploys a DocumentDB Database Account. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `locations` | array | Locations enabled for the Cosmos DB account. | -| `name` | string | Name of the Database Account. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `automaticFailover` | bool | `True` | | Enable automatic failover for regions. | -| `backupIntervalInMinutes` | int | `240` | | An integer representing the interval in minutes between two backups. Only applies to periodic backup type. | -| `backupPolicyContinuousTier` | string | `'Continuous30Days'` | `[Continuous30Days, Continuous7Days]` | Configuration values for continuous mode backup. | -| `backupPolicyType` | string | `'Continuous'` | `[Continuous, Periodic]` | Describes the mode of backups. | -| `backupRetentionIntervalInHours` | int | `8` | | An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. | -| `backupStorageRedundancy` | string | `'Local'` | `[Geo, Local, Zone]` | Enum to indicate type of backup residency. Only applies to periodic backup type. | -| `capabilitiesToAdd` | array | `[]` | `[DisableRateLimitingResponses, EnableCassandra, EnableGremlin, EnableMongo, EnableServerless, EnableTable]` | List of Cosmos DB capabilities for the account. | -| `databaseAccountOfferType` | string | `'Standard'` | `[Standard]` | The offer type for the Cosmos DB database account. | -| `defaultConsistencyLevel` | string | `'Session'` | `[BoundedStaleness, ConsistentPrefix, Eventual, Session, Strong]` | The default consistency level of the Cosmos DB account. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[Requests]` | `[Requests]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFreeTier` | bool | `False` | | Flag to indicate whether Free Tier is enabled. | -| `gremlinDatabases` | array | `[]` | | Gremlin Databases configurations. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxIntervalInSeconds` | int | `300` | | Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. | -| `maxStalenessPrefix` | int | `100000` | | Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. | -| `mongodbDatabases` | array | `[]` | | MongoDB Databases configurations. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serverVersion` | string | `'4.2'` | `[3.2, 3.6, 4.0, 4.2]` | Specifies the MongoDB server version to use. | -| `sqlDatabases` | array | `[]` | | SQL Databases configurations. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Database Account resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +## Usage examples - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the database account. | -| `resourceGroupName` | string | The name of the resource group the database account was created in. | -| `resourceId` | string | The resource ID of the database account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Gremlindb

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/document-db.database-account:1.0.0`. + +- [Gremlindb](#example-1-gremlindb) +- [Mongodb](#example-2-mongodb) +- [Plain](#example-3-plain) +- [Sqldb](#example-4-sqldb) + +### Example 1: _Gremlindb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddagrm' params: { // Required parameters @@ -331,14 +274,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 2: Mongodb

+### Example 2: _Mongodb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddamng' params: { // Required parameters @@ -828,14 +771,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 3: Plain

+### Example 3: _Plain_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddapln' params: { // Required parameters @@ -951,14 +894,14 @@ module databaseAccount './document-db/database-account/main.bicep' = {

-

Example 4: Sqldb

+### Example 4: _Sqldb_
via Bicep module ```bicep -module databaseAccount './document-db/database-account/main.bicep' = { +module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-dddasql' params: { // Required parameters @@ -1269,3 +1212,307 @@ module databaseAccount './document-db/database-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`locations`](#parameter-locations) | array | Locations enabled for the Cosmos DB account. | +| [`name`](#parameter-name) | string | Name of the Database Account. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`automaticFailover`](#parameter-automaticfailover) | bool | Enable automatic failover for regions. | +| [`backupIntervalInMinutes`](#parameter-backupintervalinminutes) | int | An integer representing the interval in minutes between two backups. Only applies to periodic backup type. | +| [`backupPolicyContinuousTier`](#parameter-backuppolicycontinuoustier) | string | Configuration values for continuous mode backup. | +| [`backupPolicyType`](#parameter-backuppolicytype) | string | Describes the mode of backups. | +| [`backupRetentionIntervalInHours`](#parameter-backupretentionintervalinhours) | int | An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. | +| [`backupStorageRedundancy`](#parameter-backupstorageredundancy) | string | Enum to indicate type of backup residency. Only applies to periodic backup type. | +| [`capabilitiesToAdd`](#parameter-capabilitiestoadd) | array | List of Cosmos DB capabilities for the account. | +| [`databaseAccountOfferType`](#parameter-databaseaccountoffertype) | string | The offer type for the Cosmos DB database account. | +| [`defaultConsistencyLevel`](#parameter-defaultconsistencylevel) | string | The default consistency level of the Cosmos DB account. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFreeTier`](#parameter-enablefreetier) | bool | Flag to indicate whether Free Tier is enabled. | +| [`gremlinDatabases`](#parameter-gremlindatabases) | array | Gremlin Databases configurations. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxIntervalInSeconds`](#parameter-maxintervalinseconds) | int | Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. | +| [`maxStalenessPrefix`](#parameter-maxstalenessprefix) | int | Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. | +| [`mongodbDatabases`](#parameter-mongodbdatabases) | array | MongoDB Databases configurations. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serverVersion`](#parameter-serverversion) | string | Specifies the MongoDB server version to use. | +| [`sqlDatabases`](#parameter-sqldatabases) | array | SQL Databases configurations. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Database Account resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `automaticFailover` + +Enable automatic failover for regions. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `backupIntervalInMinutes` + +An integer representing the interval in minutes between two backups. Only applies to periodic backup type. +- Required: No +- Type: int +- Default: `240` + +### Parameter: `backupPolicyContinuousTier` + +Configuration values for continuous mode backup. +- Required: No +- Type: string +- Default: `'Continuous30Days'` +- Allowed: `[Continuous30Days, Continuous7Days]` + +### Parameter: `backupPolicyType` + +Describes the mode of backups. +- Required: No +- Type: string +- Default: `'Continuous'` +- Allowed: `[Continuous, Periodic]` + +### Parameter: `backupRetentionIntervalInHours` + +An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. +- Required: No +- Type: int +- Default: `8` + +### Parameter: `backupStorageRedundancy` + +Enum to indicate type of backup residency. Only applies to periodic backup type. +- Required: No +- Type: string +- Default: `'Local'` +- Allowed: `[Geo, Local, Zone]` + +### Parameter: `capabilitiesToAdd` + +List of Cosmos DB capabilities for the account. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DisableRateLimitingResponses, EnableCassandra, EnableGremlin, EnableMongo, EnableServerless, EnableTable]` + +### Parameter: `databaseAccountOfferType` + +The offer type for the Cosmos DB database account. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Standard]` + +### Parameter: `defaultConsistencyLevel` + +The default consistency level of the Cosmos DB account. +- Required: No +- Type: string +- Default: `'Session'` +- Allowed: `[BoundedStaleness, ConsistentPrefix, Eventual, Session, Strong]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, CassandraRequests, ControlPlaneRequests, DataPlaneRequests, GremlinRequests, MongoRequests, PartitionKeyRUConsumption, PartitionKeyStatistics, QueryRuntimeStatistics, TableApiRequests]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[Requests]` +- Allowed: `[Requests]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFreeTier` + +Flag to indicate whether Free Tier is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `gremlinDatabases` + +Gremlin Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `locations` + +Locations enabled for the Cosmos DB account. +- Required: Yes +- Type: array + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxIntervalInSeconds` + +Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `maxStalenessPrefix` + +Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. +- Required: No +- Type: int +- Default: `100000` + +### Parameter: `mongodbDatabases` + +MongoDB Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the Database Account. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serverVersion` + +Specifies the MongoDB server version to use. +- Required: No +- Type: string +- Default: `'4.2'` +- Allowed: `[3.2, 3.6, 4.0, 4.2]` + +### Parameter: `sqlDatabases` + +SQL Databases configurations. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Database Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the database account. | +| `resourceGroupName` | string | The name of the resource group the database account was created in. | +| `resourceId` | string | The resource ID of the database account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/document-db/database-account/gremlin-database/README.md b/modules/document-db/database-account/gremlin-database/README.md index bd2d6e6b59..4a715c8f19 100644 --- a/modules/document-db/database-account/gremlin-database/README.md +++ b/modules/document-db/database-account/gremlin-database/README.md @@ -21,32 +21,93 @@ This module deploys a Gremlin Database within a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Gremlin database. | +| [`name`](#parameter-name) | string | Name of the Gremlin database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Gremlin database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Gremlin database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `graphs` | array | `[]` | Array of graphs to deploy in the Gremlin database. | -| `maxThroughput` | int | `4000` | Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. | -| `systemAssignedIdentity` | bool | `False` | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | Tags of the Gremlin database resource. | -| `throughput` | int | `-1` | Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`graphs`](#parameter-graphs) | array | Array of graphs to deploy in the Gremlin database. | +| [`maxThroughput`](#parameter-maxthroughput) | int | Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Gremlin database resource. | +| [`throughput`](#parameter-throughput) | int | Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `databaseAccountName` + +The name of the parent Gremlin database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `graphs` + +Array of graphs to deploy in the Gremlin database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `maxThroughput` + +Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. +- Required: No +- Type: int +- Default: `4000` + +### Parameter: `name` + +Name of the Gremlin database. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Gremlin database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the Gremlin database. | | `resourceGroupName` | string | The name of the resource group the Gremlin database was created in. | diff --git a/modules/document-db/database-account/gremlin-database/graph/README.md b/modules/document-db/database-account/gremlin-database/graph/README.md index 9ef2885821..9bd3196bdc 100644 --- a/modules/document-db/database-account/gremlin-database/graph/README.md +++ b/modules/document-db/database-account/gremlin-database/graph/README.md @@ -20,30 +20,76 @@ This module deploys a DocumentDB Database Accounts Gremlin Database Graph. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the graph. | +| [`name`](#parameter-name) | string | Name of the graph. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | -| `gremlinDatabaseName` | string | The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`gremlinDatabaseName`](#parameter-gremlindatabasename) | string | The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `indexingPolicy` | object | `{object}` | Indexing policy of the graph. | -| `partitionKeyPaths` | array | `[]` | List of paths using which data within the container can be partitioned. | -| `tags` | object | `{object}` | Tags of the Gremlin graph resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`indexingPolicy`](#parameter-indexingpolicy) | object | Indexing policy of the graph. | +| [`partitionKeyPaths`](#parameter-partitionkeypaths) | array | List of paths using which data within the container can be partitioned. | +| [`tags`](#parameter-tags) | object | Tags of the Gremlin graph resource. | + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gremlinDatabaseName` + +The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `indexingPolicy` + +Indexing policy of the graph. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the graph. +- Required: Yes +- Type: string + +### Parameter: `partitionKeyPaths` + +List of paths using which data within the container can be partitioned. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Gremlin graph resource. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the graph. | | `resourceGroupName` | string | The name of the resource group the graph was created in. | diff --git a/modules/document-db/database-account/gremlin-database/graph/main.json b/modules/document-db/database-account/gremlin-database/graph/main.json index d02a60bd22..ac3ab15bde 100644 --- a/modules/document-db/database-account/gremlin-database/graph/main.json +++ b/modules/document-db/database-account/gremlin-database/graph/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3593445264917455012" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/modules/document-db/database-account/gremlin-database/main.json b/modules/document-db/database-account/gremlin-database/main.json index f3df7da63e..3a99fdbe58 100644 --- a/modules/document-db/database-account/gremlin-database/main.json +++ b/modules/document-db/database-account/gremlin-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4256328904115204005" + "version": "0.22.6.54827", + "templateHash": "15423165717770718605" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -141,8 +141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3593445264917455012" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/modules/document-db/database-account/main.json b/modules/document-db/database-account/main.json index a5a0399033..8c6c60a55b 100644 --- a/modules/document-db/database-account/main.json +++ b/modules/document-db/database-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9451370227821690902" + "version": "0.22.6.54827", + "templateHash": "1321966146332079883" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -466,8 +466,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5613744277609573742" + "version": "0.22.6.54827", + "templateHash": "9195274417066284555" } }, "parameters": { @@ -618,8 +618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12650326317614213616" + "version": "0.22.6.54827", + "templateHash": "11353697729412779140" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -746,8 +746,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17915639819408167865" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", @@ -985,8 +985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6108492173430130197" + "version": "0.22.6.54827", + "templateHash": "1822071123668929932" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -1103,8 +1103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15278439403607777812" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", @@ -1275,8 +1275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3882851808439491481" + "version": "0.22.6.54827", + "templateHash": "15423165717770718605" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -1412,8 +1412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16873442968006597080" + "version": "0.22.6.54827", + "templateHash": "18333404401527081455" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", @@ -1603,8 +1603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1803,8 +1803,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1941,8 +1941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/document-db/database-account/mongodb-database/README.md b/modules/document-db/database-account/mongodb-database/README.md index d9c2501383..93ddb86a7f 100644 --- a/modules/document-db/database-account/mongodb-database/README.md +++ b/modules/document-db/database-account/mongodb-database/README.md @@ -20,29 +20,69 @@ This module deploys a MongoDB Database within a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the mongodb database. | +| [`name`](#parameter-name) | string | Name of the mongodb database. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `collections` | array | `[]` | Collections in the mongodb database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the resource. | -| `throughput` | int | `400` | Name of the mongodb database. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`collections`](#parameter-collections) | array | Collections in the mongodb database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | + +### Parameter: `collections` + +Collections in the mongodb database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `databaseAccountName` + +The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the mongodb database. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Name of the mongodb database. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the mongodb database. | | `resourceGroupName` | string | The name of the resource group the mongodb database was created in. | diff --git a/modules/document-db/database-account/mongodb-database/collection/README.md b/modules/document-db/database-account/mongodb-database/collection/README.md index c29b48e614..ce98977d82 100644 --- a/modules/document-db/database-account/mongodb-database/collection/README.md +++ b/modules/document-db/database-account/mongodb-database/collection/README.md @@ -20,30 +20,74 @@ This module deploys a MongoDB Database Collection. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `indexes` | array | Indexes for the collection. | -| `name` | string | Name of the collection. | -| `shardKey` | object | ShardKey for the collection. | +| [`indexes`](#parameter-indexes) | array | Indexes for the collection. | +| [`name`](#parameter-name) | string | Name of the collection. | +| [`shardKey`](#parameter-shardkey) | object | ShardKey for the collection. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | -| `mongodbDatabaseName` | string | The name of the parent mongodb database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. | +| [`mongodbDatabaseName`](#parameter-mongodbdatabasename) | string | The name of the parent mongodb database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `throughput` | int | `400` | Name of the mongodb database. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | + +### Parameter: `databaseAccountName` + +The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `indexes` + +Indexes for the collection. +- Required: Yes +- Type: array + +### Parameter: `mongodbDatabaseName` + +The name of the parent mongodb database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the collection. +- Required: Yes +- Type: string + +### Parameter: `shardKey` + +ShardKey for the collection. +- Required: Yes +- Type: object + +### Parameter: `throughput` + +Name of the mongodb database. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the mongodb database. | | `resourceGroupName` | string | The name of the resource group the mongodb database was created in. | diff --git a/modules/document-db/database-account/mongodb-database/collection/main.json b/modules/document-db/database-account/mongodb-database/collection/main.json index a6fa0bc567..7b4dd23c09 100644 --- a/modules/document-db/database-account/mongodb-database/collection/main.json +++ b/modules/document-db/database-account/mongodb-database/collection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12957080003676592321" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/modules/document-db/database-account/mongodb-database/main.json b/modules/document-db/database-account/mongodb-database/main.json index 3446932229..ac1f8b3634 100644 --- a/modules/document-db/database-account/mongodb-database/main.json +++ b/modules/document-db/database-account/mongodb-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13972019361365434498" + "version": "0.22.6.54827", + "templateHash": "1822071123668929932" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -122,8 +122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12957080003676592321" + "version": "0.22.6.54827", + "templateHash": "14573428332905458641" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/modules/document-db/database-account/sql-database/README.md b/modules/document-db/database-account/sql-database/README.md index 2d6e69f472..83def7fb2b 100644 --- a/modules/document-db/database-account/sql-database/README.md +++ b/modules/document-db/database-account/sql-database/README.md @@ -20,30 +20,77 @@ This module deploys a SQL Database in a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the SQL database . | +| [`name`](#parameter-name) | string | Name of the SQL database . | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `autoscaleSettingsMaxThroughput` | int | `-1` | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | -| `containers` | array | `[]` | Array of containers to deploy in the SQL database. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the SQL database resource. | -| `throughput` | int | `400` | Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoscaleSettingsMaxThroughput`](#parameter-autoscalesettingsmaxthroughput) | int | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | +| [`containers`](#parameter-containers) | array | Array of containers to deploy in the SQL database. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the SQL database resource. | +| [`throughput`](#parameter-throughput) | int | Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | + +### Parameter: `autoscaleSettingsMaxThroughput` + +Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `containers` + +Array of containers to deploy in the SQL database. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the SQL database . +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the SQL database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. +- Required: No +- Type: int +- Default: `400` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the SQL database. | | `resourceGroupName` | string | The name of the resource group the SQL database was created in. | diff --git a/modules/document-db/database-account/sql-database/container/README.md b/modules/document-db/database-account/sql-database/container/README.md index 1e14de9526..a090b1fe3f 100644 --- a/modules/document-db/database-account/sql-database/container/README.md +++ b/modules/document-db/database-account/sql-database/container/README.md @@ -20,37 +20,133 @@ This module deploys a SQL Database Container in a CosmosDB Account. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the container. | +| [`name`](#parameter-name) | string | Name of the container. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `databaseAccountName` | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | -| `sqlDatabaseName` | string | The name of the parent SQL Database. Required if the template is used in a standalone deployment. | +| [`databaseAccountName`](#parameter-databaseaccountname) | string | The name of the parent Database Account. Required if the template is used in a standalone deployment. | +| [`sqlDatabaseName`](#parameter-sqldatabasename) | string | The name of the parent SQL Database. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `analyticalStorageTtl` | int | `0` | | Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. | -| `autoscaleSettingsMaxThroughput` | int | `-1` | | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | -| `conflictResolutionPolicy` | object | `{object}` | | The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. | -| `defaultTtl` | int | `-1` | | Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `indexingPolicy` | object | `{object}` | | Indexing policy of the container. | -| `kind` | string | `'Hash'` | `[Hash, MultiHash, Range]` | Indicates the kind of algorithm used for partitioning. | -| `paths` | array | `[]` | | List of paths using which data within the container can be partitioned. | -| `tags` | object | `{object}` | | Tags of the SQL Database resource. | -| `throughput` | int | `400` | | Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | -| `uniqueKeyPolicyKeys` | array | `[]` | | The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`analyticalStorageTtl`](#parameter-analyticalstoragettl) | int | Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. | +| [`autoscaleSettingsMaxThroughput`](#parameter-autoscalesettingsmaxthroughput) | int | Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. | +| [`conflictResolutionPolicy`](#parameter-conflictresolutionpolicy) | object | The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. | +| [`defaultTtl`](#parameter-defaultttl) | int | Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`indexingPolicy`](#parameter-indexingpolicy) | object | Indexing policy of the container. | +| [`kind`](#parameter-kind) | string | Indicates the kind of algorithm used for partitioning. | +| [`paths`](#parameter-paths) | array | List of paths using which data within the container can be partitioned. | +| [`tags`](#parameter-tags) | object | Tags of the SQL Database resource. | +| [`throughput`](#parameter-throughput) | int | Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | +| [`uniqueKeyPolicyKeys`](#parameter-uniquekeypolicykeys) | array | The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. | + +### Parameter: `analyticalStorageTtl` + +Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `autoscaleSettingsMaxThroughput` + +Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `conflictResolutionPolicy` + +The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `defaultTtl` + +Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `indexingPolicy` + +Indexing policy of the container. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `kind` + +Indicates the kind of algorithm used for partitioning. +- Required: No +- Type: string +- Default: `'Hash'` +- Allowed: `[Hash, MultiHash, Range]` + +### Parameter: `name` + +Name of the container. +- Required: Yes +- Type: string + +### Parameter: `paths` + +List of paths using which data within the container can be partitioned. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sqlDatabaseName` + +The name of the parent SQL Database. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the SQL Database resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `throughput` + +Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. +- Required: No +- Type: int +- Default: `400` + +### Parameter: `uniqueKeyPolicyKeys` + +The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the container. | | `resourceGroupName` | string | The name of the resource group the container was created in. | diff --git a/modules/document-db/database-account/sql-database/container/main.json b/modules/document-db/database-account/sql-database/container/main.json index 6986286959..0975283cf0 100644 --- a/modules/document-db/database-account/sql-database/container/main.json +++ b/modules/document-db/database-account/sql-database/container/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14315455818011845279" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/modules/document-db/database-account/sql-database/main.json b/modules/document-db/database-account/sql-database/main.json index 145a1881bc..f077897716 100644 --- a/modules/document-db/database-account/sql-database/main.json +++ b/modules/document-db/database-account/sql-database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3181306638327423907" + "version": "0.22.6.54827", + "templateHash": "11353697729412779140" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -132,8 +132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14315455818011845279" + "version": "0.22.6.54827", + "templateHash": "8116399669974678281" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/modules/event-grid/domain/.test/common/main.test.bicep b/modules/event-grid/domain/.test/common/main.test.bicep index 9a38dc3ee4..868878e147 100644 --- a/modules/event-grid/domain/.test/common/main.test.bicep +++ b/modules/event-grid/domain/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/domain/.test/min/main.test.bicep b/modules/event-grid/domain/.test/min/main.test.bicep index 3fe94445cd..f7238a4aaa 100644 --- a/modules/event-grid/domain/.test/min/main.test.bicep +++ b/modules/event-grid/domain/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/domain/README.md b/modules/event-grid/domain/README.md index 4da7b333e7..a601093a7b 100644 --- a/modules/event-grid/domain/README.md +++ b/modules/event-grid/domain/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid Domain. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,70 +22,30 @@ This module deploys an Event Grid Domain. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Domain. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoCreateTopicWithFirstSubscription` | bool | `True` | | Location for all Resources. | -| `autoDeleteTopicWithLastSubscription` | bool | `True` | | Location for all Resources. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `inboundIpRules` | array | `[]` | | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `topics` | array | `[]` | | The topic names which are associated with the domain. | - +## Usage examples -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid domain. | -| `resourceGroupName` | string | The name of the resource group the event grid domain was deployed into. | -| `resourceId` | string | The resource ID of the event grid domain. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.domain:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using large parameter set_ -## Deployment examples +This instance deploys the module with most of its features enabled. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdcom' params: { // Required parameters @@ -231,14 +191,17 @@ module domain './event-grid/domain/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdmin' params: { // Required parameters @@ -276,14 +239,14 @@ module domain './event-grid/domain/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module domain './event-grid/domain/main.bicep' = { +module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egdpe' params: { // Required parameters @@ -366,3 +329,189 @@ module domain './event-grid/domain/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Domain. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoCreateTopicWithFirstSubscription`](#parameter-autocreatetopicwithfirstsubscription) | bool | Location for all Resources. | +| [`autoDeleteTopicWithLastSubscription`](#parameter-autodeletetopicwithlastsubscription) | bool | Location for all Resources. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`topics`](#parameter-topics) | array | The topic names which are associated with the domain. | + +### Parameter: `autoCreateTopicWithFirstSubscription` + +Location for all Resources. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `autoDeleteTopicWithLastSubscription` + +Location for all Resources. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures, PublishFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `inboundIpRules` + +This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Domain. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topics` + +The topic names which are associated with the domain. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid domain. | +| `resourceGroupName` | string | The name of the resource group the event grid domain was deployed into. | +| `resourceId` | string | The resource ID of the event grid domain. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-grid/domain/main.json b/modules/event-grid/domain/main.json index 84acd63341..dcfe142327 100644 --- a/modules/event-grid/domain/main.json +++ b/modules/event-grid/domain/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7818867267496589436" + "version": "0.22.6.54827", + "templateHash": "7856347884267755946" }, "name": "Event Grid Domains", "description": "This module deploys an Event Grid Domain.", @@ -284,8 +284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3376028275602435166" + "version": "0.22.6.54827", + "templateHash": "13108601447016690436" }, "name": "Event Grid Domain Topics", "description": "This module deploys an Event Grid Domain Topic.", @@ -415,8 +415,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -615,8 +615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -753,8 +753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -967,8 +967,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16462235446782187240" + "version": "0.22.6.54827", + "templateHash": "1659842695042016822" } }, "parameters": { diff --git a/modules/event-grid/domain/topic/README.md b/modules/event-grid/domain/topic/README.md index d34ee64a33..f4c4b1a733 100644 --- a/modules/event-grid/domain/topic/README.md +++ b/modules/event-grid/domain/topic/README.md @@ -19,27 +19,53 @@ This module deploys an Event Grid Domain Topic. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Domain Topic. | +| [`name`](#parameter-name) | string | The name of the Event Grid Domain Topic. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `domainName` | string | The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. | +| [`domainName`](#parameter-domainname) | string | The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all Resources. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | + +### Parameter: `domainName` + +The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Grid Domain Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the event grid topic. | | `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | diff --git a/modules/event-grid/domain/topic/main.json b/modules/event-grid/domain/topic/main.json index 8b821bd6f1..c640f2628c 100644 --- a/modules/event-grid/domain/topic/main.json +++ b/modules/event-grid/domain/topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15871414282174794846" + "version": "0.22.6.54827", + "templateHash": "13108601447016690436" }, "name": "Event Grid Domain Topics", "description": "This module deploys an Event Grid Domain Topic.", diff --git a/modules/event-grid/system-topic/.test/common/main.test.bicep b/modules/event-grid/system-topic/.test/common/main.test.bicep index d5cd6b5f79..316cfc5c48 100644 --- a/modules/event-grid/system-topic/.test/common/main.test.bicep +++ b/modules/event-grid/system-topic/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/system-topic/.test/min/main.test.bicep b/modules/event-grid/system-topic/.test/min/main.test.bicep index 89d438902b..52ccd0b7bc 100644 --- a/modules/event-grid/system-topic/.test/min/main.test.bicep +++ b/modules/event-grid/system-topic/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/system-topic/README.md b/modules/event-grid/system-topic/README.md index a1fbd8ae6d..60495ccaed 100644 --- a/modules/event-grid/system-topic/README.md +++ b/modules/event-grid/system-topic/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid System Topic. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -20,66 +20,29 @@ This module deploys an Event Grid System Topic. | `Microsoft.EventGrid/systemTopics/eventSubscriptions` | [2022-06-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2022-06-15/systemTopics/eventSubscriptions) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Topic. | -| `source` | string | Source for the system topic. | -| `topicType` | string | TopicType for the system topic. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventSubscriptions` | array | `[]` | | Event subscriptions to deploy. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid system topic. | -| `resourceGroupName` | string | The name of the resource group the event grid system topic was deployed into. | -| `resourceId` | string | The resource ID of the event grid system topic. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.system-topic:1.0.0`. -_None_ +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module systemTopic './event-grid/system-topic/main.bicep' = { +module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egstcom' params: { // Required parameters @@ -227,14 +190,17 @@ module systemTopic './event-grid/system-topic/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module systemTopic './event-grid/system-topic/main.bicep' = { +module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egstmin' params: { // Required parameters @@ -279,3 +245,175 @@ module systemTopic './event-grid/system-topic/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Topic. | +| [`source`](#parameter-source) | string | Source for the system topic. | +| [`topicType`](#parameter-topictype) | string | TopicType for the system topic. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventSubscriptions` + +Event subscriptions to deploy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Topic. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `source` + +Source for the system topic. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topicType` + +TopicType for the system topic. +- Required: Yes +- Type: string + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid system topic. | +| `resourceGroupName` | string | The name of the resource group the event grid system topic was deployed into. | +| `resourceId` | string | The resource ID of the event grid system topic. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/event-grid/system-topic/event-subscription/README.md b/modules/event-grid/system-topic/event-subscription/README.md index 0ec60e8c50..d488702524 100644 --- a/modules/event-grid/system-topic/event-subscription/README.md +++ b/modules/event-grid/system-topic/event-subscription/README.md @@ -19,31 +19,120 @@ This module deploys an Event Grid System Topic Event Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `destination` | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | -| `name` | string | The name of the Event Subscription. | -| `systemTopicName` | string | Name of the Event Grid System Topic. | +| [`destination`](#parameter-destination) | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | +| [`name`](#parameter-name) | string | The name of the Event Subscription. | +| [`systemTopicName`](#parameter-systemtopicname) | string | Name of the Event Grid System Topic. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deadLetterDestination` | object | `{object}` | | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | -| `deadLetterWithResourceIdentity` | object | `{object}` | | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | -| `deliveryWithResourceIdentity` | object | `{object}` | | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventDeliverySchema` | string | `'EventGridSchema'` | `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` | The event delivery schema for the event subscription. | -| `expirationTimeUtc` | string | `''` | | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | -| `filter` | object | `{object}` | | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | -| `labels` | array | `[]` | | The list of user defined labels. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `retryPolicy` | object | `{object}` | | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterDestination`](#parameter-deadletterdestination) | object | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | +| [`deadLetterWithResourceIdentity`](#parameter-deadletterwithresourceidentity) | object | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | +| [`deliveryWithResourceIdentity`](#parameter-deliverywithresourceidentity) | object | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventDeliverySchema`](#parameter-eventdeliveryschema) | string | The event delivery schema for the event subscription. | +| [`expirationTimeUtc`](#parameter-expirationtimeutc) | string | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | +| [`filter`](#parameter-filter) | object | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | +| [`labels`](#parameter-labels) | array | The list of user defined labels. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | + +### Parameter: `deadLetterDestination` + +Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deadLetterWithResourceIdentity` + +Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deliveryWithResourceIdentity` + +Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventDeliverySchema` + +The event delivery schema for the event subscription. +- Required: No +- Type: string +- Default: `'EventGridSchema'` +- Allowed: `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` + +### Parameter: `expirationTimeUtc` + +The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `filter` + +The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labels` + +The list of user defined labels. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Subscription. +- Required: Yes +- Type: string + +### Parameter: `retryPolicy` + +The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `systemTopicName` + +Name of the Event Grid System Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the event subscription. | diff --git a/modules/event-grid/system-topic/event-subscription/main.json b/modules/event-grid/system-topic/event-subscription/main.json index d01d0b7544..1b3870ba98 100644 --- a/modules/event-grid/system-topic/event-subscription/main.json +++ b/modules/event-grid/system-topic/event-subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2662254923590356448" + "version": "0.22.6.54827", + "templateHash": "10392297144322720436" }, "name": "Event Grid System Topic Event Subscriptions", "description": "This module deploys an Event Grid System Topic Event Subscription.", diff --git a/modules/event-grid/system-topic/main.json b/modules/event-grid/system-topic/main.json index a5d5a0f260..d47e0b9d3f 100644 --- a/modules/event-grid/system-topic/main.json +++ b/modules/event-grid/system-topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12331506143348068786" + "version": "0.22.6.54827", + "templateHash": "13215489869065606829" }, "name": "Event Grid System Topics", "description": "This module deploys an Event Grid System Topic.", @@ -276,8 +276,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12279525611210070078" + "version": "0.22.6.54827", + "templateHash": "10392297144322720436" }, "name": "Event Grid System Topic Event Subscriptions", "description": "This module deploys an Event Grid System Topic Event Subscription.", @@ -481,8 +481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3745938905849630295" + "version": "0.22.6.54827", + "templateHash": "12562324298360461829" } }, "parameters": { diff --git a/modules/event-grid/topic/.test/common/main.test.bicep b/modules/event-grid/topic/.test/common/main.test.bicep index c55aa3de33..b78bcf0f8c 100644 --- a/modules/event-grid/topic/.test/common/main.test.bicep +++ b/modules/event-grid/topic/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/topic/.test/min/main.test.bicep b/modules/event-grid/topic/.test/min/main.test.bicep index f55b6f3f86..6e3cc70796 100644 --- a/modules/event-grid/topic/.test/min/main.test.bicep +++ b/modules/event-grid/topic/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-grid/topic/README.md b/modules/event-grid/topic/README.md index 2bf435446a..a56621c201 100644 --- a/modules/event-grid/topic/README.md +++ b/modules/event-grid/topic/README.md @@ -5,10 +5,10 @@ This module deploys an Event Grid Topic. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,68 +22,30 @@ This module deploys an Event Grid Topic. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Event Grid Topic. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DeliveryFailures, PublishFailures]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventSubscriptions` | array | `[]` | | Event subscriptions to deploy. | -| `inboundIpRules` | array | `[]` | | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the event grid topic. | -| `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | -| `resourceId` | string | The resource ID of the event grid topic. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-grid.topic:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) +- [Pe](#example-3-pe) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtcom' params: { // Required parameters @@ -271,14 +233,17 @@ module topic './event-grid/topic/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtmin' params: { // Required parameters @@ -316,14 +281,14 @@ module topic './event-grid/topic/main.bicep' = {

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module topic './event-grid/topic/main.bicep' = { +module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-egtpe' params: { // Required parameters @@ -406,3 +371,173 @@ module topic './event-grid/topic/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Event Grid Topic. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventSubscriptions`](#parameter-eventsubscriptions) | array | Event subscriptions to deploy. | +| [`inboundIpRules`](#parameter-inboundiprules) | array | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DeliveryFailures, PublishFailures]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventSubscriptions` + +Event subscriptions to deploy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `inboundIpRules` + +This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Event Grid Topic. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the event grid topic. | +| `resourceGroupName` | string | The name of the resource group the event grid topic was deployed into. | +| `resourceId` | string | The resource ID of the event grid topic. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-grid/topic/event-subscription/README.md b/modules/event-grid/topic/event-subscription/README.md index ae0aee3b5d..ddfd871622 100644 --- a/modules/event-grid/topic/event-subscription/README.md +++ b/modules/event-grid/topic/event-subscription/README.md @@ -19,31 +19,120 @@ This module deploys an Event Grid Topic Event Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `destination` | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | -| `name` | string | The name of the Event Subscription. | -| `topicName` | string | Name of the Event Grid Topic. | +| [`destination`](#parameter-destination) | object | The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). | +| [`name`](#parameter-name) | string | The name of the Event Subscription. | +| [`topicName`](#parameter-topicname) | string | Name of the Event Grid Topic. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `deadLetterDestination` | object | `{object}` | | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | -| `deadLetterWithResourceIdentity` | object | `{object}` | | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | -| `deliveryWithResourceIdentity` | object | `{object}` | | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventDeliverySchema` | string | `'EventGridSchema'` | `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` | The event delivery schema for the event subscription. | -| `expirationTimeUtc` | string | `''` | | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | -| `filter` | object | `{object}` | | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | -| `labels` | array | `[]` | | The list of user defined labels. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `retryPolicy` | object | `{object}` | | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deadLetterDestination`](#parameter-deadletterdestination) | object | Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). | +| [`deadLetterWithResourceIdentity`](#parameter-deadletterwithresourceidentity) | object | Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). | +| [`deliveryWithResourceIdentity`](#parameter-deliverywithresourceidentity) | object | Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventDeliverySchema`](#parameter-eventdeliveryschema) | string | The event delivery schema for the event subscription. | +| [`expirationTimeUtc`](#parameter-expirationtimeutc) | string | The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). | +| [`filter`](#parameter-filter) | object | The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). | +| [`labels`](#parameter-labels) | array | The list of user defined labels. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | + +### Parameter: `deadLetterDestination` + +Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deadLetterWithResourceIdentity` + +Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `deliveryWithResourceIdentity` + +Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventDeliverySchema` + +The event delivery schema for the event subscription. +- Required: No +- Type: string +- Default: `'EventGridSchema'` +- Allowed: `[CloudEventSchemaV1_0, CustomInputSchema, EventGridEvent, EventGridSchema]` + +### Parameter: `expirationTimeUtc` + +The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `filter` + +The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `labels` + +The list of user defined labels. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Event Subscription. +- Required: Yes +- Type: string + +### Parameter: `retryPolicy` + +The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `topicName` + +Name of the Event Grid Topic. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the event subscription. | diff --git a/modules/event-grid/topic/event-subscription/main.json b/modules/event-grid/topic/event-subscription/main.json index 37e87b702f..9891a17599 100644 --- a/modules/event-grid/topic/event-subscription/main.json +++ b/modules/event-grid/topic/event-subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1847712751203709530" + "version": "0.22.6.54827", + "templateHash": "2222106647839764321" }, "name": "EventGrid Topic Event Subscriptions", "description": "This module deploys an Event Grid Topic Event Subscription.", diff --git a/modules/event-grid/topic/main.json b/modules/event-grid/topic/main.json index 7d6e63ce94..f60d2077df 100644 --- a/modules/event-grid/topic/main.json +++ b/modules/event-grid/topic/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2223845646859059604" + "version": "0.22.6.54827", + "templateHash": "17347618398012771479" }, "name": "Event Grid Topics", "description": "This module deploys an Event Grid Topic.", @@ -275,8 +275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6395050115112731120" + "version": "0.22.6.54827", + "templateHash": "2222106647839764321" }, "name": "EventGrid Topic Event Subscriptions", "description": "This module deploys an Event Grid Topic Event Subscription.", @@ -492,8 +492,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -692,8 +692,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -830,8 +830,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1044,8 +1044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13615997203559529091" + "version": "0.22.6.54827", + "templateHash": "8293298385688392206" } }, "parameters": { diff --git a/modules/event-hub/namespace/.test/common/main.test.bicep b/modules/event-hub/namespace/.test/common/main.test.bicep index 171a1bad4f..9852491947 100644 --- a/modules/event-hub/namespace/.test/common/main.test.bicep +++ b/modules/event-hub/namespace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-hub/namespace/.test/min/main.test.bicep b/modules/event-hub/namespace/.test/min/main.test.bicep index a1b2f4684b..282a233685 100644 --- a/modules/event-hub/namespace/.test/min/main.test.bicep +++ b/modules/event-hub/namespace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/event-hub/namespace/README.md b/modules/event-hub/namespace/README.md index 51e0ddece9..15b2802910 100644 --- a/modules/event-hub/namespace/README.md +++ b/modules/event-hub/namespace/README.md @@ -5,10 +5,10 @@ This module deploys an Event Hub Namespace. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -27,91 +27,31 @@ This module deploys an Event Hub Namespace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the event hub namespace. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Event Hub namespace. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | This property disables SAS authentication for the Event Hubs namespace. | -| `disasterRecoveryConfig` | _[disasterRecoveryConfig](disaster-recovery-config/README.md)_ object | `{object}` | | The disaster recovery config for this namespace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `eventhubs` | array | `[]` | | The event hubs to deploy into this namespace. | -| `isAutoInflateEnabled` | bool | `False` | | Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. | -| `kafkaEnabled` | bool | `False` | | Value that indicates whether Kafka is enabled for Event Hubs Namespace. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maximumThroughputUnits` | int | `1` | | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | The minimum TLS version for the cluster to support. | -| `networkRuleSets` | object | `{object}` | | Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled, SecuredByPerimeter]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `requireInfrastructureEncryption` | bool | `False` | | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. | -| `skuName` | string | `'Standard'` | `[Basic, Premium, Standard]` | event hub plan SKU name. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `False` | | Switch to make the Event Hub Namespace zone redundant. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the eventspace. | -| `resourceGroupName` | string | The resource group where the namespace is deployed. | -| `resourceId` | string | The resource ID of the eventspace. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/event-hub.namespace:1.0.0`. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehncom' params: { // Required parameters @@ -491,14 +431,14 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnenc' params: { // Required parameters @@ -584,14 +524,17 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnmin' params: { // Required parameters @@ -629,14 +572,14 @@ module namespace './event-hub/namespace/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module namespace './event-hub/namespace/main.bicep' = { +module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ehnpe' params: { // Required parameters @@ -731,3 +674,317 @@ module namespace './event-hub/namespace/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the event hub namespace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Event Hub namespace. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | This property disables SAS authentication for the Event Hubs namespace. | +| [`disasterRecoveryConfig`](#parameter-disasterrecoveryconfig) | object | The disaster recovery config for this namespace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventhubs`](#parameter-eventhubs) | array | The event hubs to deploy into this namespace. | +| [`isAutoInflateEnabled`](#parameter-isautoinflateenabled) | bool | Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. | +| [`kafkaEnabled`](#parameter-kafkaenabled) | bool | Value that indicates whether Kafka is enabled for Event Hubs Namespace. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maximumThroughputUnits`](#parameter-maximumthroughputunits) | int | Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. | +| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. | +| [`skuName`](#parameter-skuname) | string | event hub plan SKU name. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the Event Hub Namespace zone redundant. | + +### Parameter: `authorizationRules` + +Authorization Rules for the Event Hub namespace. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. Customer-managed key encryption at rest is only available for namespaces of premium SKU or namespaces created in a Dedicated Cluster. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. The identity should have key usage permissions on the Key Vault Key. Required if "cMKKeyName" is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ApplicationMetricsLogs, ArchiveLogs, AutoScaleLogs, CustomerManagedKeyUserLogs, EventHubVNetConnectionEvent, KafkaCoordinatorLogs, KafkaUserErrorLogs, OperationalLogs, RuntimeAuditLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +This property disables SAS authentication for the Event Hubs namespace. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `disasterRecoveryConfig` + +The disaster recovery config for this namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventhubs` + +The event hubs to deploy into this namespace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `isAutoInflateEnabled` + +Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kafkaEnabled` + +Value that indicates whether Kafka is enabled for Event Hubs Namespace. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maximumThroughputUnits` + +Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `minimumTlsVersion` + +The minimum TLS version for the cluster to support. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the event hub namespace. +- Required: Yes +- Type: string + +### Parameter: `networkRuleSets` + +Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled, SecuredByPerimeter]` + +### Parameter: `requireInfrastructureEncryption` + +Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +event hub plan SKU name. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +Switch to make the Event Hub Namespace zone redundant. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the eventspace. | +| `resourceGroupName` | string | The resource group where the namespace is deployed. | +| `resourceId` | string | The resource ID of the eventspace. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/event-hub/namespace/authorization-rule/README.md b/modules/event-hub/namespace/authorization-rule/README.md index b9ccc45325..bbc74cf9cc 100644 --- a/modules/event-hub/namespace/authorization-rule/README.md +++ b/modules/event-hub/namespace/authorization-rule/README.md @@ -19,27 +19,54 @@ This module deploys an Event Hub Namespace Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the resource group the authorization rule was created in. | diff --git a/modules/event-hub/namespace/disaster-recovery-config/README.md b/modules/event-hub/namespace/disaster-recovery-config/README.md index fdd92ebc09..d9ccac42a8 100644 --- a/modules/event-hub/namespace/disaster-recovery-config/README.md +++ b/modules/event-hub/namespace/disaster-recovery-config/README.md @@ -19,27 +19,53 @@ This module deploys an Event Hub Namespace Disaster Recovery Config. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the disaster recovery config. | +| [`name`](#parameter-name) | string | The name of the disaster recovery config. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `partnerNamespaceId` | string | `''` | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`partnerNamespaceId`](#parameter-partnernamespaceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the disaster recovery config. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `partnerNamespaceId` + +Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the disaster recovery config. | | `resourceGroupName` | string | The name of the resource group the disaster recovery config was created in. | diff --git a/modules/event-hub/namespace/eventhub/README.md b/modules/event-hub/namespace/eventhub/README.md index de5de70349..006f14d3e3 100644 --- a/modules/event-hub/namespace/eventhub/README.md +++ b/modules/event-hub/namespace/eventhub/README.md @@ -4,12 +4,12 @@ This module deploys an Event Hub Namespace Event Hub. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,45 +23,201 @@ This module deploys an Event Hub Namespace Event Hub. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the event hub. | +| [`name`](#parameter-name) | string | The name of the event hub. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the event hub. | -| `captureDescriptionDestinationArchiveNameFormat` | string | `'{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}'` | | Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. | -| `captureDescriptionDestinationBlobContainer` | string | `''` | | Blob container Name. | -| `captureDescriptionDestinationName` | string | `'EventHubArchive.AzureBlockBlob'` | | Name for capture destination. | -| `captureDescriptionDestinationStorageAccountResourceId` | string | `''` | | Resource ID of the storage account to be used to create the blobs. | -| `captureDescriptionEnabled` | bool | `False` | | A value that indicates whether capture description is enabled. | -| `captureDescriptionEncoding` | string | `'Avro'` | `[Avro, AvroDeflate]` | Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. | -| `captureDescriptionIntervalInSeconds` | int | `300` | | The time window allows you to set the frequency with which the capture to Azure Blobs will happen. | -| `captureDescriptionSizeLimitInBytes` | int | `314572800` | | The size window defines the amount of data built up in your Event Hub before an capture operation. | -| `captureDescriptionSkipEmptyArchives` | bool | `False` | | A value that indicates whether to Skip Empty Archives. | -| `consumergroups` | array | `[System.Management.Automation.OrderedHashtable]` | | The consumer groups to create in this event hub instance. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `messageRetentionInDays` | int | `1` | | Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". | -| `partitionCount` | int | `2` | | Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. | -| `retentionDescriptionCleanupPolicy` | string | `'Delete'` | `[Compact, Delete]` | Retention cleanup policy. Enumerates the possible values for cleanup policy. | -| `retentionDescriptionRetentionTimeInHours` | int | `1` | | Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. | -| `retentionDescriptionTombstoneRetentionTimeInHours` | int | `1` | | Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `status` | string | `'Active'` | `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` | Enumerates the possible values for the status of the Event Hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the event hub. | +| [`captureDescriptionDestinationArchiveNameFormat`](#parameter-capturedescriptiondestinationarchivenameformat) | string | Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. | +| [`captureDescriptionDestinationBlobContainer`](#parameter-capturedescriptiondestinationblobcontainer) | string | Blob container Name. | +| [`captureDescriptionDestinationName`](#parameter-capturedescriptiondestinationname) | string | Name for capture destination. | +| [`captureDescriptionDestinationStorageAccountResourceId`](#parameter-capturedescriptiondestinationstorageaccountresourceid) | string | Resource ID of the storage account to be used to create the blobs. | +| [`captureDescriptionEnabled`](#parameter-capturedescriptionenabled) | bool | A value that indicates whether capture description is enabled. | +| [`captureDescriptionEncoding`](#parameter-capturedescriptionencoding) | string | Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. | +| [`captureDescriptionIntervalInSeconds`](#parameter-capturedescriptionintervalinseconds) | int | The time window allows you to set the frequency with which the capture to Azure Blobs will happen. | +| [`captureDescriptionSizeLimitInBytes`](#parameter-capturedescriptionsizelimitinbytes) | int | The size window defines the amount of data built up in your Event Hub before an capture operation. | +| [`captureDescriptionSkipEmptyArchives`](#parameter-capturedescriptionskipemptyarchives) | bool | A value that indicates whether to Skip Empty Archives. | +| [`consumergroups`](#parameter-consumergroups) | array | The consumer groups to create in this event hub instance. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`messageRetentionInDays`](#parameter-messageretentionindays) | int | Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". | +| [`partitionCount`](#parameter-partitioncount) | int | Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. | +| [`retentionDescriptionCleanupPolicy`](#parameter-retentiondescriptioncleanuppolicy) | string | Retention cleanup policy. Enumerates the possible values for cleanup policy. | +| [`retentionDescriptionRetentionTimeInHours`](#parameter-retentiondescriptionretentiontimeinhours) | int | Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. | +| [`retentionDescriptionTombstoneRetentionTimeInHours`](#parameter-retentiondescriptiontombstoneretentiontimeinhours) | int | Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`status`](#parameter-status) | string | Enumerates the possible values for the status of the Event Hub. | + +### Parameter: `authorizationRules` + +Authorization Rules for the event hub. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `captureDescriptionDestinationArchiveNameFormat` + +Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. +- Required: No +- Type: string +- Default: `'{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}'` + +### Parameter: `captureDescriptionDestinationBlobContainer` + +Blob container Name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `captureDescriptionDestinationName` + +Name for capture destination. +- Required: No +- Type: string +- Default: `'EventHubArchive.AzureBlockBlob'` + +### Parameter: `captureDescriptionDestinationStorageAccountResourceId` + +Resource ID of the storage account to be used to create the blobs. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `captureDescriptionEnabled` + +A value that indicates whether capture description is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `captureDescriptionEncoding` + +Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. +- Required: No +- Type: string +- Default: `'Avro'` +- Allowed: `[Avro, AvroDeflate]` + +### Parameter: `captureDescriptionIntervalInSeconds` + +The time window allows you to set the frequency with which the capture to Azure Blobs will happen. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `captureDescriptionSizeLimitInBytes` + +The size window defines the amount of data built up in your Event Hub before an capture operation. +- Required: No +- Type: int +- Default: `314572800` + +### Parameter: `captureDescriptionSkipEmptyArchives` + +A value that indicates whether to Skip Empty Archives. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `consumergroups` + +The consumer groups to create in this event hub instance. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `messageRetentionInDays` + +Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". +- Required: No +- Type: int +- Default: `1` + +### Parameter: `name` + +The name of the event hub. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `partitionCount` + +Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `retentionDescriptionCleanupPolicy` + +Retention cleanup policy. Enumerates the possible values for cleanup policy. +- Required: No +- Type: string +- Default: `'Delete'` +- Allowed: `[Compact, Delete]` + +### Parameter: `retentionDescriptionRetentionTimeInHours` + +Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `retentionDescriptionTombstoneRetentionTimeInHours` + +Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `status` + +Enumerates the possible values for the status of the Event Hub. +- Required: No +- Type: string +- Default: `'Active'` +- Allowed: `[Active, Creating, Deleting, Disabled, ReceiveDisabled, Renaming, Restoring, SendDisabled, Unknown]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `eventHubId` | string | The resource ID of the event hub. | | `name` | string | The name of the event hub. | diff --git a/modules/event-hub/namespace/eventhub/authorization-rule/README.md b/modules/event-hub/namespace/eventhub/authorization-rule/README.md index eef9d6b375..5abe5dafa8 100644 --- a/modules/event-hub/namespace/eventhub/authorization-rule/README.md +++ b/modules/event-hub/namespace/eventhub/authorization-rule/README.md @@ -19,28 +19,61 @@ This module deploys an Event Hub Namespace Event Hub Authorization Rule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the authorization rule. | +| [`name`](#parameter-name) | string | The name of the authorization rule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventHubName` | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`eventHubName`](#parameter-eventhubname) | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`rights`](#parameter-rights) | array | The rights associated with the rule. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the authorization rule. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `rights` + +The rights associated with the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Listen, Manage, Send]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the authorization rule. | | `resourceGroupName` | string | The name of the resource group the authorization rule was created in. | diff --git a/modules/event-hub/namespace/eventhub/consumergroup/README.md b/modules/event-hub/namespace/eventhub/consumergroup/README.md index 4749095254..589b4fa044 100644 --- a/modules/event-hub/namespace/eventhub/consumergroup/README.md +++ b/modules/event-hub/namespace/eventhub/consumergroup/README.md @@ -19,28 +19,60 @@ This module deploys an Event Hub Namespace Event Hub Consumer Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the consumer group. | +| [`name`](#parameter-name) | string | The name of the consumer group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `eventHubName` | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. | +| [`eventHubName`](#parameter-eventhubname) | string | The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `userMetadata` | string | `''` | User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`userMetadata`](#parameter-usermetadata) | string | User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the consumer group. +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. +- Required: Yes +- Type: string + +### Parameter: `userMetadata` + +User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the consumer group. | | `resourceGroupName` | string | The name of the resource group the consumer group was created in. | diff --git a/modules/event-hub/namespace/network-rule-set/README.md b/modules/event-hub/namespace/network-rule-set/README.md index 4d10778ca7..a0ac082d1c 100644 --- a/modules/event-hub/namespace/network-rule-set/README.md +++ b/modules/event-hub/namespace/network-rule-set/README.md @@ -19,25 +19,75 @@ This module deploys an Event Hub Namespace Network Rule Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `namespaceName` | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | +| [`namespaceName`](#parameter-namespacename) | string | The name of the parent event hub namespace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ipRules` | array | `[]` | | An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | -| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | -| `trustedServiceAccessEnabled` | bool | `True` | | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | -| `virtualNetworkRules` | array | `[]` | | An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`defaultAction`](#parameter-defaultaction) | string | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipRules`](#parameter-iprules) | array | An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | +| [`trustedServiceAccessEnabled`](#parameter-trustedserviceaccessenabled) | bool | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | +| [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | + +### Parameter: `defaultAction` + +Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. +- Required: No +- Type: string +- Default: `'Allow'` +- Allowed: `[Allow, Deny]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipRules` + +An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `trustedServiceAccessEnabled` + +Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkRules` + +An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the network rule set. | | `resourceGroupName` | string | The name of the resource group the network rule set was created in. | diff --git a/modules/health-bot/health-bot/.test/common/main.test.bicep b/modules/health-bot/health-bot/.test/common/main.test.bicep index 7ec0798687..25523eb3d0 100644 --- a/modules/health-bot/health-bot/.test/common/main.test.bicep +++ b/modules/health-bot/health-bot/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/health-bot/health-bot/.test/min/main.test.bicep b/modules/health-bot/health-bot/.test/min/main.test.bicep index 7810dc31de..6c9996b611 100644 --- a/modules/health-bot/health-bot/.test/min/main.test.bicep +++ b/modules/health-bot/health-bot/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index f56a72df16..500dc90146 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Health Bot. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,29 @@ This module deploys an Azure Health Bot. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.HealthBot/healthBots` | [2022-08-08](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2022-08-08/healthBots) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the resource. | -| `sku` | string | `[C0, F0, S1]` | The name of the Azure Health Bot SKU. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the health bot. | -| `resourceGroupName` | string | The resource group the health bot was deployed into. | -| `resourceId` | string | The resource ID of the health bot. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/health-bot.health-bot:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module healthBot './health-bot/health-bot/main.bicep' = { +module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-hbhbcom' params: { // Required parameters @@ -152,14 +126,17 @@ module healthBot './health-bot/health-bot/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module healthBot './health-bot/health-bot/main.bicep' = { +module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-hbhbmin' params: { // Required parameters @@ -200,3 +177,94 @@ module healthBot './health-bot/health-bot/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the resource. | +| [`sku`](#parameter-sku) | string | The name of the Azure Health Bot SKU. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the resource. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the Azure Health Bot SKU. +- Required: Yes +- Type: string +- Allowed: `[C0, F0, S1]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the health bot. | +| `resourceGroupName` | string | The resource group the health bot was deployed into. | +| `resourceId` | string | The resource ID of the health bot. | + +## Cross-referenced modules + +_None_ diff --git a/modules/health-bot/health-bot/main.json b/modules/health-bot/health-bot/main.json index 1b2888ef2a..517c93ef00 100644 --- a/modules/health-bot/health-bot/main.json +++ b/modules/health-bot/health-bot/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13417269663268591312" + "version": "0.22.6.54827", + "templateHash": "1397739701759067802" }, "name": "Azure Health Bots", "description": "This module deploys an Azure Health Bot.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9746468105018607304" + "version": "0.22.6.54827", + "templateHash": "4105513755228551985" } }, "parameters": { diff --git a/modules/healthcare-apis/workspace/.test/common/main.test.bicep b/modules/healthcare-apis/workspace/.test/common/main.test.bicep index 2baa190bdb..e64ff1eea7 100644 --- a/modules/healthcare-apis/workspace/.test/common/main.test.bicep +++ b/modules/healthcare-apis/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/healthcare-apis/workspace/.test/min/main.test.bicep b/modules/healthcare-apis/workspace/.test/min/main.test.bicep index 6399106a53..95061177c5 100644 --- a/modules/healthcare-apis/workspace/.test/min/main.test.bicep +++ b/modules/healthcare-apis/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/healthcare-apis/workspace/README.md b/modules/healthcare-apis/workspace/README.md index 8e99abc232..964b1a6b02 100644 --- a/modules/healthcare-apis/workspace/README.md +++ b/modules/healthcare-apis/workspace/README.md @@ -5,10 +5,10 @@ This module deploys a Healthcare API Workspace. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -24,155 +24,29 @@ This module deploys a Healthcare API Workspace. | `Microsoft.HealthcareApis/workspaces/iotconnectors/fhirdestinations` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.HealthcareApis/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Health Data Services Workspace service. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dicomservices` | array | `[]` | | Deploy DICOM services. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `fhirservices` | array | `[]` | | Deploy FHIR services. | -| `iotconnectors` | array | `[]` | | Deploy IOT connectors. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -### Parameter Usage: `fhirservices` - -Create a FHIR service with the workspace. - -

- -Parameter JSON format - -```json -"fhirServices": { - "value": [ - { - "name": "[[namePrefix]]-az-fhir-x-001", - "kind": "fhir-R4", - "workspaceName": "[[namePrefix]]001", - "corsOrigins": [ "*" ], - "corsHeaders": [ "*" ], - "corsMethods": [ "GET" ], - "corsMaxAge": 600, - "corsAllowCredentials": false, - "location": "[[location]]", - "diagnosticStorageAccountId": "[[storageAccountResourceId]]", - "diagnosticWorkspaceId": "[[logAnalyticsWorkspaceResourceId]]", - "diagnosticEventHubAuthorizationRuleId": "[[eventHubAuthorizationRuleId]]", - "diagnosticEventHubName": "[[eventHubNamespaceEventHubName]]", - "publicNetworkAccess": "Enabled", - "resourceVersionPolicy": "versioned", - "smartProxyEnabled": false, - "enableDefaultTelemetry": false, - "systemAssignedIdentity": true, - "importEnabled": false, - "initialImportMode": false, - "userAssignedIdentities": { - "[[managedIdentityResourceId]]": {} - }, - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Role Name", - "principalIds": [ - "managedIdentityPrincipalId" - ], - "principalType": "ServicePrincipal" - } - ] - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -fhirServices: [ - { - name: '[[namePrefix]]-az-fhir-x-001' - kind: 'fhir-R4' - workspaceName: '[[namePrefix]]001' - corsOrigins: [ '*' ] - corsHeaders: [ '*' ] - corsMethods: [ 'GET' ] - corsMaxAge: 600 - corsAllowCredentials: false - location: location - diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId - diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - publicNetworkAccess: 'Enabled' - resourceVersionPolicy: 'versioned' - smartProxyEnabled: false - enableDefaultTelemetry: enableDefaultTelemetry - systemAssignedIdentity: true - importEnabled: false - initialImportMode: false - userAssignedIdentities: { - '${resourceGroupResources.outputs.managedIdentityResourceId}': {} - } - roleAssignments: [ - { - roleDefinitionIdOrName: resourceId('Microsoft.Authorization/roleDefinitions', '5a1fc7df-4bf1-4951-a576-89034ee01acd') - principalIds: [ - resourceGroupResources.outputs.managedIdentityPrincipalId - ] - principalType: 'ServicePrincipal' - } - ] - } -] -``` - -
-

- +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the health data services workspace. | -| `resourceGroupName` | string | The resource group where the workspace is deployed. | -| `resourceId` | string | The resource ID of the health data services workspace. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/healthcare-apis.workspace:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './healthcare-apis/workspace/main.bicep' = { +module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { name: '${uniqueString(deployment().name)}-test-hawcom' params: { // Required parameters @@ -378,14 +252,17 @@ module workspace './healthcare-apis/workspace/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './healthcare-apis/workspace/main.bicep' = { +module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { name: '${uniqueString(deployment().name)}-test-hawmin' params: { // Required parameters @@ -432,6 +309,113 @@ module workspace './healthcare-apis/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Health Data Services Workspace service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dicomservices`](#parameter-dicomservices) | array | Deploy DICOM services. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`fhirservices`](#parameter-fhirservices) | array | Deploy FHIR services. | +| [`iotconnectors`](#parameter-iotconnectors) | array | Deploy IOT connectors. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `dicomservices` + +Deploy DICOM services. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fhirservices` + +Deploy FHIR services. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `iotconnectors` + +Deploy IOT connectors. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Health Data Services Workspace service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the health data services workspace. | +| `resourceGroupName` | string | The resource group where the workspace is deployed. | +| `resourceId` | string | The resource ID of the health data services workspace. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `iotconnectors` diff --git a/modules/healthcare-apis/workspace/dicomservice/README.md b/modules/healthcare-apis/workspace/dicomservice/README.md index f335d27de0..4fa8abe468 100644 --- a/modules/healthcare-apis/workspace/dicomservice/README.md +++ b/modules/healthcare-apis/workspace/dicomservice/README.md @@ -21,43 +21,185 @@ This module deploys a Healthcare API Workspace DICOM Service. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the DICOM service. | +| [`name`](#parameter-name) | string | The name of the DICOM service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `corsAllowCredentials` | bool | `False` | | Use this setting to indicate that cookies should be included in CORS requests. | -| `corsHeaders` | array | `[]` | | Specify HTTP headers which can be used during the request. Use "*" for any header. | -| `corsMaxAge` | int | `-1` | | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | -| `corsMethods` | array | `[]` | `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` | Specify the allowed HTTP methods. | -| `corsOrigins` | array | `[]` | | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditLogs]` | `[AuditLogs]` | The name of logs that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`corsAllowCredentials`](#parameter-corsallowcredentials) | bool | Use this setting to indicate that cookies should be included in CORS requests. | +| [`corsHeaders`](#parameter-corsheaders) | array | Specify HTTP headers which can be used during the request. Use "*" for any header. | +| [`corsMaxAge`](#parameter-corsmaxage) | int | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | +| [`corsMethods`](#parameter-corsmethods) | array | Specify the allowed HTTP methods. | +| [`corsOrigins`](#parameter-corsorigins) | array | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `corsAllowCredentials` + +Use this setting to indicate that cookies should be included in CORS requests. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `corsHeaders` + +Specify HTTP headers which can be used during the request. Use "*" for any header. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `corsMaxAge` + +Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `corsMethods` + +Specify the allowed HTTP methods. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` + +### Parameter: `corsOrigins` + +Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[AuditLogs]` +- Allowed: `[AuditLogs]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the DICOM service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the dicom service. | diff --git a/modules/healthcare-apis/workspace/dicomservice/main.json b/modules/healthcare-apis/workspace/dicomservice/main.json index e9d301126e..bd72aa17df 100644 --- a/modules/healthcare-apis/workspace/dicomservice/main.json +++ b/modules/healthcare-apis/workspace/dicomservice/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13236257936604632093" + "version": "0.22.6.54827", + "templateHash": "12318721261811271092" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", diff --git a/modules/healthcare-apis/workspace/fhirservice/README.md b/modules/healthcare-apis/workspace/fhirservice/README.md index a4b3d407cf..710e6b336b 100644 --- a/modules/healthcare-apis/workspace/fhirservice/README.md +++ b/modules/healthcare-apis/workspace/fhirservice/README.md @@ -23,58 +23,308 @@ This module deploys a Healthcare API Workspace FHIR Service. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the FHIR service. | +| [`name`](#parameter-name) | string | The name of the FHIR service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessPolicyObjectIds` | array | `[]` | | List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. | -| `acrLoginServers` | array | `[]` | | The list of the Azure container registry login servers. | -| `acrOciArtifacts` | array | `[]` | | The list of Open Container Initiative (OCI) artifacts. | -| `authenticationAudience` | string | `[format('https://{0}-{1}.fhir.azurehealthcareapis.com', parameters('workspaceName'), parameters('name'))]` | | The audience url for the service. | -| `authenticationAuthority` | string | `[uri(environment().authentication.loginEndpoint, subscription().tenantId)]` | | The authority url for the service. | -| `corsAllowCredentials` | bool | `False` | | Use this setting to indicate that cookies should be included in CORS requests. | -| `corsHeaders` | array | `[]` | | Specify HTTP headers which can be used during the request. Use "*" for any header. | -| `corsMaxAge` | int | `-1` | | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | -| `corsMethods` | array | `[]` | `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` | Specify the allowed HTTP methods. | -| `corsOrigins` | array | `[]` | | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[AuditLogs]` | `[AuditLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `exportStorageAccountName` | string | `''` | | The name of the default export storage account. | -| `importEnabled` | bool | `False` | | If the import operation is enabled. | -| `importStorageAccountName` | string | `''` | | The name of the default integration storage account. | -| `initialImportMode` | bool | `False` | | If the FHIR service is in InitialImportMode. | -| `kind` | string | `'fhir-R4'` | `[fhir-R4, fhir-Stu3]` | The kind of the service. Defaults to R4. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | -| `resourceVersionOverrides` | object | `{object}` | | A list of FHIR Resources and their version policy overrides. | -| `resourceVersionPolicy` | string | `'versioned'` | `[no-version, versioned, versioned-update]` | The default value for tracking history across all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smartProxyEnabled` | bool | `False` | | If the SMART on FHIR proxy is enabled. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicyObjectIds`](#parameter-accesspolicyobjectids) | array | List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. | +| [`acrLoginServers`](#parameter-acrloginservers) | array | The list of the Azure container registry login servers. | +| [`acrOciArtifacts`](#parameter-acrociartifacts) | array | The list of Open Container Initiative (OCI) artifacts. | +| [`authenticationAudience`](#parameter-authenticationaudience) | string | The audience url for the service. | +| [`authenticationAuthority`](#parameter-authenticationauthority) | string | The authority url for the service. | +| [`corsAllowCredentials`](#parameter-corsallowcredentials) | bool | Use this setting to indicate that cookies should be included in CORS requests. | +| [`corsHeaders`](#parameter-corsheaders) | array | Specify HTTP headers which can be used during the request. Use "*" for any header. | +| [`corsMaxAge`](#parameter-corsmaxage) | int | Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. | +| [`corsMethods`](#parameter-corsmethods) | array | Specify the allowed HTTP methods. | +| [`corsOrigins`](#parameter-corsorigins) | array | Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`exportStorageAccountName`](#parameter-exportstorageaccountname) | string | The name of the default export storage account. | +| [`importEnabled`](#parameter-importenabled) | bool | If the import operation is enabled. | +| [`importStorageAccountName`](#parameter-importstorageaccountname) | string | The name of the default integration storage account. | +| [`initialImportMode`](#parameter-initialimportmode) | bool | If the FHIR service is in InitialImportMode. | +| [`kind`](#parameter-kind) | string | The kind of the service. Defaults to R4. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | +| [`resourceVersionOverrides`](#parameter-resourceversionoverrides) | object | A list of FHIR Resources and their version policy overrides. | +| [`resourceVersionPolicy`](#parameter-resourceversionpolicy) | string | The default value for tracking history across all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smartProxyEnabled`](#parameter-smartproxyenabled) | bool | If the SMART on FHIR proxy is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `accessPolicyObjectIds` + +List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `acrLoginServers` + +The list of the Azure container registry login servers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `acrOciArtifacts` + +The list of Open Container Initiative (OCI) artifacts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authenticationAudience` + +The audience url for the service. +- Required: No +- Type: string +- Default: `[format('https://{0}-{1}.fhir.azurehealthcareapis.com', parameters('workspaceName'), parameters('name'))]` + +### Parameter: `authenticationAuthority` + +The authority url for the service. +- Required: No +- Type: string +- Default: `[uri(environment().authentication.loginEndpoint, subscription().tenantId)]` + +### Parameter: `corsAllowCredentials` + +Use this setting to indicate that cookies should be included in CORS requests. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `corsHeaders` + +Specify HTTP headers which can be used during the request. Use "*" for any header. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `corsMaxAge` + +Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `corsMethods` + +Specify the allowed HTTP methods. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[DELETE, GET, OPTIONS, PATCH, POST, PUT]` + +### Parameter: `corsOrigins` + +Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[AuditLogs]` +- Allowed: `[AuditLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportStorageAccountName` + +The name of the default export storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `importEnabled` + +If the import operation is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `importStorageAccountName` + +The name of the default integration storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `initialImportMode` + +If the FHIR service is in InitialImportMode. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `kind` + +The kind of the service. Defaults to R4. +- Required: No +- Type: string +- Default: `'fhir-R4'` +- Allowed: `[fhir-R4, fhir-Stu3]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the FHIR service. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +Control permission for data plane traffic coming from public networks while private endpoint is enabled. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `resourceVersionOverrides` + +A list of FHIR Resources and their version policy overrides. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceVersionPolicy` + +The default value for tracking history across all resources. +- Required: No +- Type: string +- Default: `'versioned'` +- Allowed: `[no-version, versioned, versioned-update]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smartProxyEnabled` + +If the SMART on FHIR proxy is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the fhir service. | diff --git a/modules/healthcare-apis/workspace/fhirservice/main.json b/modules/healthcare-apis/workspace/fhirservice/main.json index 33998d37da..96a6c13806 100644 --- a/modules/healthcare-apis/workspace/fhirservice/main.json +++ b/modules/healthcare-apis/workspace/fhirservice/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3716031618750035294" + "version": "0.22.6.54827", + "templateHash": "11687946305671678451" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", @@ -446,8 +446,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13975136606830731755" + "version": "0.22.6.54827", + "templateHash": "13260238293612966350" } }, "parameters": { diff --git a/modules/healthcare-apis/workspace/iotconnector/README.md b/modules/healthcare-apis/workspace/iotconnector/README.md index e23cdfb648..d250583016 100644 --- a/modules/healthcare-apis/workspace/iotconnector/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/README.md @@ -23,43 +23,182 @@ This module deploys a Healthcare API Workspace IoT Connector. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `deviceMapping` | object | `{object}` | The mapping JSON that determines how incoming device data is normalized. | -| `eventHubName` | string | | Event Hub name to connect to. | -| `eventHubNamespaceName` | string | | Namespace of the Event Hub to connect to. | -| `name` | string | | The name of the MedTech service. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deviceMapping`](#parameter-devicemapping) | object | The mapping JSON that determines how incoming device data is normalized. | +| [`eventHubName`](#parameter-eventhubname) | string | Event Hub name to connect to. | +| [`eventHubNamespaceName`](#parameter-eventhubnamespacename) | string | Namespace of the Event Hub to connect to. | +| [`name`](#parameter-name) | string | The name of the MedTech service. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `consumerGroup` | string | `[parameters('name')]` | | Consumer group of the event hub to connected to. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[DiagnosticLogs]` | `[DiagnosticLogs]` | The name of logs that will be streamed. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `fhirdestination` | _[fhirdestination](fhirdestination/README.md)_ object | `{object}` | | FHIR Destination. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`consumerGroup`](#parameter-consumergroup) | string | Consumer group of the event hub to connected to. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`fhirdestination`](#parameter-fhirdestination) | object | FHIR Destination. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `consumerGroup` + +Consumer group of the event hub to connected to. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `deviceMapping` + +The mapping JSON that determines how incoming device data is normalized. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. +- Required: No +- Type: array +- Default: `[DiagnosticLogs]` +- Allowed: `[DiagnosticLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `eventHubName` + +Event Hub name to connect to. +- Required: Yes +- Type: string + +### Parameter: `eventHubNamespaceName` + +Namespace of the Event Hub to connect to. +- Required: Yes +- Type: string + +### Parameter: `fhirdestination` + +FHIR Destination. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the MedTech service. +- Required: Yes +- Type: string + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the medtech service. | diff --git a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md index 9a81a65c63..16df71b996 100644 --- a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md @@ -20,31 +20,84 @@ This module deploys a Healthcare API Workspace IoT Connector FHIR Destination. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `destinationMapping` | object | `{object}` | The mapping JSON that determines how normalized data is converted to FHIR Observations. | -| `fhirServiceResourceId` | string | | The resource identifier of the FHIR Service to connect to. | -| `name` | string | | The name of the FHIR destination. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`destinationMapping`](#parameter-destinationmapping) | object | The mapping JSON that determines how normalized data is converted to FHIR Observations. | +| [`fhirServiceResourceId`](#parameter-fhirserviceresourceid) | string | The resource identifier of the FHIR Service to connect to. | +| [`name`](#parameter-name) | string | The name of the FHIR destination. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `iotConnectorName` | string | The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. | -| `workspaceName` | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | +| [`iotConnectorName`](#parameter-iotconnectorname) | string | The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. | +| [`workspaceName`](#parameter-workspacename) | string | The name of the parent health data services workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `resourceIdentityResolutionType` | string | `'Lookup'` | `[Create, Lookup]` | Determines how resource identity is resolved on the destination. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`resourceIdentityResolutionType`](#parameter-resourceidentityresolutiontype) | string | Determines how resource identity is resolved on the destination. | + +### Parameter: `destinationMapping` + +The mapping JSON that determines how normalized data is converted to FHIR Observations. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `fhirServiceResourceId` + +The resource identifier of the FHIR Service to connect to. +- Required: Yes +- Type: string + +### Parameter: `iotConnectorName` + +The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the FHIR destination. +- Required: Yes +- Type: string + +### Parameter: `resourceIdentityResolutionType` + +Determines how resource identity is resolved on the destination. +- Required: No +- Type: string +- Default: `'Lookup'` +- Allowed: `[Create, Lookup]` + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `iotConnectorName` | string | The name of the medtech service. | | `location` | string | The location the resource was deployed into. | diff --git a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json index b48bcb3727..8f1f5ff94d 100644 --- a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json +++ b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18442235072798053221" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/healthcare-apis/workspace/iotconnector/main.json b/modules/healthcare-apis/workspace/iotconnector/main.json index 63bb75e273..cce29e9a45 100644 --- a/modules/healthcare-apis/workspace/iotconnector/main.json +++ b/modules/healthcare-apis/workspace/iotconnector/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16981578699165858107" + "version": "0.22.6.54827", + "templateHash": "3714179156189652458" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", @@ -295,8 +295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18442235072798053221" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/healthcare-apis/workspace/main.json b/modules/healthcare-apis/workspace/main.json index 6ea7262bfa..3437138b45 100644 --- a/modules/healthcare-apis/workspace/main.json +++ b/modules/healthcare-apis/workspace/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10903561527048363978" + "version": "0.22.6.54827", + "templateHash": "5818866804276261569" }, "name": "Healthcare API Workspaces", "description": "This module deploys a Healthcare API Workspace.", @@ -168,8 +168,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14482455306867053366" + "version": "0.22.6.54827", + "templateHash": "4822666259108954856" } }, "parameters": { @@ -356,8 +356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17348973963835618248" + "version": "0.22.6.54827", + "templateHash": "11687946305671678451" }, "name": "Healthcare API Workspace FHIR Services", "description": "This module deploys a Healthcare API Workspace FHIR Service.", @@ -798,8 +798,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5237941464164481673" + "version": "0.22.6.54827", + "templateHash": "13260238293612966350" } }, "parameters": { @@ -1020,8 +1020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14081576760153046183" + "version": "0.22.6.54827", + "templateHash": "12318721261811271092" }, "name": "Healthcare API Workspace DICOM Services", "description": "This module deploys a Healthcare API Workspace DICOM Service.", @@ -1365,8 +1365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7419022677033687481" + "version": "0.22.6.54827", + "templateHash": "3714179156189652458" }, "name": "Healthcare API Workspace IoT Connectors", "description": "This module deploys a Healthcare API Workspace IoT Connector.", @@ -1656,8 +1656,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8944835312780233488" + "version": "0.22.6.54827", + "templateHash": "10973515077627017376" }, "name": "Healthcare API Workspace IoT Connector FHIR Destinations", "description": "This module deploys a Healthcare API Workspace IoT Connector FHIR Destination.", diff --git a/modules/insights/action-group/.test/common/main.test.bicep b/modules/insights/action-group/.test/common/main.test.bicep index cbc7e3e4f2..4f4d8071b8 100644 --- a/modules/insights/action-group/.test/common/main.test.bicep +++ b/modules/insights/action-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/action-group/.test/min/main.test.bicep b/modules/insights/action-group/.test/min/main.test.bicep index e4cdbfbdce..22938cd7a3 100644 --- a/modules/insights/action-group/.test/min/main.test.bicep +++ b/modules/insights/action-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/action-group/README.md b/modules/insights/action-group/README.md index 65ef94f1ad..1a54447aa7 100644 --- a/modules/insights/action-group/README.md +++ b/modules/insights/action-group/README.md @@ -5,10 +5,10 @@ This module deploys an Action Group. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -18,64 +18,29 @@ This module deploys an Action Group. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/actionGroups` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2023-01-01/actionGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `groupShortName` | string | The short name of the action group. | -| `name` | string | The name of the action group. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `armRoleReceivers` | array | `[]` | The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. | -| `automationRunbookReceivers` | array | `[]` | The list of AutomationRunbook receivers that are part of this action group. | -| `azureAppPushReceivers` | array | `[]` | The list of AzureAppPush receivers that are part of this action group. | -| `azureFunctionReceivers` | array | `[]` | The list of function receivers that are part of this action group. | -| `emailReceivers` | array | `[]` | The list of email receivers that are part of this action group. | -| `enabled` | bool | `True` | Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `itsmReceivers` | array | `[]` | The list of ITSM receivers that are part of this action group. | -| `location` | string | `'global'` | Location for all resources. | -| `logicAppReceivers` | array | `[]` | The list of logic app receivers that are part of this action group. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smsReceivers` | array | `[]` | The list of SMS receivers that are part of this action group. | -| `tags` | object | `{object}` | Tags of the resource. | -| `voiceReceivers` | array | `[]` | The list of voice receivers that are part of this action group. | -| `webhookReceivers` | array | `[]` | The list of webhook receivers that are part of this action group. | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the action group . | -| `resourceGroupName` | string | The resource group the action group was deployed into. | -| `resourceId` | string | The resource ID of the action group . | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.action-group:1.0.0`. -_None_ +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module actionGroup './insights/action-group/main.bicep' = { +module actionGroup 'br:bicep/modules/insights.action-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iagcom' params: { // Required parameters @@ -189,14 +154,17 @@ module actionGroup './insights/action-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module actionGroup './insights/action-group/main.bicep' = { +module actionGroup 'br:bicep/modules/insights.action-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iagmin' params: { // Required parameters @@ -239,6 +207,166 @@ module actionGroup './insights/action-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`groupShortName`](#parameter-groupshortname) | string | The short name of the action group. | +| [`name`](#parameter-name) | string | The name of the action group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`armRoleReceivers`](#parameter-armrolereceivers) | array | The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. | +| [`automationRunbookReceivers`](#parameter-automationrunbookreceivers) | array | The list of AutomationRunbook receivers that are part of this action group. | +| [`azureAppPushReceivers`](#parameter-azureapppushreceivers) | array | The list of AzureAppPush receivers that are part of this action group. | +| [`azureFunctionReceivers`](#parameter-azurefunctionreceivers) | array | The list of function receivers that are part of this action group. | +| [`emailReceivers`](#parameter-emailreceivers) | array | The list of email receivers that are part of this action group. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`itsmReceivers`](#parameter-itsmreceivers) | array | The list of ITSM receivers that are part of this action group. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`logicAppReceivers`](#parameter-logicappreceivers) | array | The list of logic app receivers that are part of this action group. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smsReceivers`](#parameter-smsreceivers) | array | The list of SMS receivers that are part of this action group. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`voiceReceivers`](#parameter-voicereceivers) | array | The list of voice receivers that are part of this action group. | +| [`webhookReceivers`](#parameter-webhookreceivers) | array | The list of webhook receivers that are part of this action group. | + +### Parameter: `armRoleReceivers` + +The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `automationRunbookReceivers` + +The list of AutomationRunbook receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureAppPushReceivers` + +The list of AzureAppPush receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureFunctionReceivers` + +The list of function receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `emailReceivers` + +The list of email receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enabled` + +Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groupShortName` + +The short name of the action group. +- Required: Yes +- Type: string + +### Parameter: `itsmReceivers` + +The list of ITSM receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `logicAppReceivers` + +The list of logic app receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the action group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smsReceivers` + +The list of SMS receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `voiceReceivers` + +The list of voice receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `webhookReceivers` + +The list of webhook receivers that are part of this action group. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the action group . | +| `resourceGroupName` | string | The resource group the action group was deployed into. | +| `resourceId` | string | The resource ID of the action group . | + +## Cross-referenced modules + +_None_ + ## Notes - Receiver name must be unique across the ActionGroup. diff --git a/modules/insights/activity-log-alert/.test/common/main.test.bicep b/modules/insights/activity-log-alert/.test/common/main.test.bicep index f95e1529af..49d570477c 100644 --- a/modules/insights/activity-log-alert/.test/common/main.test.bicep +++ b/modules/insights/activity-log-alert/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/activity-log-alert/README.md b/modules/insights/activity-log-alert/README.md index 4e9a5b012e..3e11261b48 100644 --- a/modules/insights/activity-log-alert/README.md +++ b/modules/insights/activity-log-alert/README.md @@ -5,10 +5,10 @@ This module deploys an Activity Log Alert. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -17,57 +17,28 @@ This module deploys an Activity Log Alert. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/activityLogAlerts` | [2020-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `conditions` | array | An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). | -| `name` | string | The name of the alert. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | The list of actions to take when alert triggers. | -| `alertDescription` | string | `''` | Description of the alert. | -| `enabled` | bool | `True` | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | Location for all resources. | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopes` | array | `[[subscription().id]]` | The list of resource IDs that this Activity Log Alert is scoped to. | -| `tags` | object | `{object}` | Tags of the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the activity log alert. | -| `resourceGroupName` | string | The resource group the activity log alert was deployed into. | -| `resourceId` | string | The resource ID of the activity log alert. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.activity-log-alert:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module activityLogAlert './insights/activity-log-alert/main.bicep' = { +module activityLogAlert 'br:bicep/modules/insights.activity-log-alert:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-ialacom' params: { // Required parameters @@ -222,3 +193,108 @@ module activityLogAlert './insights/activity-log-alert/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`conditions`](#parameter-conditions) | array | An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). | +| [`name`](#parameter-name) | string | The name of the alert. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | The list of actions to take when alert triggers. | +| [`alertDescription`](#parameter-alertdescription) | string | Description of the alert. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this alert is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopes`](#parameter-scopes) | array | The list of resource IDs that this Activity Log Alert is scoped to. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `actions` + +The list of actions to take when alert triggers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertDescription` + +Description of the alert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditions` + +An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). +- Required: Yes +- Type: array + +### Parameter: `enabled` + +Indicates whether this alert is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the alert. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +The list of resource IDs that this Activity Log Alert is scoped to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the activity log alert. | +| `resourceGroupName` | string | The resource group the activity log alert was deployed into. | +| `resourceId` | string | The resource ID of the activity log alert. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/component/.test/common/main.test.bicep b/modules/insights/component/.test/common/main.test.bicep index bb1280676e..31b26886ab 100644 --- a/modules/insights/component/.test/common/main.test.bicep +++ b/modules/insights/component/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/component/.test/min/main.test.bicep b/modules/insights/component/.test/min/main.test.bicep index 7e5bd974e5..965482d24d 100644 --- a/modules/insights/component/.test/min/main.test.bicep +++ b/modules/insights/component/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/component/README.md b/modules/insights/component/README.md index 815a655d02..61ea9980a5 100644 --- a/modules/insights/component/README.md +++ b/modules/insights/component/README.md @@ -5,10 +5,10 @@ This component deploys an Application Insights instance. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,68 +18,29 @@ This component deploys an Application Insights instance. | `Microsoft.Insights/components` | [2020-02-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Insights. | -| `workspaceResourceId` | string | Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `applicationType` | string | `'web'` | `[other, web]` | Application type. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AppAvailabilityResults, AppBrowserTimings, AppDependencies, AppEvents, AppExceptions, AppMetrics, AppPageViews, AppPerformanceCounters, AppRequests, AppSystemEvents, AppTraces]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `kind` | string | `''` | | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. | -| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Application Insights query. - Enabled or Disabled. | -| `retentionInDays` | int | `365` | `[30, 60, 90, 120, 180, 270, 365, 550, 730]` | Retention period in days. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `samplingPercentage` | int | `100` | | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationId` | string | The application ID of the application insights component. | -| `instrumentationKey` | string | Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application insights component. | -| `resourceGroupName` | string | The resource group the application insights component was deployed into. | -| `resourceId` | string | The resource ID of the application insights component. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.component:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module component './insights/component/main.bicep' = { +module component 'br:bicep/modules/insights.component:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iccom' params: { // Required parameters @@ -169,14 +130,17 @@ module component './insights/component/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module component './insights/component/main.bicep' = { +module component 'br:bicep/modules/insights.component:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-icmin' params: { // Required parameters @@ -217,3 +181,188 @@ module component './insights/component/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Insights. | +| [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationType`](#parameter-applicationtype) | string | Application type. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`kind`](#parameter-kind) | string | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. | +| [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Application Insights query. - Enabled or Disabled. | +| [`retentionInDays`](#parameter-retentionindays) | int | Retention period in days. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`samplingPercentage`](#parameter-samplingpercentage) | int | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `applicationType` + +Application type. +- Required: No +- Type: string +- Default: `'web'` +- Allowed: `[other, web]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AppAvailabilityResults, AppBrowserTimings, AppDependencies, AppEvents, AppExceptions, AppMetrics, AppPageViews, AppPerformanceCounters, AppRequests, AppSystemEvents, AppTraces]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Application Insights. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccessForIngestion` + +The network access type for accessing Application Insights ingestion. - Enabled or Disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `publicNetworkAccessForQuery` + +The network access type for accessing Application Insights query. - Enabled or Disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `retentionInDays` + +Retention period in days. +- Required: No +- Type: int +- Default: `365` +- Allowed: `[30, 60, 90, 120, 180, 270, 365, 550, 730]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `samplingPercentage` + +Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workspaceResourceId` + +Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `applicationId` | string | The application ID of the application insights component. | +| `instrumentationKey` | string | Application Insights Instrumentation key. A read-only value that applications can use to identify the destination for all telemetry sent to Azure Application Insights. This value will be supplied upon construction of each new Application Insights component. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application insights component. | +| `resourceGroupName` | string | The resource group the application insights component was deployed into. | +| `resourceId` | string | The resource ID of the application insights component. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/component/main.json b/modules/insights/component/main.json index 8e2f175e45..b3eddedc41 100644 --- a/modules/insights/component/main.json +++ b/modules/insights/component/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17654702224690381000" + "version": "0.22.6.54827", + "templateHash": "10525905837638712461" }, "name": "Application Insights", "description": "This component deploys an Application Insights instance.", @@ -296,8 +296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13934424345752147710" + "version": "0.22.6.54827", + "templateHash": "11402620495113145502" } }, "parameters": { diff --git a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep index 2ce0a08132..5c0660113b 100644 --- a/modules/insights/data-collection-endpoint/.test/common/main.test.bicep +++ b/modules/insights/data-collection-endpoint/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-endpoint/.test/min/main.test.bicep b/modules/insights/data-collection-endpoint/.test/min/main.test.bicep index 0de821478e..0ac9115755 100644 --- a/modules/insights/data-collection-endpoint/.test/min/main.test.bicep +++ b/modules/insights/data-collection-endpoint/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 73a632031b..c57e9fe33a 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -5,10 +5,10 @@ This module deploys a Data Collection Endpoint. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,55 +18,29 @@ This module deploys a Data Collection Endpoint. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionEndpoints` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-04-01/dataCollectionEndpoints) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the data collection endpoint. The name is case insensitive. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `kind` | string | `'Linux'` | `[Linux, Windows]` | The kind of the resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | The configuration to set whether network access from public internet to the endpoints are allowed. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Resource tags. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the dataCollectionEndpoint. | -| `resourceGroupName` | string | The name of the resource group the dataCollectionEndpoint was created in. | -| `resourceId` | string | The resource ID of the dataCollectionEndpoint. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-endpoint:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' = { +module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoint:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcecom' params: { // Required parameters @@ -148,14 +122,17 @@ module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' =

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' = { +module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoint:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcemin' params: { // Required parameters @@ -192,3 +169,96 @@ module dataCollectionEndpoint './insights/data-collection-endpoint/main.bicep' =

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the data collection endpoint. The name is case insensitive. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`kind`](#parameter-kind) | string | The kind of the resource. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | The configuration to set whether network access from public internet to the endpoints are allowed. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of the resource. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the data collection endpoint. The name is case insensitive. +- Required: Yes +- Type: string + +### Parameter: `publicNetworkAccess` + +The configuration to set whether network access from public internet to the endpoints are allowed. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the dataCollectionEndpoint. | +| `resourceGroupName` | string | The name of the resource group the dataCollectionEndpoint was created in. | +| `resourceId` | string | The resource ID of the dataCollectionEndpoint. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/data-collection-endpoint/main.json b/modules/insights/data-collection-endpoint/main.json index 23d2aeef04..f40ef19865 100644 --- a/modules/insights/data-collection-endpoint/main.json +++ b/modules/insights/data-collection-endpoint/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3728781575799278005" + "version": "0.22.6.54827", + "templateHash": "13275626141321439645" }, "name": "Data Collection Endpoints", "description": "This module deploys a Data Collection Endpoint.", @@ -157,8 +157,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8300016643720111813" + "version": "0.22.6.54827", + "templateHash": "5079554613850149123" } }, "parameters": { diff --git a/modules/insights/data-collection-rule/.test/min/main.test.bicep b/modules/insights/data-collection-rule/.test/min/main.test.bicep index 46e103725d..e18f5d9ef8 100644 --- a/modules/insights/data-collection-rule/.test/min/main.test.bicep +++ b/modules/insights/data-collection-rule/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index aa4038af07..e80fa2a84f 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -5,10 +5,10 @@ This module deploys a Data Collection Rule. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,60 +18,30 @@ This module deploys a Data Collection Rule. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/dataCollectionRules` | [2021-09-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-09-01-preview/dataCollectionRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `dataFlows` | array | The specification of data flows. | -| `dataSources` | object | Specification of data sources that will be collected. | -| `destinations` | object | Specification of destinations that can be used in data flows. | -| `name` | string | The name of the data collection rule. The name is case insensitive. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `dataCollectionEndpointId` | string | `''` | | The resource ID of the data collection endpoint that this rule can be used with. | -| `description` | string | `''` | | Description of the data collection rule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `kind` | string | `'Linux'` | `[Linux, Windows]` | The kind of the resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `streamDeclarations` | object | `{object}` | | Declaration of custom streams used in this rule. | -| `tags` | object | `{object}` | | Resource tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the dataCollectionRule. | -| `resourceGroupName` | string | The name of the resource group the dataCollectionRule was created in. | -| `resourceId` | string | The resource ID of the dataCollectionRule. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Customadv

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.data-collection-rule:1.0.0`. + +- [Customadv](#example-1-customadv) +- [Custombasic](#example-2-custombasic) +- [Customiis](#example-3-customiis) +- [Linux](#example-4-linux) +- [Using only defaults](#example-5-using-only-defaults) +- [Windows](#example-6-windows) + +### Example 1: _Customadv_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusadv' params: { // Required parameters @@ -305,14 +275,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 2: Custombasic

+### Example 2: _Custombasic_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusbas' params: { // Required parameters @@ -514,14 +484,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 3: Customiis

+### Example 3: _Customiis_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrcusiis' params: { // Required parameters @@ -679,14 +649,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 4: Linux

+### Example 4: _Linux_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrlin' params: { // Required parameters @@ -1068,14 +1038,17 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 5: Min

+### Example 5: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrmin' params: { // Required parameters @@ -1199,14 +1172,14 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

-

Example 6: Windows

+### Example 6: _Windows_
via Bicep module ```bicep -module dataCollectionRule './insights/data-collection-rule/main.bicep' = { +module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' = { name: '${uniqueString(deployment().name)}-test-idcrwin' params: { // Required parameters @@ -1495,3 +1468,132 @@ module dataCollectionRule './insights/data-collection-rule/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataFlows`](#parameter-dataflows) | array | The specification of data flows. | +| [`dataSources`](#parameter-datasources) | object | Specification of data sources that will be collected. | +| [`destinations`](#parameter-destinations) | object | Specification of destinations that can be used in data flows. | +| [`name`](#parameter-name) | string | The name of the data collection rule. The name is case insensitive. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`dataCollectionEndpointId`](#parameter-datacollectionendpointid) | string | The resource ID of the data collection endpoint that this rule can be used with. | +| [`description`](#parameter-description) | string | Description of the data collection rule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`kind`](#parameter-kind) | string | The kind of the resource. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`streamDeclarations`](#parameter-streamdeclarations) | object | Declaration of custom streams used in this rule. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `dataCollectionEndpointId` + +The resource ID of the data collection endpoint that this rule can be used with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dataFlows` + +The specification of data flows. +- Required: Yes +- Type: array + +### Parameter: `dataSources` + +Specification of data sources that will be collected. +- Required: Yes +- Type: object + +### Parameter: `description` + +Description of the data collection rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinations` + +Specification of destinations that can be used in data flows. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +The kind of the resource. +- Required: No +- Type: string +- Default: `'Linux'` +- Allowed: `[Linux, Windows]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the data collection rule. The name is case insensitive. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `streamDeclarations` + +Declaration of custom streams used in this rule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the dataCollectionRule. | +| `resourceGroupName` | string | The name of the resource group the dataCollectionRule was created in. | +| `resourceId` | string | The resource ID of the dataCollectionRule. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/data-collection-rule/main.json b/modules/insights/data-collection-rule/main.json index 40ab530aea..9fd6a4d083 100644 --- a/modules/insights/data-collection-rule/main.json +++ b/modules/insights/data-collection-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4052867535187508575" + "version": "0.22.6.54827", + "templateHash": "12233779363216703767" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule.", @@ -188,8 +188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5004939963696451046" + "version": "0.22.6.54827", + "templateHash": "15006261932688103990" } }, "parameters": { diff --git a/modules/insights/diagnostic-setting/.test/common/main.test.bicep b/modules/insights/diagnostic-setting/.test/common/main.test.bicep index d8eb101670..4fdfbd0770 100644 --- a/modules/insights/diagnostic-setting/.test/common/main.test.bicep +++ b/modules/insights/diagnostic-setting/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/diagnostic-setting/README.md b/modules/insights/diagnostic-setting/README.md index 1af907de3f..68530fe60a 100644 --- a/modules/insights/diagnostic-setting/README.md +++ b/modules/insights/diagnostic-setting/README.md @@ -5,10 +5,10 @@ This module deploys a Subscription wide export of the Activity Log. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,49 +16,28 @@ This module deploys a Subscription wide export of the Activity Log. | :-- | :-- | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', Administrative, Alert, allLogs, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `name` | string | `[format('{0}-ActivityLog', uniqueString(subscription().id))]` | | Name of the ActivityLog diagnostic settings. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the diagnostic settings. | -| `resourceId` | string | The resource ID of the diagnostic settings. | -| `subscriptionName` | string | The name of the subscription to deploy into. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.diagnostic-setting:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module diagnosticSetting './insights/diagnostic-setting/main.bicep' = { +module diagnosticSetting 'br:bicep/modules/insights.diagnostic-setting:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-idscom' params: { diagnosticEventHubAuthorizationRuleId: '' @@ -107,3 +86,89 @@ module diagnosticSetting './insights/diagnostic-setting/main.bicep' = {

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`name`](#parameter-name) | string | Name of the ActivityLog diagnostic settings. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', Administrative, Alert, allLogs, Autoscale, Policy, Recommendation, ResourceHealth, Security, ServiceHealth]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +Name of the ActivityLog diagnostic settings. +- Required: No +- Type: string +- Default: `[format('{0}-ActivityLog', uniqueString(subscription().id))]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the diagnostic settings. | +| `resourceId` | string | The resource ID of the diagnostic settings. | +| `subscriptionName` | string | The name of the subscription to deploy into. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/diagnostic-setting/main.json b/modules/insights/diagnostic-setting/main.json index 19685f7e7b..7ced987e1c 100644 --- a/modules/insights/diagnostic-setting/main.json +++ b/modules/insights/diagnostic-setting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9469136899800527049" + "version": "0.22.6.54827", + "templateHash": "11607957812214718943" }, "name": "Diagnostic Settings (Activity Logs) for Azure Subscriptions", "description": "This module deploys a Subscription wide export of the Activity Log.", diff --git a/modules/insights/metric-alert/.test/common/main.test.bicep b/modules/insights/metric-alert/.test/common/main.test.bicep index 148d924d70..a5fcd52873 100644 --- a/modules/insights/metric-alert/.test/common/main.test.bicep +++ b/modules/insights/metric-alert/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/metric-alert/README.md b/modules/insights/metric-alert/README.md index b2ffecb0f5..04c65c18dc 100644 --- a/modules/insights/metric-alert/README.md +++ b/modules/insights/metric-alert/README.md @@ -4,82 +4,41 @@ This module deploys a Metric Alert. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/metricAlerts` | [2018-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `criterias` | array | Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. | -| `name` | string | The name of the alert. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `targetResourceRegion` | string | `''` | The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | -| `targetResourceType` | string | `''` | The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | The list of actions to take when alert triggers. | -| `alertCriteriaType` | string | `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` | `[Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria]` | Maps to the 'odata.type' field. Specifies the type of the alert criteria. | -| `alertDescription` | string | `''` | | Description of the alert. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be auto resolved or not. | -| `enabled` | bool | `True` | | Indicates whether this alert is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evaluationFrequency` | string | `'PT5M'` | `[PT15M, PT1H, PT1M, PT30M, PT5M]` | how often the metric alert is evaluated represented in ISO 8601 duration format. | -| `location` | string | `'global'` | | Location for all resources. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopes` | array | `[[subscription().id]]` | | the list of resource IDs that this metric alert is scoped to. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | The severity of the alert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `windowSize` | string | `'PT15M'` | `[P1D, PT12H, PT15M, PT1H, PT1M, PT30M, PT5M, PT6H]` | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the metric alert. | -| `resourceGroupName` | string | The resource group the metric alert was deployed into. | -| `resourceId` | string | The resource ID of the metric alert. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.metric-alert:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module metricAlert './insights/metric-alert/main.bicep' = { +module metricAlert 'br:bicep/modules/insights.metric-alert:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-imacom' params: { // Required parameters @@ -196,3 +155,173 @@ module metricAlert './insights/metric-alert/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`criterias`](#parameter-criterias) | array | Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. | +| [`name`](#parameter-name) | string | The name of the alert. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`targetResourceRegion`](#parameter-targetresourceregion) | string | The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | +| [`targetResourceType`](#parameter-targetresourcetype) | string | The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | The list of actions to take when alert triggers. | +| [`alertCriteriaType`](#parameter-alertcriteriatype) | string | Maps to the 'odata.type' field. Specifies the type of the alert criteria. | +| [`alertDescription`](#parameter-alertdescription) | string | Description of the alert. | +| [`autoMitigate`](#parameter-automitigate) | bool | The flag that indicates whether the alert should be auto resolved or not. | +| [`enabled`](#parameter-enabled) | bool | Indicates whether this alert is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evaluationFrequency`](#parameter-evaluationfrequency) | string | how often the metric alert is evaluated represented in ISO 8601 duration format. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopes`](#parameter-scopes) | array | the list of resource IDs that this metric alert is scoped to. | +| [`severity`](#parameter-severity) | int | The severity of the alert. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`windowSize`](#parameter-windowsize) | string | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | + +### Parameter: `actions` + +The list of actions to take when alert triggers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertCriteriaType` + +Maps to the 'odata.type' field. Specifies the type of the alert criteria. +- Required: No +- Type: string +- Default: `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` +- Allowed: `[Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria, Microsoft.Azure.Monitor.WebtestLocationAvailabilityCriteria]` + +### Parameter: `alertDescription` + +Description of the alert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `autoMitigate` + +The flag that indicates whether the alert should be auto resolved or not. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `criterias` + +Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. +- Required: Yes +- Type: array + +### Parameter: `enabled` + +Indicates whether this alert is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluationFrequency` + +how often the metric alert is evaluated represented in ISO 8601 duration format. +- Required: No +- Type: string +- Default: `'PT5M'` +- Allowed: `[PT15M, PT1H, PT1M, PT30M, PT5M]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `name` + +The name of the alert. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +the list of resource IDs that this metric alert is scoped to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `severity` + +The severity of the alert. +- Required: No +- Type: int +- Default: `3` +- Allowed: `[0, 1, 2, 3, 4]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceRegion` + +The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `targetResourceType` + +The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `windowSize` + +the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. +- Required: No +- Type: string +- Default: `'PT15M'` +- Allowed: `[P1D, PT12H, PT15M, PT1H, PT1M, PT30M, PT5M, PT6H]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the metric alert. | +| `resourceGroupName` | string | The resource group the metric alert was deployed into. | +| `resourceId` | string | The resource ID of the metric alert. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/private-link-scope/.test/common/main.test.bicep b/modules/insights/private-link-scope/.test/common/main.test.bicep index ee6b934b40..9b899bd5c8 100644 --- a/modules/insights/private-link-scope/.test/common/main.test.bicep +++ b/modules/insights/private-link-scope/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/private-link-scope/.test/min/main.test.bicep b/modules/insights/private-link-scope/.test/min/main.test.bicep index 63ab6727cc..38e1bad335 100644 --- a/modules/insights/private-link-scope/.test/min/main.test.bicep +++ b/modules/insights/private-link-scope/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/private-link-scope/README.md b/modules/insights/private-link-scope/README.md index 44b66f32bb..e78157dd99 100644 --- a/modules/insights/private-link-scope/README.md +++ b/modules/insights/private-link-scope/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Monitor Private Link Scope. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,59 +21,28 @@ This module deploys an Azure Monitor Private Link Scope. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the private link scope. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `'global'` | | The location of the private link scope. Should be global. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `scopedResources` | array | `[]` | | Configuration details for Azure Monitor Resources. | -| `tags` | object | `{object}` | | Resource tags. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the private link scope. | -| `resourceGroupName` | string | The resource group the private link scope was deployed into. | -| `resourceId` | string | The resource ID of the private link scope. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.private-link-scope:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module privateLinkScope './insights/private-link-scope/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-iplscom' params: { // Required parameters @@ -191,14 +160,16 @@ module privateLinkScope './insights/private-link-scope/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module privateLinkScope './insights/private-link-scope/main.bicep' = { name: '${uniqueString(deployment().name, location)}-test-iplsmin' params: { // Required parameters @@ -235,3 +206,98 @@ module privateLinkScope './insights/private-link-scope/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the private link scope. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The location of the private link scope. Should be global. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scopedResources`](#parameter-scopedresources) | array | Configuration details for Azure Monitor Resources. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The location of the private link scope. Should be global. +- Required: No +- Type: string +- Default: `'global'` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the private link scope. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopedResources` + +Configuration details for Azure Monitor Resources. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the private link scope. | +| `resourceGroupName` | string | The resource group the private link scope was deployed into. | +| `resourceId` | string | The resource ID of the private link scope. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/insights/private-link-scope/main.json b/modules/insights/private-link-scope/main.json index d6e2051ab8..309a70ce4d 100644 --- a/modules/insights/private-link-scope/main.json +++ b/modules/insights/private-link-scope/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13996279122424310340" + "version": "0.22.6.54827", + "templateHash": "9824068275707710634" }, "name": "Azure Monitor Private Link Scopes", "description": "This module deploys an Azure Monitor Private Link Scope.", @@ -147,8 +147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3902218127334936289" + "version": "0.22.6.54827", + "templateHash": "13415430389319270642" }, "name": "Private Link Scope Scoped Resources", "description": "This module deploys a Private Link Scope Scoped Resource.", @@ -282,8 +282,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -482,8 +482,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -620,8 +620,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -834,8 +834,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10054224154652466544" + "version": "0.22.6.54827", + "templateHash": "5166949819431915903" } }, "parameters": { diff --git a/modules/insights/private-link-scope/scoped-resource/README.md b/modules/insights/private-link-scope/scoped-resource/README.md index 9a2b71bdfd..77b61ba102 100644 --- a/modules/insights/private-link-scope/scoped-resource/README.md +++ b/modules/insights/private-link-scope/scoped-resource/README.md @@ -19,27 +19,52 @@ This module deploys a Private Link Scope Scoped Resource. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `linkedResourceId` | string | The resource ID of the scoped Azure monitor resource. | -| `name` | string | Name of the private link scoped resource. | +| [`linkedResourceId`](#parameter-linkedresourceid) | string | The resource ID of the scoped Azure monitor resource. | +| [`name`](#parameter-name) | string | Name of the private link scoped resource. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `privateLinkScopeName` | string | The name of the parent private link scope. Required if the template is used in a standalone deployment. | +| [`privateLinkScopeName`](#parameter-privatelinkscopename) | string | The name of the parent private link scope. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `linkedResourceId` + +The resource ID of the scoped Azure monitor resource. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the private link scoped resource. +- Required: Yes +- Type: string + +### Parameter: `privateLinkScopeName` + +The name of the parent private link scope. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The full name of the deployed Scoped Resource. | | `resourceGroupName` | string | The name of the resource group where the resource has been deployed. | diff --git a/modules/insights/private-link-scope/scoped-resource/main.json b/modules/insights/private-link-scope/scoped-resource/main.json index 790a70f1a7..349184548c 100644 --- a/modules/insights/private-link-scope/scoped-resource/main.json +++ b/modules/insights/private-link-scope/scoped-resource/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15630582062607337146" + "version": "0.22.6.54827", + "templateHash": "13415430389319270642" }, "name": "Private Link Scope Scoped Resources", "description": "This module deploys a Private Link Scope Scoped Resource.", diff --git a/modules/insights/scheduled-query-rule/.test/common/main.test.bicep b/modules/insights/scheduled-query-rule/.test/common/main.test.bicep index a8b98171e6..225e5a94d4 100644 --- a/modules/insights/scheduled-query-rule/.test/common/main.test.bicep +++ b/modules/insights/scheduled-query-rule/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/scheduled-query-rule/README.md b/modules/insights/scheduled-query-rule/README.md index ac0722d263..8755fb9807 100644 --- a/modules/insights/scheduled-query-rule/README.md +++ b/modules/insights/scheduled-query-rule/README.md @@ -4,79 +4,41 @@ This module deploys a Scheduled Query Rule. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/scheduledQueryRules` | [2021-02-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `criterias` | object | The rule criteria that defines the conditions of the scheduled query rule. | -| `name` | string | The name of the Alert. | -| `scopes` | array | The list of resource IDs that this scheduled query rule is scoped to. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | | Actions to invoke when the alert fires. | -| `alertDescription` | string | `''` | | The description of the scheduled query rule. | -| `autoMitigate` | bool | `True` | | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | -| `enabled` | bool | `True` | | The flag which indicates whether this scheduled query rule is enabled. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evaluationFrequency` | string | `''` | | How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. | -| `kind` | string | `'LogAlert'` | `[LogAlert, LogToMetric]` | Indicates the type of scheduled query rule. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `queryTimeRange` | string | `''` | | If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `severity` | int | `3` | `[0, 1, 2, 3, 4]` | Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. | -| `skipQueryValidation` | bool | `False` | | The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. | -| `suppressForMinutes` | string | `''` | | Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `targetResourceTypes` | array | `[]` | | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | -| `windowSize` | string | `''` | | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The Name of the created query rule. | -| `resourceGroupName` | string | The Resource Group of the created query rule. | -| `resourceId` | string | The resource ID of the created query rule. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.scheduled-query-rule:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module scheduledQueryRule './insights/scheduled-query-rule/main.bicep' = { +module scheduledQueryRule 'br:bicep/modules/insights.scheduled-query-rule:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-isqrcom' params: { // Required parameters @@ -233,3 +195,181 @@ module scheduledQueryRule './insights/scheduled-query-rule/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`criterias`](#parameter-criterias) | object | The rule criteria that defines the conditions of the scheduled query rule. | +| [`name`](#parameter-name) | string | The name of the Alert. | +| [`scopes`](#parameter-scopes) | array | The list of resource IDs that this scheduled query rule is scoped to. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | Actions to invoke when the alert fires. | +| [`alertDescription`](#parameter-alertdescription) | string | The description of the scheduled query rule. | +| [`autoMitigate`](#parameter-automitigate) | bool | The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. | +| [`enabled`](#parameter-enabled) | bool | The flag which indicates whether this scheduled query rule is enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evaluationFrequency`](#parameter-evaluationfrequency) | string | How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. | +| [`kind`](#parameter-kind) | string | Indicates the type of scheduled query rule. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`queryTimeRange`](#parameter-querytimerange) | string | If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`severity`](#parameter-severity) | int | Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. | +| [`skipQueryValidation`](#parameter-skipqueryvalidation) | bool | The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. | +| [`suppressForMinutes`](#parameter-suppressforminutes) | string | Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`targetResourceTypes`](#parameter-targetresourcetypes) | array | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | +| [`windowSize`](#parameter-windowsize) | string | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | + +### Parameter: `actions` + +Actions to invoke when the alert fires. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `alertDescription` + +The description of the scheduled query rule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `autoMitigate` + +The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `criterias` + +The rule criteria that defines the conditions of the scheduled query rule. +- Required: Yes +- Type: object + +### Parameter: `enabled` + +The flag which indicates whether this scheduled query rule is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evaluationFrequency` + +How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Indicates the type of scheduled query rule. +- Required: No +- Type: string +- Default: `'LogAlert'` +- Allowed: `[LogAlert, LogToMetric]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Alert. +- Required: Yes +- Type: string + +### Parameter: `queryTimeRange` + +If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopes` + +The list of resource IDs that this scheduled query rule is scoped to. +- Required: Yes +- Type: array + +### Parameter: `severity` + +Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: int +- Default: `3` +- Allowed: `[0, 1, 2, 3, 4]` + +### Parameter: `skipQueryValidation` + +The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `suppressForMinutes` + +Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `targetResourceTypes` + +List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `windowSize` + +The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The Name of the created query rule. | +| `resourceGroupName` | string | The Resource Group of the created query rule. | +| `resourceId` | string | The resource ID of the created query rule. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/scheduled-query-rule/main.json b/modules/insights/scheduled-query-rule/main.json index 5d00e35361..5f912821a8 100644 --- a/modules/insights/scheduled-query-rule/main.json +++ b/modules/insights/scheduled-query-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14503369793494300469" + "version": "0.22.6.54827", + "templateHash": "5166537476303359521" }, "name": "Scheduled Query Rules", "description": "This module deploys a Scheduled Query Rule.", @@ -230,8 +230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15352642791797157407" + "version": "0.22.6.54827", + "templateHash": "10545808551952818846" } }, "parameters": { diff --git a/modules/insights/webtest/.test/common/main.test.bicep b/modules/insights/webtest/.test/common/main.test.bicep index 9e5d9bf6ce..2c96c3c4dd 100644 --- a/modules/insights/webtest/.test/common/main.test.bicep +++ b/modules/insights/webtest/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/webtest/.test/min/main.test.bicep b/modules/insights/webtest/.test/min/main.test.bicep index c309005ca8..b5fd4f6831 100644 --- a/modules/insights/webtest/.test/min/main.test.bicep +++ b/modules/insights/webtest/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/insights/webtest/README.md b/modules/insights/webtest/README.md index a46e16f64a..d54ecbb47f 100644 --- a/modules/insights/webtest/README.md +++ b/modules/insights/webtest/README.md @@ -5,10 +5,10 @@ This module deploys a Web Test. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,65 +18,29 @@ This module deploys a Web Test. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/webtests` | [2022-06-15](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2022-06-15/webtests) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the webtest. | -| `request` | object | The collection of request properties. | -| `tags` | object | A single hidden-link tag pointing to an existing AI component is required. | -| `webTestName` | string | User defined name if this WebTest. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `configuration` | object | `{object}` | | An XML configuration specification for a WebTest. | -| `description` | string | `''` | | User defined description for this WebTest. | -| `enabled` | bool | `True` | | Is the test actively being monitored. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `frequency` | int | `300` | | Interval in seconds between test runs for this WebTest. | -| `kind` | string | `'standard'` | `[multistep, ping, standard]` | The kind of WebTest that this web test watches. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `locations` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | List of where to physically run the tests from to give global coverage for accessibility of your application. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `retryEnabled` | bool | `True` | | Allow for retries should this WebTest fail. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `syntheticMonitorId` | string | `[parameters('name')]` | | Unique ID of this WebTest. | -| `timeout` | int | `30` | | Seconds until this WebTest will timeout and fail. | -| `validationRules` | object | `{object}` | | The collection of validation rule properties. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the webtest. | -| `resourceGroupName` | string | The resource group the resource was deployed into. | -| `resourceId` | string | The resource ID of the webtest. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/insights.webtest:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module webtest './insights/webtest/main.bicep' = { +module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iwtcom' params: { // Required parameters @@ -158,14 +122,17 @@ module webtest './insights/webtest/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module webtest './insights/webtest/main.bicep' = { +module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-iwtmin' params: { // Required parameters @@ -226,3 +193,172 @@ module webtest './insights/webtest/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the webtest. | +| [`request`](#parameter-request) | object | The collection of request properties. | +| [`tags`](#parameter-tags) | object | A single hidden-link tag pointing to an existing AI component is required. | +| [`webTestName`](#parameter-webtestname) | string | User defined name if this WebTest. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`configuration`](#parameter-configuration) | object | An XML configuration specification for a WebTest. | +| [`description`](#parameter-description) | string | User defined description for this WebTest. | +| [`enabled`](#parameter-enabled) | bool | Is the test actively being monitored. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`frequency`](#parameter-frequency) | int | Interval in seconds between test runs for this WebTest. | +| [`kind`](#parameter-kind) | string | The kind of WebTest that this web test watches. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`locations`](#parameter-locations) | array | List of where to physically run the tests from to give global coverage for accessibility of your application. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`retryEnabled`](#parameter-retryenabled) | bool | Allow for retries should this WebTest fail. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`syntheticMonitorId`](#parameter-syntheticmonitorid) | string | Unique ID of this WebTest. | +| [`timeout`](#parameter-timeout) | int | Seconds until this WebTest will timeout and fail. | +| [`validationRules`](#parameter-validationrules) | object | The collection of validation rule properties. | + +### Parameter: `configuration` + +An XML configuration specification for a WebTest. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `description` + +User defined description for this WebTest. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enabled` + +Is the test actively being monitored. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `frequency` + +Interval in seconds between test runs for this WebTest. +- Required: No +- Type: int +- Default: `300` + +### Parameter: `kind` + +The kind of WebTest that this web test watches. +- Required: No +- Type: string +- Default: `'standard'` +- Allowed: `[multistep, ping, standard]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `locations` + +List of where to physically run the tests from to give global coverage for accessibility of your application. +- Required: No +- Type: array +- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the webtest. +- Required: Yes +- Type: string + +### Parameter: `request` + +The collection of request properties. +- Required: Yes +- Type: object + +### Parameter: `retryEnabled` + +Allow for retries should this WebTest fail. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `syntheticMonitorId` + +Unique ID of this WebTest. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `tags` + +A single hidden-link tag pointing to an existing AI component is required. +- Required: Yes +- Type: object + +### Parameter: `timeout` + +Seconds until this WebTest will timeout and fail. +- Required: No +- Type: int +- Default: `30` + +### Parameter: `validationRules` + +The collection of validation rule properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webTestName` + +User defined name if this WebTest. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the webtest. | +| `resourceGroupName` | string | The resource group the resource was deployed into. | +| `resourceId` | string | The resource ID of the webtest. | + +## Cross-referenced modules + +_None_ diff --git a/modules/insights/webtest/main.json b/modules/insights/webtest/main.json index 0705ac73d2..334ab5e53b 100644 --- a/modules/insights/webtest/main.json +++ b/modules/insights/webtest/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16956370635999680512" + "version": "0.22.6.54827", + "templateHash": "17812769147790423288" }, "name": "Web Tests", "description": "This module deploys a Web Test.", @@ -245,8 +245,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10303500513207854110" + "version": "0.22.6.54827", + "templateHash": "13954103255282067786" } }, "parameters": { diff --git a/modules/key-vault/vault/.test/common/main.test.bicep b/modules/key-vault/vault/.test/common/main.test.bicep index 42499a4e72..179de80d30 100644 --- a/modules/key-vault/vault/.test/common/main.test.bicep +++ b/modules/key-vault/vault/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/key-vault/vault/.test/min/main.test.bicep b/modules/key-vault/vault/.test/min/main.test.bicep index 0ecea959ed..1fe0290488 100644 --- a/modules/key-vault/vault/.test/min/main.test.bicep +++ b/modules/key-vault/vault/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index abd7378c73..6f0cac7ceb 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -5,10 +5,10 @@ This module deploys a Key Vault. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -24,80 +24,28 @@ This module deploys a Key Vault. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Key Vault. Must be globally unique. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `accessPolicies` | array | `[]` | | All access policies to create. | -| `createMode` | string | `'default'` | | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AuditEvent, AzurePolicyEvaluationDetails]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePurgeProtection` | bool | `True` | | Provide 'true' to enable Key Vault's purge protection feature. | -| `enableRbacAuthorization` | bool | `True` | | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | -| `enableSoftDelete` | bool | `True` | | Switch to enable/disable Key Vault's soft delete feature. | -| `enableVaultForDeployment` | bool | `True` | | Specifies if the vault is enabled for deployment by script or compute. | -| `enableVaultForDiskEncryption` | bool | `True` | | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | -| `enableVaultForTemplateDeployment` | bool | `True` | | Specifies if the vault is enabled for a template deployment. | -| `keys` | array | `[]` | | All keys to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkAcls` | object | `{object}` | | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `secrets` | secureObject | `{object}` | | All secrets to create. | -| `softDeleteRetentionInDays` | int | `90` | | softDelete data retention days. It accepts >=7 and <=90. | -| `tags` | object | `{object}` | | Resource tags. | -| `vaultSku` | string | `'premium'` | `[premium, standard]` | Specifies the SKU for the vault. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the key vault. | -| `resourceGroupName` | string | The name of the resource group the key vault was created in. | -| `resourceId` | string | The resource ID of the key vault. | -| `uri` | string | The URI of the key vault. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +## Usage examples -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Accesspolicies

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/key-vault.vault:1.0.0`. + +- [Accesspolicies](#example-1-accesspolicies) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Using only defaults](#example-3-using-only-defaults) +- [Pe](#example-4-pe) + +### Example 1: _Accesspolicies_
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvap' params: { // Required parameters @@ -263,14 +211,17 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvcom' params: { // Required parameters @@ -558,14 +509,17 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvmin' params: { // Required parameters @@ -607,14 +561,14 @@ module vault './key-vault/vault/main.bicep' = {

-

Example 4: Pe

+### Example 4: _Pe_
via Bicep module ```bicep -module vault './key-vault/vault/main.bicep' = { +module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kvvpe' params: { // Required parameters @@ -755,3 +709,263 @@ module vault './key-vault/vault/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Key Vault. Must be globally unique. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicies`](#parameter-accesspolicies) | array | All access policies to create. | +| [`createMode`](#parameter-createmode) | string | The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Provide 'true' to enable Key Vault's purge protection feature. | +| [`enableRbacAuthorization`](#parameter-enablerbacauthorization) | bool | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. | +| [`enableSoftDelete`](#parameter-enablesoftdelete) | bool | Switch to enable/disable Key Vault's soft delete feature. | +| [`enableVaultForDeployment`](#parameter-enablevaultfordeployment) | bool | Specifies if the vault is enabled for deployment by script or compute. | +| [`enableVaultForDiskEncryption`](#parameter-enablevaultfordiskencryption) | bool | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. | +| [`enableVaultForTemplateDeployment`](#parameter-enablevaultfortemplatedeployment) | bool | Specifies if the vault is enabled for a template deployment. | +| [`keys`](#parameter-keys) | array | All keys to create. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkAcls`](#parameter-networkacls) | object | Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`secrets`](#parameter-secrets) | secureObject | All secrets to create. | +| [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | softDelete data retention days. It accepts >=7 and <=90. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`vaultSku`](#parameter-vaultsku) | string | Specifies the SKU for the vault. | + +### Parameter: `accessPolicies` + +All access policies to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `createMode` + +The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AuditEvent, AzurePolicyEvaluationDetails]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Provide 'true' to enable Key Vault's purge protection feature. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableRbacAuthorization` + +Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableSoftDelete` + +Switch to enable/disable Key Vault's soft delete feature. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForDeployment` + +Specifies if the vault is enabled for deployment by script or compute. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForDiskEncryption` + +Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableVaultForTemplateDeployment` + +Specifies if the vault is enabled for a template deployment. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keys` + +All keys to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Key Vault. Must be globally unique. +- Required: Yes +- Type: string + +### Parameter: `networkAcls` + +Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +All secrets to create. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `softDeleteRetentionInDays` + +softDelete data retention days. It accepts >=7 and <=90. +- Required: No +- Type: int +- Default: `90` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `vaultSku` + +Specifies the SKU for the vault. +- Required: No +- Type: string +- Default: `'premium'` +- Allowed: `[premium, standard]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the key vault. | +| `resourceGroupName` | string | The name of the resource group the key vault was created in. | +| `resourceId` | string | The resource ID of the key vault. | +| `uri` | string | The URI of the key vault. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/key-vault/vault/access-policy/README.md b/modules/key-vault/vault/access-policy/README.md index 02445788a0..3cd899cab1 100644 --- a/modules/key-vault/vault/access-policy/README.md +++ b/modules/key-vault/vault/access-policy/README.md @@ -19,21 +19,41 @@ This module deploys a Key Vault Access Policy. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `accessPolicies` | array | `[]` | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`accessPolicies`](#parameter-accesspolicies) | array | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `accessPolicies` + +An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the access policies assignment. | | `resourceGroupName` | string | The name of the resource group the access policies assignment was created in. | diff --git a/modules/key-vault/vault/access-policy/main.json b/modules/key-vault/vault/access-policy/main.json index 6aab64e72c..ca9895ce0c 100644 --- a/modules/key-vault/vault/access-policy/main.json +++ b/modules/key-vault/vault/access-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", diff --git a/modules/key-vault/vault/key/README.md b/modules/key-vault/vault/key/README.md index fa6e94dc7b..df45c90f3d 100644 --- a/modules/key-vault/vault/key/README.md +++ b/modules/key-vault/vault/key/README.md @@ -21,36 +21,128 @@ This module deploys a Key Vault Key. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the key. | +| [`name`](#parameter-name) | string | The name of the key. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `curveName` | string | `'P-256'` | `[P-256, P-256K, P-384, P-521]` | The elliptic curve name. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyOps` | array | `[]` | `[decrypt, encrypt, import, sign, unwrapKey, verify, wrapKey]` | Array of JsonWebKeyOperation. | -| `keySize` | int | `-1` | | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | -| `kty` | string | `'EC'` | `[EC, EC-HSM, RSA, RSA-HSM]` | The type of the key. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `rotationPolicy` | object | `{object}` | | Key rotation policy properties object. | -| `tags` | object | `{object}` | | Resource tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`attributesEnabled`](#parameter-attributesenabled) | bool | Determines whether the object is enabled. | +| [`attributesExp`](#parameter-attributesexp) | int | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | +| [`attributesNbf`](#parameter-attributesnbf) | int | Not before date in seconds since 1970-01-01T00:00:00Z. | +| [`curveName`](#parameter-curvename) | string | The elliptic curve name. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyOps`](#parameter-keyops) | array | Array of JsonWebKeyOperation. | +| [`keySize`](#parameter-keysize) | int | The key size in bits. For example: 2048, 3072, or 4096 for RSA. | +| [`kty`](#parameter-kty) | string | The type of the key. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`rotationPolicy`](#parameter-rotationpolicy) | object | Key rotation policy properties object. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `attributesEnabled` + +Determines whether the object is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `attributesExp` + +Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `attributesNbf` + +Not before date in seconds since 1970-01-01T00:00:00Z. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `curveName` + +The elliptic curve name. +- Required: No +- Type: string +- Default: `'P-256'` +- Allowed: `[P-256, P-256K, P-384, P-521]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyOps` + +Array of JsonWebKeyOperation. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[decrypt, encrypt, import, sign, unwrapKey, verify, wrapKey]` + +### Parameter: `keySize` + +The key size in bits. For example: 2048, 3072, or 4096 for RSA. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `kty` + +The type of the key. +- Required: No +- Type: string +- Default: `'EC'` +- Allowed: `[EC, EC-HSM, RSA, RSA-HSM]` + +### Parameter: `name` + +The name of the key. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rotationPolicy` + +Key rotation policy properties object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the key. | | `resourceGroupName` | string | The name of the resource group the key was created in. | diff --git a/modules/key-vault/vault/key/main.json b/modules/key-vault/vault/key/main.json index 42b35d55cc..84cf8349fb 100644 --- a/modules/key-vault/vault/key/main.json +++ b/modules/key-vault/vault/key/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13427300513937033652" + "version": "0.22.6.54827", + "templateHash": "3444180240240001557" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -190,8 +190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.22.6.54827", + "templateHash": "14547096535874536511" } }, "parameters": { diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json index aafc3db6bd..c270216400 100644 --- a/modules/key-vault/vault/main.json +++ b/modules/key-vault/vault/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9452615051960144682" + "version": "0.22.6.54827", + "templateHash": "2257250292452239694" }, "name": "Key Vaults", "description": "This module deploys a Key Vault.", @@ -369,8 +369,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10458348557666655329" + "version": "0.22.6.54827", + "templateHash": "2131300650084383528" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -504,8 +504,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4314059595515029873" + "version": "0.22.6.54827", + "templateHash": "15496955101876834904" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -644,8 +644,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.22.6.54827", + "templateHash": "17395736576734421648" } }, "parameters": { @@ -839,8 +839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13427300513937033652" + "version": "0.22.6.54827", + "templateHash": "3444180240240001557" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key.", @@ -1025,8 +1025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.22.6.54827", + "templateHash": "14547096535874536511" } }, "parameters": { @@ -1226,8 +1226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1426,8 +1426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1564,8 +1564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1778,8 +1778,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12411629325302614699" + "version": "0.22.6.54827", + "templateHash": "13908410767908593601" } }, "parameters": { diff --git a/modules/key-vault/vault/secret/README.md b/modules/key-vault/vault/secret/README.md index 80f7173e8e..240a6475e6 100644 --- a/modules/key-vault/vault/secret/README.md +++ b/modules/key-vault/vault/secret/README.md @@ -20,33 +20,100 @@ This module deploys a Key Vault Secret. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the secret. | -| `value` | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | +| [`name`](#parameter-name) | string | The name of the secret. | +| [`value`](#parameter-value) | securestring | The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `keyVaultName` | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | +| [`keyVaultName`](#parameter-keyvaultname) | string | The name of the parent key vault. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `attributesEnabled` | bool | `True` | Determines whether the object is enabled. | -| `attributesExp` | int | `-1` | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | -| `attributesNbf` | int | `-1` | Not before date in seconds since 1970-01-01T00:00:00Z. | -| `contentType` | securestring | `''` | The content type of the secret. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `roleAssignments` | array | `[]` | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | Resource tags. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`attributesEnabled`](#parameter-attributesenabled) | bool | Determines whether the object is enabled. | +| [`attributesExp`](#parameter-attributesexp) | int | Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. | +| [`attributesNbf`](#parameter-attributesnbf) | int | Not before date in seconds since 1970-01-01T00:00:00Z. | +| [`contentType`](#parameter-contenttype) | securestring | The content type of the secret. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `attributesEnabled` + +Determines whether the object is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `attributesExp` + +Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `attributesNbf` + +Not before date in seconds since 1970-01-01T00:00:00Z. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `contentType` + +The content type of the secret. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the secret. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `value` + +The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. +- Required: Yes +- Type: securestring ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the secret. | | `resourceGroupName` | string | The name of the resource group the secret was created in. | diff --git a/modules/key-vault/vault/secret/main.json b/modules/key-vault/vault/secret/main.json index ca6ad0a02c..07f0947902 100644 --- a/modules/key-vault/vault/secret/main.json +++ b/modules/key-vault/vault/secret/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4314059595515029873" + "version": "0.22.6.54827", + "templateHash": "15496955101876834904" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret.", @@ -144,8 +144,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.22.6.54827", + "templateHash": "17395736576734421648" } }, "parameters": { diff --git a/modules/kubernetes-configuration/extension/.test/common/main.test.bicep b/modules/kubernetes-configuration/extension/.test/common/main.test.bicep index 377eeeb3c4..aed37f7e01 100644 --- a/modules/kubernetes-configuration/extension/.test/common/main.test.bicep +++ b/modules/kubernetes-configuration/extension/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/extension/.test/min/main.test.bicep b/modules/kubernetes-configuration/extension/.test/min/main.test.bicep index ba2461c5e6..e387fdf629 100644 --- a/modules/kubernetes-configuration/extension/.test/min/main.test.bicep +++ b/modules/kubernetes-configuration/extension/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/extension/README.md b/modules/kubernetes-configuration/extension/README.md index 5ea39db7e9..f51962fd56 100644 --- a/modules/kubernetes-configuration/extension/README.md +++ b/modules/kubernetes-configuration/extension/README.md @@ -5,10 +5,10 @@ This module deploys a Kubernetes Configuration Extension. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -17,62 +17,29 @@ This module deploys a Kubernetes Configuration Extension. | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `clusterName` | string | The name of the AKS cluster that should be configured. | -| `extensionType` | string | Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. | -| `name` | string | The name of the Flux Configuration. | +## Usage examples -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `configurationProtectedSettings` | secureObject | `{object}` | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | -| `configurationSettings` | object | `{object}` | Configuration settings, as name-value pairs for configuring this extension. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `fluxConfigurations` | array | `[]` | A list of flux configuraitons. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `releaseNamespace` | string | `''` | Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. | -| `releaseTrain` | string | `'Stable'` | ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". | -| `targetNamespace` | string | `''` | Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. | -| `version` | string | `''` | Version of the extension for this extension, if it is "pinned" to a specific version. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the extension. | -| `resourceGroupName` | string | The name of the resource group the extension was deployed into. | -| `resourceId` | string | The resource ID of the extension. | - -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `kubernetes-configuration/flux-configuration` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/kubernetes-configuration.extension:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module extension './kubernetes-configuration/extension/main.bicep' = { +module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcecom' params: { // Required parameters @@ -176,14 +143,17 @@ module extension './kubernetes-configuration/extension/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module extension './kubernetes-configuration/extension/main.bicep' = { +module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcemin' params: { // Required parameters @@ -236,3 +206,126 @@ module extension './kubernetes-configuration/extension/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clusterName`](#parameter-clustername) | string | The name of the AKS cluster that should be configured. | +| [`extensionType`](#parameter-extensiontype) | string | Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. | +| [`name`](#parameter-name) | string | The name of the Flux Configuration. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`configurationProtectedSettings`](#parameter-configurationprotectedsettings) | secureObject | Configuration settings that are sensitive, as name-value pairs for configuring this extension. | +| [`configurationSettings`](#parameter-configurationsettings) | object | Configuration settings, as name-value pairs for configuring this extension. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`fluxConfigurations`](#parameter-fluxconfigurations) | array | A list of flux configuraitons. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`releaseNamespace`](#parameter-releasenamespace) | string | Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. | +| [`releaseTrain`](#parameter-releasetrain) | string | ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". | +| [`targetNamespace`](#parameter-targetnamespace) | string | Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. | +| [`version`](#parameter-version) | string | Version of the extension for this extension, if it is "pinned" to a specific version. | + +### Parameter: `clusterName` + +The name of the AKS cluster that should be configured. +- Required: Yes +- Type: string + +### Parameter: `configurationProtectedSettings` + +Configuration settings that are sensitive, as name-value pairs for configuring this extension. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `configurationSettings` + +Configuration settings, as name-value pairs for configuring this extension. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionType` + +Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. +- Required: Yes +- Type: string + +### Parameter: `fluxConfigurations` + +A list of flux configuraitons. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Flux Configuration. +- Required: Yes +- Type: string + +### Parameter: `releaseNamespace` + +Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `releaseTrain` + +ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". +- Required: No +- Type: string +- Default: `'Stable'` + +### Parameter: `targetNamespace` + +Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `version` + +Version of the extension for this extension, if it is "pinned" to a specific version. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the extension. | +| `resourceGroupName` | string | The name of the resource group the extension was deployed into. | +| `resourceId` | string | The resource ID of the extension. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/kubernetes-configuration/flux-configuration` | Local reference | diff --git a/modules/kubernetes-configuration/extension/main.json b/modules/kubernetes-configuration/extension/main.json index 59d2a7c481..f72a9dcfba 100644 --- a/modules/kubernetes-configuration/extension/main.json +++ b/modules/kubernetes-configuration/extension/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14913275975998013893" + "version": "0.22.6.54827", + "templateHash": "5002606439705018990" }, "name": "Kubernetes Configuration Extensions", "description": "This module deploys a Kubernetes Configuration Extension.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", diff --git a/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep b/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep index aca4b0de21..fc42c880db 100644 --- a/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep +++ b/modules/kubernetes-configuration/flux-configuration/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep b/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep index 19c5b732e7..deffae3122 100644 --- a/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep +++ b/modules/kubernetes-configuration/flux-configuration/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/kubernetes-configuration/flux-configuration/README.md b/modules/kubernetes-configuration/flux-configuration/README.md index dec2c843cf..ae464c6e12 100644 --- a/modules/kubernetes-configuration/flux-configuration/README.md +++ b/modules/kubernetes-configuration/flux-configuration/README.md @@ -5,10 +5,10 @@ This module deploys a Kubernetes Configuration Flux Configuration. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -17,58 +17,29 @@ This module deploys a Kubernetes Configuration Flux Configuration. | :-- | :-- | | `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `clusterName` | string | | The name of the AKS cluster that should be configured. | -| `name` | string | | The name of the Flux Configuration. | -| `namespace` | string | | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | -| `scope` | string | `[cluster, namespace]` | Scope at which the configuration will be installed. | -| `sourceKind` | string | `[Bucket, GitRepository]` | Source Kind to pull the configuration data from. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `bucket` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `configurationProtectedSettings` | secureObject | `{object}` | Key-value pairs of protected configuration settings for the configuration. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gitRepository` | object | `{object}` | Parameters to reconcile to the GitRepository source kind type. | -| `kustomizations` | object | `{object}` | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `suspend` | bool | `False` | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the flux configuration. | -| `resourceGroupName` | string | The name of the resource group the flux configuration was deployed into. | -| `resourceId` | string | The resource ID of the flux configuration. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bicep' = { +module fluxConfiguration 'br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcfccom' params: { // Required parameters @@ -160,14 +131,17 @@ module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bic

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bicep' = { +module fluxConfiguration 'br:bicep/modules/kubernetes-configuration.flux-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-kcfcmin' params: { // Required parameters @@ -238,6 +212,124 @@ module fluxConfiguration './kubernetes-configuration/flux-configuration/main.bic

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clusterName`](#parameter-clustername) | string | The name of the AKS cluster that should be configured. | +| [`name`](#parameter-name) | string | The name of the Flux Configuration. | +| [`namespace`](#parameter-namespace) | string | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | +| [`scope`](#parameter-scope) | string | Scope at which the configuration will be installed. | +| [`sourceKind`](#parameter-sourcekind) | string | Source Kind to pull the configuration data from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`bucket`](#parameter-bucket) | object | Parameters to reconcile to the GitRepository source kind type. | +| [`configurationProtectedSettings`](#parameter-configurationprotectedsettings) | secureObject | Key-value pairs of protected configuration settings for the configuration. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gitRepository`](#parameter-gitrepository) | object | Parameters to reconcile to the GitRepository source kind type. | +| [`kustomizations`](#parameter-kustomizations) | object | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`suspend`](#parameter-suspend) | bool | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | + +### Parameter: `bucket` + +Parameters to reconcile to the GitRepository source kind type. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `clusterName` + +The name of the AKS cluster that should be configured. +- Required: Yes +- Type: string + +### Parameter: `configurationProtectedSettings` + +Key-value pairs of protected configuration settings for the configuration. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitRepository` + +Parameters to reconcile to the GitRepository source kind type. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `kustomizations` + +Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the Flux Configuration. +- Required: Yes +- Type: string + +### Parameter: `namespace` + +The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. +- Required: Yes +- Type: string + +### Parameter: `scope` + +Scope at which the configuration will be installed. +- Required: Yes +- Type: string +- Allowed: `[cluster, namespace]` + +### Parameter: `sourceKind` + +Source Kind to pull the configuration data from. +- Required: Yes +- Type: string +- Allowed: `[Bucket, GitRepository]` + +### Parameter: `suspend` + +Whether this configuration should suspend its reconciliation of its kustomizations and sources. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the flux configuration. | +| `resourceGroupName` | string | The name of the resource group the flux configuration was deployed into. | +| `resourceId` | string | The resource ID of the flux configuration. | + +## Cross-referenced modules + +_None_ + ## Notes ### Prerequisites diff --git a/modules/kubernetes-configuration/flux-configuration/main.json b/modules/kubernetes-configuration/flux-configuration/main.json index 2615f2ccce..252df520e1 100644 --- a/modules/kubernetes-configuration/flux-configuration/main.json +++ b/modules/kubernetes-configuration/flux-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11648869363176032755" + "version": "0.22.6.54827", + "templateHash": "6686104224333946371" }, "name": "Kubernetes Configuration Flux Configurations", "description": "This module deploys a Kubernetes Configuration Flux Configuration.", diff --git a/modules/logic/workflow/.test/common/main.test.bicep b/modules/logic/workflow/.test/common/main.test.bicep index 743b19f8a1..80c5e688ac 100644 --- a/modules/logic/workflow/.test/common/main.test.bicep +++ b/modules/logic/workflow/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index fcf3c02ae4..fb8bec8dfd 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -4,14 +4,14 @@ This module deploys a Logic App (Workflow). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,78 +20,28 @@ This module deploys a Logic App (Workflow). | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Logic/workflows` | [2019-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The logic app workflow name. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `actionsAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow actions. | -| `connectorEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. | -| `contentsAccessControlConfiguration` | object | `{object}` | | The access control configuration for accessing workflow run contents. | -| `definitionParameters` | object | `{object}` | | Parameters for the definition template. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, WorkflowRuntime]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `integrationAccount` | object | `{object}` | | The integration account. | -| `integrationServiceEnvironmentResourceId` | string | `''` | | The integration service environment Id. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `state` | string | `'Enabled'` | `[Completed, Deleted, Disabled, Enabled, NotSpecified, Suspended]` | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `triggersAccessControlConfiguration` | object | `{object}` | | The access control configuration for invoking workflow triggers. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `workflowActions` | object | `{object}` | | The definitions for one or more actions to execute at workflow runtime. | -| `workflowEndpointsConfiguration` | object | `{object}` | | The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. | -| `workflowManagementAccessControlConfiguration` | object | `{object}` | | The access control configuration for workflow management. | -| `workflowOutputs` | object | `{object}` | | The definitions for the outputs to return from a workflow run. | -| `workflowParameters` | object | `{object}` | | The definitions for one or more parameters that pass the values to use at your logic app's runtime. | -| `workflowStaticResults` | object | `{object}` | | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | -| `workflowTriggers` | object | `{object}` | | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | - - -## Outputs +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the logic app. | -| `resourceGroupName` | string | The resource group the logic app was deployed into. | -| `resourceId` | string | The resource ID of the logic app. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/logic.workflow:1.0.0`. -_None_ +- [Using large parameter set](#example-1-using-large-parameter-set) -## Deployment examples +### Example 1: _Using large parameter set_ -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +This instance deploys the module with most of its features enabled. - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module workflow './logic/workflow/main.bicep' = { +module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-lwcom' params: { // Required parameters @@ -256,6 +206,276 @@ module workflow './logic/workflow/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The logic app workflow name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actionsAccessControlConfiguration`](#parameter-actionsaccesscontrolconfiguration) | object | The access control configuration for workflow actions. | +| [`connectorEndpointsConfiguration`](#parameter-connectorendpointsconfiguration) | object | The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. | +| [`contentsAccessControlConfiguration`](#parameter-contentsaccesscontrolconfiguration) | object | The access control configuration for accessing workflow run contents. | +| [`definitionParameters`](#parameter-definitionparameters) | object | Parameters for the definition template. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`integrationAccount`](#parameter-integrationaccount) | object | The integration account. | +| [`integrationServiceEnvironmentResourceId`](#parameter-integrationserviceenvironmentresourceid) | string | The integration service environment Id. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`state`](#parameter-state) | string | The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`triggersAccessControlConfiguration`](#parameter-triggersaccesscontrolconfiguration) | object | The access control configuration for invoking workflow triggers. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`workflowActions`](#parameter-workflowactions) | object | The definitions for one or more actions to execute at workflow runtime. | +| [`workflowEndpointsConfiguration`](#parameter-workflowendpointsconfiguration) | object | The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. | +| [`workflowManagementAccessControlConfiguration`](#parameter-workflowmanagementaccesscontrolconfiguration) | object | The access control configuration for workflow management. | +| [`workflowOutputs`](#parameter-workflowoutputs) | object | The definitions for the outputs to return from a workflow run. | +| [`workflowParameters`](#parameter-workflowparameters) | object | The definitions for one or more parameters that pass the values to use at your logic app's runtime. | +| [`workflowStaticResults`](#parameter-workflowstaticresults) | object | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | +| [`workflowTriggers`](#parameter-workflowtriggers) | object | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | + +### Parameter: `actionsAccessControlConfiguration` + +The access control configuration for workflow actions. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `connectorEndpointsConfiguration` + +The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `contentsAccessControlConfiguration` + +The access control configuration for accessing workflow run contents. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `definitionParameters` + +Parameters for the definition template. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, WorkflowRuntime]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `integrationAccount` + +The integration account. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `integrationServiceEnvironmentResourceId` + +The integration service environment Id. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The logic app workflow name. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `state` + +The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Completed, Deleted, Disabled, Enabled, NotSpecified, Suspended]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `triggersAccessControlConfiguration` + +The access control configuration for invoking workflow triggers. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowActions` + +The definitions for one or more actions to execute at workflow runtime. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowEndpointsConfiguration` + +The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowManagementAccessControlConfiguration` + +The access control configuration for workflow management. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowOutputs` + +The definitions for the outputs to return from a workflow run. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowParameters` + +The definitions for one or more parameters that pass the values to use at your logic app's runtime. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowStaticResults` + +The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workflowTriggers` + +The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the logic app. | +| `resourceGroupName` | string | The resource group the logic app was deployed into. | +| `resourceId` | string | The resource ID of the logic app. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage `AccessControlConfiguration` diff --git a/modules/logic/workflow/main.json b/modules/logic/workflow/main.json index b2670cf85d..dde2332a12 100644 --- a/modules/logic/workflow/main.json +++ b/modules/logic/workflow/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2324052045076799122" + "version": "0.22.6.54827", + "templateHash": "4385100753259148556" }, "name": "Logic Apps (Workflows)", "description": "This module deploys a Logic App (Workflow).", @@ -385,8 +385,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13203827803656665166" + "version": "0.22.6.54827", + "templateHash": "4086758110722720032" } }, "parameters": { diff --git a/modules/machine-learning-services/workspace/.test/common/main.test.bicep b/modules/machine-learning-services/workspace/.test/common/main.test.bicep index a50621023c..1955aee361 100644 --- a/modules/machine-learning-services/workspace/.test/common/main.test.bicep +++ b/modules/machine-learning-services/workspace/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/machine-learning-services/workspace/.test/min/main.test.bicep b/modules/machine-learning-services/workspace/.test/min/main.test.bicep index 302c8cef36..65a73dfd4d 100644 --- a/modules/machine-learning-services/workspace/.test/min/main.test.bicep +++ b/modules/machine-learning-services/workspace/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index 78eb3c9e54..35e955c486 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -4,14 +4,14 @@ This module deploys a Machine Learning Services Workspace. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -23,92 +23,30 @@ This module deploys a Machine Learning Services Workspace. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `associatedApplicationInsightsResourceId` | string | | The resource ID of the associated Application Insights. | -| `associatedKeyVaultResourceId` | string | | The resource ID of the associated Key Vault. | -| `associatedStorageAccountResourceId` | string | | The resource ID of the associated Storage Account. | -| `name` | string | | The name of the machine learning workspace. | -| `sku` | string | `[Basic, Free, Premium, Standard]` | Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `primaryUserAssignedIdentity` | string | `''` | The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. | -| `systemAssignedIdentity` | bool | `False` | Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. | -| `userAssignedIdentities` | object | `{object}` | The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowPublicAccessWhenBehindVnet` | bool | `False` | | The flag to indicate whether to allow public access when behind VNet. | -| `associatedContainerRegistryResourceId` | string | `''` | | The resource ID of the associated Container Registry. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | -| `computes` | array | `[]` | | Computes to create respectively attach to the workspace. | -| `description` | string | `''` | | The description of this workspace. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeCpuGpuUtilization, AmlComputeJobEvent, AmlRunStatusChangedEvent]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `discoveryUrl` | string | `''` | | URL for the discovery service to identify regional endpoints for machine learning experimentation services. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hbiWorkspace` | bool | `False` | | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | -| `imageBuildCompute` | string | `''` | | The compute name for image build. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceManagedResourcesSettings` | object | `{object}` | | The service managed resource settings. | -| `sharedPrivateLinkResources` | array | `[]` | | The list of shared private link resources in this workspace. | -| `tags` | object | `{object}` | | Resource tags. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the machine learning service. | -| `principalId` | string | The principal ID of the system assigned identity. | -| `resourceGroupName` | string | The resource group the machine learning service was deployed into. | -| `resourceId` | string | The resource ID of the machine learning service. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/machine-learning-services.workspace:1.0.0`. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | - -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Encr](#example-2-encr) +- [Using only defaults](#example-3-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswcom' params: { // Required parameters @@ -334,14 +272,14 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswecr' params: { // Required parameters @@ -469,14 +407,17 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module workspace './machine-learning-services/workspace/main.bicep' = { +module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mlswmin' params: { // Required parameters @@ -535,6 +476,322 @@ module workspace './machine-learning-services/workspace/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`associatedApplicationInsightsResourceId`](#parameter-associatedapplicationinsightsresourceid) | string | The resource ID of the associated Application Insights. | +| [`associatedKeyVaultResourceId`](#parameter-associatedkeyvaultresourceid) | string | The resource ID of the associated Key Vault. | +| [`associatedStorageAccountResourceId`](#parameter-associatedstorageaccountresourceid) | string | The resource ID of the associated Storage Account. | +| [`name`](#parameter-name) | string | The name of the machine learning workspace. | +| [`sku`](#parameter-sku) | string | Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`primaryUserAssignedIdentity`](#parameter-primaryuserassignedidentity) | string | The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowPublicAccessWhenBehindVnet`](#parameter-allowpublicaccesswhenbehindvnet) | bool | The flag to indicate whether to allow public access when behind VNet. | +| [`associatedContainerRegistryResourceId`](#parameter-associatedcontainerregistryresourceid) | string | The resource ID of the associated Container Registry. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. | +| [`computes`](#parameter-computes) | array | Computes to create respectively attach to the workspace. | +| [`description`](#parameter-description) | string | The description of this workspace. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`discoveryUrl`](#parameter-discoveryurl) | string | URL for the discovery service to identify regional endpoints for machine learning experimentation services. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hbiWorkspace`](#parameter-hbiworkspace) | bool | The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. | +| [`imageBuildCompute`](#parameter-imagebuildcompute) | string | The compute name for image build. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceManagedResourcesSettings`](#parameter-servicemanagedresourcessettings) | object | The service managed resource settings. | +| [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The list of shared private link resources in this workspace. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `allowPublicAccessWhenBehindVnet` + +The flag to indicate whether to allow public access when behind VNet. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `associatedApplicationInsightsResourceId` + +The resource ID of the associated Application Insights. +- Required: Yes +- Type: string + +### Parameter: `associatedContainerRegistryResourceId` + +The resource ID of the associated Container Registry. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `associatedKeyVaultResourceId` + +The resource ID of the associated Key Vault. +- Required: Yes +- Type: string + +### Parameter: `associatedStorageAccountResourceId` + +The resource ID of the associated Storage Account. +- Required: Yes +- Type: string + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `computes` + +Computes to create respectively attach to the workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +The description of this workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AmlComputeClusterEvent, AmlComputeClusterNodeEvent, AmlComputeCpuGpuUtilization, AmlComputeJobEvent, AmlRunStatusChangedEvent]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `discoveryUrl` + +URL for the discovery service to identify regional endpoints for machine learning experimentation services. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hbiWorkspace` + +The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `imageBuildCompute` + +The compute name for image build. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the machine learning workspace. +- Required: Yes +- Type: string + +### Parameter: `primaryUserAssignedIdentity` + +The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceManagedResourcesSettings` + +The service managed resource settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `sharedPrivateLinkResources` + +The list of shared private link resources in this workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. +- Required: Yes +- Type: string +- Allowed: `[Basic, Free, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Required if `userAssignedIdentities` is not provided. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Required if `systemAssignedIdentity` is set to false. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the machine learning service. | +| `principalId` | string | The principal ID of the system assigned identity. | +| `resourceGroupName` | string | The resource group the machine learning service was deployed into. | +| `resourceId` | string | The resource ID of the machine learning service. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + ## Notes ### Parameter Usage: `computes` diff --git a/modules/machine-learning-services/workspace/compute/README.md b/modules/machine-learning-services/workspace/compute/README.md index 2c65c0486b..78fb6a7eee 100644 --- a/modules/machine-learning-services/workspace/compute/README.md +++ b/modules/machine-learning-services/workspace/compute/README.md @@ -21,38 +21,142 @@ Attaching a compute is not idempotent and will fail in case you try to redeploy **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `computeType` | string | `[AKS, AmlCompute, ComputeInstance, Databricks, DataFactory, DataLakeAnalytics, HDInsight, Kubernetes, SynapseSpark, VirtualMachine]` | Set the object type. | -| `name` | string | | Name of the compute. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`computeType`](#parameter-computetype) | string | Set the object type. | +| [`name`](#parameter-name) | string | Name of the compute. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `machineLearningWorkspaceName` | string | The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. | +| [`machineLearningWorkspaceName`](#parameter-machinelearningworkspacename) | string | The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `computeLocation` | string | `[resourceGroup().location]` | | Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `deployCompute` | bool | `True` | | Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. | -| `description` | string | `''` | | The description of the Machine Learning compute. | -| `disableLocalAuth` | bool | `False` | | Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Specifies the location of the resource. | -| `properties` | object | `{object}` | | The properties of the compute. Will be ignored in case "resourceId" is set. | -| `resourceId` | string | `''` | | ARM resource ID of the underlying compute. | -| `sku` | string | `''` | `['', Basic, Free, Premium, Standard]` | Specifies the sku, also referred as "edition". Required for creating a compute resource. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `tags` | object | `{object}` | | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`computeLocation`](#parameter-computelocation) | string | Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`deployCompute`](#parameter-deploycompute) | bool | Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. | +| [`description`](#parameter-description) | string | The description of the Machine Learning compute. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Specifies the location of the resource. | +| [`properties`](#parameter-properties) | object | The properties of the compute. Will be ignored in case "resourceId" is set. | +| [`resourceId`](#parameter-resourceid) | string | ARM resource ID of the underlying compute. | +| [`sku`](#parameter-sku) | string | Specifies the sku, also referred as "edition". Required for creating a compute resource. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`tags`](#parameter-tags) | object | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | + +### Parameter: `computeLocation` + +Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `computeType` + +Set the object type. +- Required: Yes +- Type: string +- Allowed: `[AKS, AmlCompute, ComputeInstance, Databricks, DataFactory, DataLakeAnalytics, HDInsight, Kubernetes, SynapseSpark, VirtualMachine]` + +### Parameter: `deployCompute` + +Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `description` + +The description of the Machine Learning compute. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Specifies the location of the resource. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `machineLearningWorkspaceName` + +The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the compute. +- Required: Yes +- Type: string + +### Parameter: `properties` + +The properties of the compute. Will be ignored in case "resourceId" is set. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceId` + +ARM resource ID of the underlying compute. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sku` + +Specifies the sku, also referred as "edition". Required for creating a compute resource. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Basic, Free, Premium, Standard]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. Ignored when attaching a compute resource, i.e. when you provide a resource ID. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the compute. | diff --git a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep index 5206cb44e2..4606ff4c70 100644 --- a/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep b/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep index 3b9ba0d973..1120f4565b 100644 --- a/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep +++ b/modules/maintenance/maintenance-configuration/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 550d69eb48..2dff4bad71 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -5,10 +5,10 @@ This module deploys a Maintenance Configuration. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,59 +18,29 @@ This module deploys a Maintenance Configuration. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Maintenance/maintenanceConfigurations` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/maintenanceConfigurations) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Maintenance Configuration Name. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extensionProperties` | object | `{object}` | | Gets or sets extensionProperties of the maintenanceConfiguration. | -| `installPatches` | object | `{object}` | | Configuration settings for VM guest patching with Azure Update Manager. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maintenanceScope` | string | `'Host'` | `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` | Gets or sets maintenanceScope of the configuration. | -| `maintenanceWindow` | object | `{object}` | | Definition of a MaintenanceWindow. | -| `namespace` | string | `''` | | Gets or sets namespace of the resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Gets or sets tags of the resource. | -| `visibility` | string | `''` | `['', Custom, Public]` | Gets or sets the visibility of the configuration. The default value is 'Custom'. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the Maintenance Configuration was created in. | -| `name` | string | The name of the Maintenance Configuration. | -| `resourceGroupName` | string | The name of the resource group the Maintenance Configuration was created in. | -| `resourceId` | string | The resource ID of the Maintenance Configuration. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/maintenance.maintenance-configuration:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module maintenanceConfiguration './maintenance/maintenance-configuration/main.bicep' = { +module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mmccom' params: { // Required parameters @@ -210,14 +180,17 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module maintenanceConfiguration './maintenance/maintenance-configuration/main.bicep' = { +module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-configuration:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mmcmin' params: { // Required parameters @@ -254,3 +227,128 @@ module maintenanceConfiguration './maintenance/maintenance-configuration/main.bi

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Maintenance Configuration Name. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extensionProperties`](#parameter-extensionproperties) | object | Gets or sets extensionProperties of the maintenanceConfiguration. | +| [`installPatches`](#parameter-installpatches) | object | Configuration settings for VM guest patching with Azure Update Manager. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maintenanceScope`](#parameter-maintenancescope) | string | Gets or sets maintenanceScope of the configuration. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | object | Definition of a MaintenanceWindow. | +| [`namespace`](#parameter-namespace) | string | Gets or sets namespace of the resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Gets or sets tags of the resource. | +| [`visibility`](#parameter-visibility) | string | Gets or sets the visibility of the configuration. The default value is 'Custom'. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extensionProperties` + +Gets or sets extensionProperties of the maintenanceConfiguration. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `installPatches` + +Configuration settings for VM guest patching with Azure Update Manager. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maintenanceScope` + +Gets or sets maintenanceScope of the configuration. +- Required: No +- Type: string +- Default: `'Host'` +- Allowed: `[Extension, Host, InGuestPatch, OSImage, SQLDB, SQLManagedInstance]` + +### Parameter: `maintenanceWindow` + +Definition of a MaintenanceWindow. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Maintenance Configuration Name. +- Required: Yes +- Type: string + +### Parameter: `namespace` + +Gets or sets namespace of the resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Gets or sets tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `visibility` + +Gets or sets the visibility of the configuration. The default value is 'Custom'. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Custom, Public]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the Maintenance Configuration was created in. | +| `name` | string | The name of the Maintenance Configuration. | +| `resourceGroupName` | string | The name of the resource group the Maintenance Configuration was created in. | +| `resourceId` | string | The resource ID of the Maintenance Configuration. | + +## Cross-referenced modules + +_None_ diff --git a/modules/maintenance/maintenance-configuration/main.json b/modules/maintenance/maintenance-configuration/main.json index fa8b75249d..1215f56f14 100644 --- a/modules/maintenance/maintenance-configuration/main.json +++ b/modules/maintenance/maintenance-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11249408608442094590" + "version": "0.22.6.54827", + "templateHash": "2646666210857505384" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration.", @@ -192,8 +192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13667533049136172110" + "version": "0.22.6.54827", + "templateHash": "17730168206359180764" } }, "parameters": { diff --git a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep index 35e152866a..d99f3b2a60 100644 --- a/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep +++ b/modules/managed-identity/user-assigned-identity/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep b/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep index 95ed7da3d2..4a83660c9c 100644 --- a/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep +++ b/modules/managed-identity/user-assigned-identity/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index 5a4b75c1b9..f0690cf802 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -4,13 +4,13 @@ This module deploys a User Assigned Identity. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,51 +19,29 @@ This module deploys a User Assigned Identity. | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities) | | `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities/federatedIdentityCredentials) | -## Parameters - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `federatedIdentityCredentials` | array | `[]` | | The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[guid(resourceGroup().id)]` | | Name of the User Assigned Identity. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `clientId` | string | The client ID (application ID) of the user assigned identity. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the user assigned identity. | -| `principalId` | string | The principal ID (object ID) of the user assigned identity. | -| `resourceGroupName` | string | The resource group the user assigned identity was deployed into. | -| `resourceId` | string | The resource ID of the user assigned identity. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/managed-identity.user-assigned-identity:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module userAssignedIdentity './managed-identity/user-assigned-identity/main.bicep' = { +module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-identity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-miuaicom' params: { enableDefaultTelemetry: '' @@ -155,14 +133,17 @@ module userAssignedIdentity './managed-identity/user-assigned-identity/main.bice

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module userAssignedIdentity './managed-identity/user-assigned-identity/main.bicep' = { +module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-identity:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-miuaimin' params: { enableDefaultTelemetry: '' @@ -191,3 +172,84 @@ module userAssignedIdentity './managed-identity/user-assigned-identity/main.bice

+ + +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`federatedIdentityCredentials`](#parameter-federatedidentitycredentials) | array | The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | Name of the User Assigned Identity. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `federatedIdentityCredentials` + +The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the User Assigned Identity. +- Required: No +- Type: string +- Default: `[guid(resourceGroup().id)]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `clientId` | string | The client ID (application ID) of the user assigned identity. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the user assigned identity. | +| `principalId` | string | The principal ID (object ID) of the user assigned identity. | +| `resourceGroupName` | string | The resource group the user assigned identity was deployed into. | +| `resourceId` | string | The resource ID of the user assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md index 0405906384..ab9e7a346f 100644 --- a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md +++ b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md @@ -19,29 +19,66 @@ This module deploys a User Assigned Identity Federated Identity Credential. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `audiences` | array | The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. | -| `issuer` | string | The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. | -| `name` | string | The name of the secret. | -| `subject` | string | The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. | +| [`audiences`](#parameter-audiences) | array | The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. | +| [`issuer`](#parameter-issuer) | string | The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. | +| [`name`](#parameter-name) | string | The name of the secret. | +| [`subject`](#parameter-subject) | string | The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `userAssignedIdentityName` | string | The name of the parent user assigned identity. Required if the template is used in a standalone deployment. | +| [`userAssignedIdentityName`](#parameter-userassignedidentityname) | string | The name of the parent user assigned identity. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `audiences` + +The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `issuer` + +The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the secret. +- Required: Yes +- Type: string + +### Parameter: `subject` + +The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. +- Required: Yes +- Type: string + +### Parameter: `userAssignedIdentityName` + +The name of the parent user assigned identity. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the federated identity credential. | | `resourceGroupName` | string | The name of the resource group the federated identity credential was created in. | diff --git a/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json b/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json index be4b79c764..d7d037aaa3 100644 --- a/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json +++ b/modules/managed-identity/user-assigned-identity/federated-identity-credential/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13014227007294077055" + "version": "0.22.6.54827", + "templateHash": "15026838206978058830" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential.", diff --git a/modules/managed-identity/user-assigned-identity/main.json b/modules/managed-identity/user-assigned-identity/main.json index 3efc21a3a0..8b93e98d84 100644 --- a/modules/managed-identity/user-assigned-identity/main.json +++ b/modules/managed-identity/user-assigned-identity/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5028263176846859457" + "version": "0.22.6.54827", + "templateHash": "689312003789935835" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity.", @@ -145,8 +145,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "961909405436269630" + "version": "0.22.6.54827", + "templateHash": "15026838206978058830" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential.", @@ -280,8 +280,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5263933546195004806" + "version": "0.22.6.54827", + "templateHash": "2246284698738978006" } }, "parameters": { diff --git a/modules/managed-services/registration-definition/.test/common/main.test.bicep b/modules/managed-services/registration-definition/.test/common/main.test.bicep index bb23b4235e..854fe9a70d 100644 --- a/modules/managed-services/registration-definition/.test/common/main.test.bicep +++ b/modules/managed-services/registration-definition/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/managed-services/registration-definition/README.md b/modules/managed-services/registration-definition/README.md index 690c4c3720..a601a1116f 100644 --- a/modules/managed-services/registration-definition/README.md +++ b/modules/managed-services/registration-definition/README.md @@ -8,68 +8,43 @@ remote/managing tenant. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.ManagedServices/registrationAssignments` | [2019-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationAssignments) | | `Microsoft.ManagedServices/registrationDefinitions` | [2019-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedServices/2019-09-01/registrationDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `authorizations` | array | Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | -| `managedByTenantId` | string | Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | -| `name` | string | Specify a unique name for your offer/registration. i.e ' - - '. | -| `registrationDescription` | string | Description of the offer/registration. i.e. 'Managed by '. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `resourceGroupName` | string | `''` | Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `assignmentResourceId` | string | The registration assignment resource ID. | -| `name` | string | The name of the registration definition. | -| `resourceId` | string | The resource ID of the registration definition. | -| `subscriptionName` | string | The subscription the registration definition was deployed into. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/managed-services.registration-definition:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Rg](#example-2-rg) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module registrationDefinition './managed-services/registration-definition/main.bicep' = { +module registrationDefinition 'br:bicep/modules/managed-services.registration-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-msrdcom' params: { // Required parameters @@ -151,14 +126,14 @@ module registrationDefinition './managed-services/registration-definition/main.b

-

Example 2: Rg

+### Example 2: _Rg_
via Bicep module ```bicep -module registrationDefinition './managed-services/registration-definition/main.bicep' = { +module registrationDefinition 'br:bicep/modules/managed-services.registration-definition:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-msrdrg' params: { // Required parameters @@ -245,6 +220,84 @@ module registrationDefinition './managed-services/registration-definition/main.b

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizations`](#parameter-authorizations) | array | Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. | +| [`managedByTenantId`](#parameter-managedbytenantid) | string | Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. | +| [`name`](#parameter-name) | string | Specify a unique name for your offer/registration. i.e ' - - '. | +| [`registrationDescription`](#parameter-registrationdescription) | string | Description of the offer/registration. i.e. 'Managed by '. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. | + +### Parameter: `authorizations` + +Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managedByTenantId` + +Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. +- Required: Yes +- Type: string + +### Parameter: `name` + +Specify a unique name for your offer/registration. i.e ' - - '. +- Required: Yes +- Type: string + +### Parameter: `registrationDescription` + +Description of the offer/registration. i.e. 'Managed by '. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `assignmentResourceId` | string | The registration assignment resource ID. | +| `name` | string | The name of the registration definition. | +| `resourceId` | string | The resource ID of the registration definition. | +| `subscriptionName` | string | The subscription the registration definition was deployed into. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/managed-services/registration-definition/main.json b/modules/managed-services/registration-definition/main.json index e636c18090..2940047230 100644 --- a/modules/managed-services/registration-definition/main.json +++ b/modules/managed-services/registration-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1981923206458772574" + "version": "0.22.6.54827", + "templateHash": "18225216426535356338" }, "name": "Registration Definitions", "description": "This module deploys a `Registration Definition` and a `Registration Assignment` (often referred to as 'Lighthouse' or 'resource delegation')\r\non subscription or resource group scopes. This type of delegation is very similar to role assignments but here the principal that is\r\nassigned a role is in a remote/managing Azure Active Directory tenant. The templates are run towards the tenant where\r\nthe Azure resources you want to delegate access to are, providing 'authorizations' (aka. access delegation) to principals in a\r\nremote/managing tenant.", @@ -125,8 +125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11245217647113250760" + "version": "0.22.6.54827", + "templateHash": "3494089951098103079" } }, "parameters": { diff --git a/modules/management/management-group/.test/common/main.test.bicep b/modules/management/management-group/.test/common/main.test.bicep index eff3e650d8..65122a5c04 100644 --- a/modules/management/management-group/.test/common/main.test.bicep +++ b/modules/management/management-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'managementGroup' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/management/management-group/.test/min/main.test.bicep b/modules/management/management-group/.test/min/main.test.bicep index 41bd4cdfba..471cd8cc08 100644 --- a/modules/management/management-group/.test/min/main.test.bicep +++ b/modules/management/management-group/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'managementGroup' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/management/management-group/README.md b/modules/management/management-group/README.md index ff8276cec7..f3455a4a72 100644 --- a/modules/management/management-group/README.md +++ b/modules/management/management-group/README.md @@ -8,63 +8,42 @@ This module has some known **limitations**: ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Management/managementGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The group ID of the Management group. | - -**Optional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `displayName` | string | `''` | The friendly name of the management group. If no value is passed then this field will be set to the group ID. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `parentId` | string | `[last(split(managementGroup().id, '/'))]` | The management group parent ID. Defaults to current scope. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the management group. | -| `resourceId` | string | The resource ID of the management group. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/management.management-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module managementGroup './management/management-group/main.bicep' = { +module managementGroup 'br:bicep/modules/management.management-group:1.0.0' = { name: '${uniqueString(deployment().name)}-test-mmgcom' params: { // Required parameters @@ -110,14 +89,17 @@ module managementGroup './management/management-group/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module managementGroup './management/management-group/main.bicep' = { +module managementGroup 'br:bicep/modules/management.management-group:1.0.0' = { name: '${uniqueString(deployment().name)}-test-mmgmin' params: { // Required parameters @@ -156,6 +138,69 @@ module managementGroup './management/management-group/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The group ID of the Management group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`displayName`](#parameter-displayname) | string | The friendly name of the management group. If no value is passed then this field will be set to the group ID. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`parentId`](#parameter-parentid) | string | The management group parent ID. Defaults to current scope. | + +### Parameter: `displayName` + +The friendly name of the management group. If no value is passed then this field will be set to the group ID. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `name` + +The group ID of the Management group. +- Required: Yes +- Type: string + +### Parameter: `parentId` + +The management group parent ID. Defaults to current scope. +- Required: No +- Type: string +- Default: `[last(split(managementGroup().id, '/'))]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the management group. | +| `resourceId` | string | The resource ID of the management group. | + +## Cross-referenced modules + +_None_ + ## Notes ### Considerations diff --git a/modules/management/management-group/main.json b/modules/management/management-group/main.json index 6288682f3e..728fe73364 100644 --- a/modules/management/management-group/main.json +++ b/modules/management/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13700903894139474584" + "version": "0.22.6.54827", + "templateHash": "10015491334460357572" }, "name": "Management Groups", "description": "This template will prepare the management group structure based on the provided parameter.\r\n\r\nThis module has some known **limitations**:\r\n- It's not possible to change the display name of the root management group (the one that has the tenant GUID as ID)\r\n- It can't manage the Root (/) management group", diff --git a/modules/net-app/net-app-account/.test/min/main.test.bicep b/modules/net-app/net-app-account/.test/min/main.test.bicep index 389a87065a..509217aef3 100644 --- a/modules/net-app/net-app-account/.test/min/main.test.bicep +++ b/modules/net-app/net-app-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index 61958f1328..fa61552731 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -4,13 +4,13 @@ This module deploys an Azure NetApp File. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,61 +20,30 @@ This module deploys an Azure NetApp File. | `Microsoft.NetApp/netAppAccounts/capacityPools` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools) | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools/volumes) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the NetApp account. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacityPools` | array | `[]` | | Capacity pools to create. | -| `dnsServers` | string | `''` | | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | -| `domainJoinOU` | string | `''` | | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | -| `domainJoinPassword` | securestring | `''` | | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | -| `domainJoinUser` | string | `''` | | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | -| `domainName` | string | `''` | | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `smbServerNamePrefix` | string | `''` | | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | -| `tags` | object | `{object}` | | Tags for all resources. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the NetApp account. | -| `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. | -| `resourceId` | string | The Resource ID of the NetApp account. | +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/net-app.net-app-account:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Nfs3](#example-2-nfs3) +- [Nfs41](#example-3-nfs41) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Min

via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaamin' params: { // Required parameters @@ -112,14 +81,14 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

-

Example 2: Nfs3

+### Example 2: _Nfs3_
via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaanfs3' params: { // Required parameters @@ -339,14 +308,14 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

-

Example 3: Nfs41

+### Example 3: _Nfs41_
via Bicep module ```bicep -module netAppAccount './net-app/net-app-account/main.bicep' = { +module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nanaanfs41' params: { // Required parameters @@ -589,3 +558,142 @@ module netAppAccount './net-app/net-app-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the NetApp account. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacityPools`](#parameter-capacitypools) | array | Capacity pools to create. | +| [`dnsServers`](#parameter-dnsservers) | string | Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. | +| [`domainJoinOU`](#parameter-domainjoinou) | string | Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). | +| [`domainJoinPassword`](#parameter-domainjoinpassword) | securestring | Required if domainName is specified. Password of the user specified in domainJoinUser parameter. | +| [`domainJoinUser`](#parameter-domainjoinuser) | string | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. | +| [`domainName`](#parameter-domainname) | string | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`smbServerNamePrefix`](#parameter-smbservernameprefix) | string | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `capacityPools` + +Capacity pools to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dnsServers` + +Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainJoinOU` + +Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainJoinPassword` + +Required if domainName is specified. Password of the user specified in domainJoinUser parameter. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `domainJoinUser` + +Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainName` + +Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the NetApp account. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `smbServerNamePrefix` + +Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the NetApp account. | +| `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. | +| `resourceId` | string | The Resource ID of the NetApp account. | + +## Cross-referenced modules + +_None_ diff --git a/modules/net-app/net-app-account/capacity-pool/README.md b/modules/net-app/net-app-account/capacity-pool/README.md index c614fe1313..527a0d6555 100644 --- a/modules/net-app/net-app-account/capacity-pool/README.md +++ b/modules/net-app/net-app-account/capacity-pool/README.md @@ -21,35 +21,119 @@ This module deploys an Azure NetApp Files Capacity Pool. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the capacity pool. | -| `size` | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). | +| [`name`](#parameter-name) | string | The name of the capacity pool. | +| [`size`](#parameter-size) | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | +| [`netAppAccountName`](#parameter-netappaccountname) | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `coolAccess` | bool | `False` | | If enabled (true) the pool can contain cool Access enabled volumes. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `encryptionType` | string | `'Single'` | `[Double, Single]` | Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `qosType` | string | `'Auto'` | `[Auto, Manual]` | The qos type of the pool. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. | -| `tags` | object | `{object}` | | Tags for all resources. | -| `volumes` | array | `[]` | | List of volumnes to create in the capacity pool. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`coolAccess`](#parameter-coolaccess) | bool | If enabled (true) the pool can contain cool Access enabled volumes. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`encryptionType`](#parameter-encryptiontype) | string | Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. | +| [`location`](#parameter-location) | string | Location of the pool volume. | +| [`qosType`](#parameter-qostype) | string | The qos type of the pool. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. | +| [`tags`](#parameter-tags) | object | Tags for all resources. | +| [`volumes`](#parameter-volumes) | array | List of volumnes to create in the capacity pool. | + +### Parameter: `coolAccess` + +If enabled (true) the pool can contain cool Access enabled volumes. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `encryptionType` + +Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. +- Required: No +- Type: string +- Default: `'Single'` +- Allowed: `[Double, Single]` + +### Parameter: `location` + +Location of the pool volume. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the capacity pool. +- Required: Yes +- Type: string + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `qosType` + +The qos type of the pool. +- Required: No +- Type: string +- Default: `'Auto'` +- Allowed: `[Auto, Manual]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceLevel` + +The pool service level. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Premium, Standard, StandardZRS, Ultra]` + +### Parameter: `size` + +Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). +- Required: Yes +- Type: int + +### Parameter: `tags` + +Tags for all resources. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +List of volumnes to create in the capacity pool. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Capacity Pool. | diff --git a/modules/net-app/net-app-account/capacity-pool/main.json b/modules/net-app/net-app-account/capacity-pool/main.json index 0ef41ba698..799fc661e7 100644 --- a/modules/net-app/net-app-account/capacity-pool/main.json +++ b/modules/net-app/net-app-account/capacity-pool/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13333372953499047799" + "version": "0.22.6.54827", + "templateHash": "12343130799883120576" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -191,8 +191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5724175752968001086" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -348,8 +348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6579931820257793193" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { @@ -533,8 +533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6567527079478034080" + "version": "0.22.6.54827", + "templateHash": "121785236396056059" } }, "parameters": { diff --git a/modules/net-app/net-app-account/capacity-pool/volume/README.md b/modules/net-app/net-app-account/capacity-pool/volume/README.md index 1996ecba95..c0d9409c13 100644 --- a/modules/net-app/net-app-account/capacity-pool/volume/README.md +++ b/modules/net-app/net-app-account/capacity-pool/volume/README.md @@ -20,35 +20,115 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the pool volume. | -| `subnetResourceId` | string | The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. | -| `usageThreshold` | int | Maximum storage quota allowed for a file system in bytes. | +| [`name`](#parameter-name) | string | The name of the pool volume. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. | +| [`usageThreshold`](#parameter-usagethreshold) | int | Maximum storage quota allowed for a file system in bytes. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `capacityPoolName` | string | The name of the parent capacity pool. Required if the template is used in a standalone deployment. | -| `netAppAccountName` | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | +| [`capacityPoolName`](#parameter-capacitypoolname) | string | The name of the parent capacity pool. Required if the template is used in a standalone deployment. | +| [`netAppAccountName`](#parameter-netappaccountname) | string | The name of the parent NetApp account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `creationToken` | string | `[parameters('name')]` | | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exportPolicyRules` | array | `[]` | | Export policy rules. | -| `location` | string | `[resourceGroup().location]` | | Location of the pool volume. | -| `protocolTypes` | array | `[]` | | Set of protocol types. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `serviceLevel` | string | `'Standard'` | `[Premium, Standard, StandardZRS, Ultra]` | The pool service level. Must match the one of the parent capacity pool. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`creationToken`](#parameter-creationtoken) | string | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exportPolicyRules`](#parameter-exportpolicyrules) | array | Export policy rules. | +| [`location`](#parameter-location) | string | Location of the pool volume. | +| [`protocolTypes`](#parameter-protocoltypes) | array | Set of protocol types. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. Must match the one of the parent capacity pool. | + +### Parameter: `capacityPoolName` + +The name of the parent capacity pool. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `creationToken` + +A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. +- Required: No +- Type: string +- Default: `[parameters('name')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exportPolicyRules` + +Export policy rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location of the pool volume. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the pool volume. +- Required: Yes +- Type: string + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `protocolTypes` + +Set of protocol types. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceLevel` + +The pool service level. Must match the one of the parent capacity pool. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Premium, Standard, StandardZRS, Ultra]` + +### Parameter: `subnetResourceId` + +The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. +- Required: Yes +- Type: string + +### Parameter: `usageThreshold` + +Maximum storage quota allowed for a file system in bytes. +- Required: Yes +- Type: int ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Volume. | diff --git a/modules/net-app/net-app-account/capacity-pool/volume/main.json b/modules/net-app/net-app-account/capacity-pool/volume/main.json index 49b126bd4d..67e9e039f4 100644 --- a/modules/net-app/net-app-account/capacity-pool/volume/main.json +++ b/modules/net-app/net-app-account/capacity-pool/volume/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5724175752968001086" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -161,8 +161,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6579931820257793193" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { diff --git a/modules/net-app/net-app-account/main.json b/modules/net-app/net-app-account/main.json index 0a493368ff..60bd7acee6 100644 --- a/modules/net-app/net-app-account/main.json +++ b/modules/net-app/net-app-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5672083206908645861" + "version": "0.22.6.54827", + "templateHash": "5505435135426261272" }, "name": "Azure NetApp Files", "description": "This module deploys an Azure NetApp File.", @@ -204,8 +204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7683969196599898101" + "version": "0.22.6.54827", + "templateHash": "4540603330973895229" } }, "parameters": { @@ -361,8 +361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10886668033150864965" + "version": "0.22.6.54827", + "templateHash": "12343130799883120576" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -548,8 +548,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5786364369491933087" + "version": "0.22.6.54827", + "templateHash": "14691007687090359135" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -705,8 +705,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9382580519288369520" + "version": "0.22.6.54827", + "templateHash": "11293747403075474966" } }, "parameters": { @@ -890,8 +890,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3927269100657288300" + "version": "0.22.6.54827", + "templateHash": "121785236396056059" } }, "parameters": { diff --git a/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep b/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep index f9b166f85c..0c71d78598 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep +++ b/modules/network/application-gateway-web-application-firewall-policy/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-gateway-web-application-firewall-policy/README.md b/modules/network/application-gateway-web-application-firewall-policy/README.md index ecc3fd56fa..3aa36771ea 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/README.md +++ b/modules/network/application-gateway-web-application-firewall-policy/README.md @@ -5,10 +5,10 @@ This module deploys an Application Gateway Web Application Firewall (WAF) Policy ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,54 +16,28 @@ This module deploys an Application Gateway Web Application Firewall (WAF) Policy | :-- | :-- | | `Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/ApplicationGatewayWebApplicationFirewallPolicies) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Gateway WAF policy. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `customRules` | array | `[]` | The custom rules inside the policy. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `managedRules` | object | `{object}` | Describes the managedRules structure. | -| `policySettings` | object | `{object}` | The PolicySettings for policy. | -| `tags` | object | `{object}` | Resource tags. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application gateway WAF policy. | -| `resourceGroupName` | string | The resource group the application gateway WAF policy was deployed into. | -| `resourceId` | string | The resource ID of the application gateway WAF policy. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-gateway-web-application-firewall-policy:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGatewayWebApplicationFirewallPolicy './network/application-gateway-web-application-firewall-policy/main.bicep' = { +module applicationGatewayWebApplicationFirewallPolicy 'br:bicep/modules/network.application-gateway-web-application-firewall-policy:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagwafpcom' params: { // Required parameters @@ -154,3 +128,85 @@ module applicationGatewayWebApplicationFirewallPolicy './network/application-gat

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Gateway WAF policy. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`customRules`](#parameter-customrules) | array | The custom rules inside the policy. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managedRules`](#parameter-managedrules) | object | Describes the managedRules structure. | +| [`policySettings`](#parameter-policysettings) | object | The PolicySettings for policy. | +| [`tags`](#parameter-tags) | object | Resource tags. | + +### Parameter: `customRules` + +The custom rules inside the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `managedRules` + +Describes the managedRules structure. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Name of the Application Gateway WAF policy. +- Required: Yes +- Type: string + +### Parameter: `policySettings` + +The PolicySettings for policy. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application gateway WAF policy. | +| `resourceGroupName` | string | The resource group the application gateway WAF policy was deployed into. | +| `resourceId` | string | The resource ID of the application gateway WAF policy. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/application-gateway-web-application-firewall-policy/main.json b/modules/network/application-gateway-web-application-firewall-policy/main.json index 3586f21c15..9c0a3caeb5 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/main.json +++ b/modules/network/application-gateway-web-application-firewall-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1454714316313419889" + "version": "0.22.6.54827", + "templateHash": "1301728261383253712" }, "name": "Application Gateway Web Application Firewall (WAF) Policies", "description": "This module deploys an Application Gateway Web Application Firewall (WAF) Policy.", diff --git a/modules/network/application-gateway/.test/common/main.test.bicep b/modules/network/application-gateway/.test/common/main.test.bicep index 9c66f3fa8e..548ada9bbd 100644 --- a/modules/network/application-gateway/.test/common/main.test.bicep +++ b/modules/network/application-gateway/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index b8e66e159f..a3543bde21 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -5,10 +5,10 @@ This module deploys a Network Application Gateway. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -21,103 +21,28 @@ This module deploys a Network Application Gateway. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Gateway. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `authenticationCertificates` | array | `[]` | | Authentication certificates of the application gateway resource. | -| `autoscaleMaxCapacity` | int | `-1` | | Upper bound on number of Application Gateway capacity. | -| `autoscaleMinCapacity` | int | `-1` | | Lower bound on number of Application Gateway capacity. | -| `backendAddressPools` | array | `[]` | | Backend address pool of the application gateway resource. | -| `backendHttpSettingsCollection` | array | `[]` | | Backend http settings of the application gateway resource. | -| `backendSettingsCollection` | array | `[]` | | Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | -| `capacity` | int | `2` | | The number of Application instances to be configured. | -| `customErrorConfigurations` | array | `[]` | | Custom error configurations of the application gateway resource. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableFips` | bool | `False` | | Whether FIPS is enabled on the application gateway resource. | -| `enableHttp2` | bool | `False` | | Whether HTTP2 is enabled on the application gateway resource. | -| `enableRequestBuffering` | bool | `False` | | Enable request buffering. | -| `enableResponseBuffering` | bool | `False` | | Enable response buffering. | -| `firewallPolicyId` | string | `''` | | The resource ID of an associated firewall policy. Should be configured for security reasons. | -| `frontendIPConfigurations` | array | `[]` | | Frontend IP addresses of the application gateway resource. | -| `frontendPorts` | array | `[]` | | Frontend ports of the application gateway resource. | -| `gatewayIPConfigurations` | array | `[]` | | Subnets of the application gateway resource. | -| `httpListeners` | array | `[]` | | Http listeners of the application gateway resource. | -| `listeners` | array | `[]` | | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | -| `loadDistributionPolicies` | array | `[]` | | Load distribution policies of the application gateway resource. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `privateLinkConfigurations` | array | `[]` | | PrivateLink configurations on application gateway. | -| `probes` | array | `[]` | | Probes of the application gateway resource. | -| `redirectConfigurations` | array | `[]` | | Redirect configurations of the application gateway resource. | -| `requestRoutingRules` | array | `[]` | | Request routing rules of the application gateway resource. | -| `rewriteRuleSets` | array | `[]` | | Rewrite rules for the application gateway resource. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routingRules` | array | `[]` | | Routing rules of the application gateway resource. | -| `sku` | string | `'WAF_Medium'` | `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` | The name of the SKU for the Application Gateway. | -| `sslCertificates` | array | `[]` | | SSL certificates of the application gateway resource. | -| `sslPolicyCipherSuites` | array | `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` | `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` | Ssl cipher suites to be enabled in the specified order to application gateway. | -| `sslPolicyMinProtocolVersion` | string | `'TLSv1_2'` | `[TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3]` | Ssl protocol enums. | -| `sslPolicyName` | string | `''` | `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, AppGwSslPolicy20220101, AppGwSslPolicy20220101S]` | Ssl predefined policy name enums. | -| `sslPolicyType` | string | `'Custom'` | `[Custom, CustomV2, Predefined]` | Type of Ssl Policy. | -| `sslProfiles` | array | `[]` | | SSL profiles of the application gateway resource. | -| `tags` | object | `{object}` | | Resource tags. | -| `trustedClientCertificates` | array | `[]` | | Trusted client certificates of the application gateway resource. | -| `trustedRootCertificates` | array | `[]` | | Trusted Root certificates of the application gateway resource. | -| `urlPathMaps` | array | `[]` | | URL path map of the application gateway resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `webApplicationFirewallConfiguration` | object | `{object}` | | Application gateway web application firewall configuration. Should be configured for security reasons. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application gateway. | -| `resourceGroupName` | string | The resource group the application gateway was deployed into. | -| `resourceId` | string | The resource ID of the application gateway. | +## Usage examples -## Cross-referenced modules +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-gateway:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationGateway './network/application-gateway/main.bicep' = { +module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nagcom' params: { // Required parameters @@ -1024,3 +949,457 @@ module applicationGateway './network/application-gateway/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Gateway. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authenticationCertificates`](#parameter-authenticationcertificates) | array | Authentication certificates of the application gateway resource. | +| [`autoscaleMaxCapacity`](#parameter-autoscalemaxcapacity) | int | Upper bound on number of Application Gateway capacity. | +| [`autoscaleMinCapacity`](#parameter-autoscalemincapacity) | int | Lower bound on number of Application Gateway capacity. | +| [`backendAddressPools`](#parameter-backendaddresspools) | array | Backend address pool of the application gateway resource. | +| [`backendHttpSettingsCollection`](#parameter-backendhttpsettingscollection) | array | Backend http settings of the application gateway resource. | +| [`backendSettingsCollection`](#parameter-backendsettingscollection) | array | Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | +| [`capacity`](#parameter-capacity) | int | The number of Application instances to be configured. | +| [`customErrorConfigurations`](#parameter-customerrorconfigurations) | array | Custom error configurations of the application gateway resource. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableFips`](#parameter-enablefips) | bool | Whether FIPS is enabled on the application gateway resource. | +| [`enableHttp2`](#parameter-enablehttp2) | bool | Whether HTTP2 is enabled on the application gateway resource. | +| [`enableRequestBuffering`](#parameter-enablerequestbuffering) | bool | Enable request buffering. | +| [`enableResponseBuffering`](#parameter-enableresponsebuffering) | bool | Enable response buffering. | +| [`firewallPolicyId`](#parameter-firewallpolicyid) | string | The resource ID of an associated firewall policy. Should be configured for security reasons. | +| [`frontendIPConfigurations`](#parameter-frontendipconfigurations) | array | Frontend IP addresses of the application gateway resource. | +| [`frontendPorts`](#parameter-frontendports) | array | Frontend ports of the application gateway resource. | +| [`gatewayIPConfigurations`](#parameter-gatewayipconfigurations) | array | Subnets of the application gateway resource. | +| [`httpListeners`](#parameter-httplisteners) | array | Http listeners of the application gateway resource. | +| [`listeners`](#parameter-listeners) | array | Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). | +| [`loadDistributionPolicies`](#parameter-loaddistributionpolicies) | array | Load distribution policies of the application gateway resource. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`privateLinkConfigurations`](#parameter-privatelinkconfigurations) | array | PrivateLink configurations on application gateway. | +| [`probes`](#parameter-probes) | array | Probes of the application gateway resource. | +| [`redirectConfigurations`](#parameter-redirectconfigurations) | array | Redirect configurations of the application gateway resource. | +| [`requestRoutingRules`](#parameter-requestroutingrules) | array | Request routing rules of the application gateway resource. | +| [`rewriteRuleSets`](#parameter-rewriterulesets) | array | Rewrite rules for the application gateway resource. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`routingRules`](#parameter-routingrules) | array | Routing rules of the application gateway resource. | +| [`sku`](#parameter-sku) | string | The name of the SKU for the Application Gateway. | +| [`sslCertificates`](#parameter-sslcertificates) | array | SSL certificates of the application gateway resource. | +| [`sslPolicyCipherSuites`](#parameter-sslpolicyciphersuites) | array | Ssl cipher suites to be enabled in the specified order to application gateway. | +| [`sslPolicyMinProtocolVersion`](#parameter-sslpolicyminprotocolversion) | string | Ssl protocol enums. | +| [`sslPolicyName`](#parameter-sslpolicyname) | string | Ssl predefined policy name enums. | +| [`sslPolicyType`](#parameter-sslpolicytype) | string | Type of Ssl Policy. | +| [`sslProfiles`](#parameter-sslprofiles) | array | SSL profiles of the application gateway resource. | +| [`tags`](#parameter-tags) | object | Resource tags. | +| [`trustedClientCertificates`](#parameter-trustedclientcertificates) | array | Trusted client certificates of the application gateway resource. | +| [`trustedRootCertificates`](#parameter-trustedrootcertificates) | array | Trusted Root certificates of the application gateway resource. | +| [`urlPathMaps`](#parameter-urlpathmaps) | array | URL path map of the application gateway resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`webApplicationFirewallConfiguration`](#parameter-webapplicationfirewallconfiguration) | object | Application gateway web application firewall configuration. Should be configured for security reasons. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `authenticationCertificates` + +Authentication certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `autoscaleMaxCapacity` + +Upper bound on number of Application Gateway capacity. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `autoscaleMinCapacity` + +Lower bound on number of Application Gateway capacity. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `backendAddressPools` + +Backend address pool of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `backendHttpSettingsCollection` + +Backend http settings of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `backendSettingsCollection` + +Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `capacity` + +The number of Application instances to be configured. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `customErrorConfigurations` + +Custom error configurations of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ApplicationGatewayAccessLog, ApplicationGatewayFirewallLog, ApplicationGatewayPerformanceLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableFips` + +Whether FIPS is enabled on the application gateway resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableHttp2` + +Whether HTTP2 is enabled on the application gateway resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableRequestBuffering` + +Enable request buffering. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableResponseBuffering` + +Enable response buffering. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `firewallPolicyId` + +The resource ID of an associated firewall policy. Should be configured for security reasons. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frontendIPConfigurations` + +Frontend IP addresses of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `frontendPorts` + +Frontend ports of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `gatewayIPConfigurations` + +Subnets of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpListeners` + +Http listeners of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `listeners` + +Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `loadDistributionPolicies` + +Load distribution policies of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Gateway. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `privateLinkConfigurations` + +PrivateLink configurations on application gateway. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `probes` + +Probes of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `redirectConfigurations` + +Redirect configurations of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `requestRoutingRules` + +Request routing rules of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `rewriteRuleSets` + +Rewrite rules for the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `routingRules` + +Routing rules of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the SKU for the Application Gateway. +- Required: No +- Type: string +- Default: `'WAF_Medium'` +- Allowed: `[Standard_Large, Standard_Medium, Standard_Small, Standard_v2, WAF_Large, WAF_Medium, WAF_v2]` + +### Parameter: `sslCertificates` + +SSL certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sslPolicyCipherSuites` + +Ssl cipher suites to be enabled in the specified order to application gateway. +- Required: No +- Type: array +- Default: `[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]` +- Allowed: `[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384]` + +### Parameter: `sslPolicyMinProtocolVersion` + +Ssl protocol enums. +- Required: No +- Type: string +- Default: `'TLSv1_2'` +- Allowed: `[TLSv1_0, TLSv1_1, TLSv1_2, TLSv1_3]` + +### Parameter: `sslPolicyName` + +Ssl predefined policy name enums. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', AppGwSslPolicy20150501, AppGwSslPolicy20170401, AppGwSslPolicy20170401S, AppGwSslPolicy20220101, AppGwSslPolicy20220101S]` + +### Parameter: `sslPolicyType` + +Type of Ssl Policy. +- Required: No +- Type: string +- Default: `'Custom'` +- Allowed: `[Custom, CustomV2, Predefined]` + +### Parameter: `sslProfiles` + +SSL profiles of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Resource tags. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trustedClientCertificates` + +Trusted client certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `trustedRootCertificates` + +Trusted Root certificates of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `urlPathMaps` + +URL path map of the application gateway resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `webApplicationFirewallConfiguration` + +Application gateway web application firewall configuration. Should be configured for security reasons. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application gateway. | +| `resourceGroupName` | string | The resource group the application gateway was deployed into. | +| `resourceId` | string | The resource ID of the application gateway. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/network/application-gateway/main.json b/modules/network/application-gateway/main.json index 60b0d828c3..c1c3844517 100644 --- a/modules/network/application-gateway/main.json +++ b/modules/network/application-gateway/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7571026279371080579" + "version": "0.22.6.54827", + "templateHash": "214441703213354743" }, "name": "Network Application Gateways", "description": "This module deploys a Network Application Gateway.", @@ -587,8 +587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -787,8 +787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -925,8 +925,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -1139,8 +1139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5981161114261866158" + "version": "0.22.6.54827", + "templateHash": "4623397595540345983" } }, "parameters": { diff --git a/modules/network/application-security-group/.test/common/main.test.bicep b/modules/network/application-security-group/.test/common/main.test.bicep index 8f996a1349..d97c89d410 100644 --- a/modules/network/application-security-group/.test/common/main.test.bicep +++ b/modules/network/application-security-group/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index 6b5150d961..6b0c397430 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -5,10 +5,10 @@ This module deploys an Application Security Group (ASG). ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,53 +18,28 @@ This module deploys an Application Security Group (ASG). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/applicationSecurityGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/applicationSecurityGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Application Security Group. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the resource. | +## Usage examples +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the application security group. | -| `resourceGroupName` | string | The resource group the application security group was deployed into. | -| `resourceId` | string | The resource ID of the application security group. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.application-security-group:1.0.0`. -## Deployment examples +- [Using large parameter set](#example-1-using-large-parameter-set) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using large parameter set_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with most of its features enabled. -

Example 1: Common

via Bicep module ```bicep -module applicationSecurityGroup './network/application-security-group/main.bicep' = { +module applicationSecurityGroup 'br:bicep/modules/network.application-security-group:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nasgcom' params: { // Required parameters @@ -137,3 +112,78 @@ module applicationSecurityGroup './network/application-security-group/main.bicep

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Application Security Group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Application Security Group. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the application security group. | +| `resourceGroupName` | string | The resource group the application security group was deployed into. | +| `resourceId` | string | The resource ID of the application security group. | + +## Cross-referenced modules + +_None_ diff --git a/modules/network/application-security-group/main.json b/modules/network/application-security-group/main.json index 5cac0b4ccf..a733a611db 100644 --- a/modules/network/application-security-group/main.json +++ b/modules/network/application-security-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9223506282900740503" + "version": "0.22.6.54827", + "templateHash": "4115045672718601619" }, "name": "Application Security Groups (ASG)", "description": "This module deploys an Application Security Group (ASG).", @@ -130,8 +130,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4152038459218204517" + "version": "0.22.6.54827", + "templateHash": "1920288953009439364" } }, "parameters": { diff --git a/modules/network/azure-firewall/.test/common/main.test.bicep b/modules/network/azure-firewall/.test/common/main.test.bicep index 0bac54906a..17193997bd 100644 --- a/modules/network/azure-firewall/.test/common/main.test.bicep +++ b/modules/network/azure-firewall/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/azure-firewall/.test/min/main.test.bicep b/modules/network/azure-firewall/.test/min/main.test.bicep index 9b3e65d2f4..28620b7046 100644 --- a/modules/network/azure-firewall/.test/min/main.test.bicep +++ b/modules/network/azure-firewall/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index 58c2d46f73..33a9842f08 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -4,13 +4,13 @@ This module deploys an Azure Firewall. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,91 +20,30 @@ This module deploys an Azure Firewall. | `Microsoft.Network/azureFirewalls` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/azureFirewalls) | | `Microsoft.Network/publicIPAddresses` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/publicIPAddresses) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Firewall. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `hubIPAddresses` | object | `{object}` | IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. | -| `virtualHubId` | string | `''` | The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. | -| `vNetId` | string | `''` | Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalPublicIpConfigurations` | array | `[]` | | This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. | -| `applicationRuleCollections` | array | `[]` | | Collection of application rule collections used by Azure Firewall. | -| `azureSkuTier` | string | `'Standard'` | `[Basic, Premium, Standard]` | Tier of an Azure Firewall. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Diagnostic Storage Account resource identifier. | -| `diagnosticWorkspaceId` | string | `''` | | Log Analytics workspace resource identifier. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallPolicyId` | string | `''` | | Resource ID of the Firewall Policy that should be attached. | -| `isCreateDefaultPublicIP` | bool | `True` | | Specifies if a Public IP should be created by default if one is not provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managementIPAddressObject` | object | `{object}` | | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | -| `managementIPResourceID` | string | `''` | | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | -| `natRuleCollections` | array | `[]` | | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | `[]` | | Collection of network rule collections used by Azure Firewall. | -| `publicIPAddressObject` | object | `{object}` | | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. | -| `publicIPResourceID` | string | `''` | | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `tags` | object | `{object}` | | Tags of the Azure Firewall resource. | -| `threatIntelMode` | string | `'Deny'` | `[Alert, Deny, Off]` | The operation mode for Threat Intel. | -| `zones` | array | `[1, 2, 3]` | | Zone numbers e.g. 1,2,3. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `applicationRuleCollections` | array | List of Application Rule Collections. | -| `ipConfAzureFirewallSubnet` | object | The Public IP configuration object for the Azure Firewall Subnet. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Azure Firewall. | -| `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. | -| `networkRuleCollections` | array | List of Network Rule Collections. | -| `privateIp` | string | The private IP of the Azure firewall. | -| `resourceGroupName` | string | The resource group the Azure firewall was deployed into. | -| `resourceId` | string | The resource ID of the Azure Firewall. | - - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +## Usage examples -| Reference | Type | -| :-- | :-- | -| `network/public-ip-address` | Local reference | - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Addpip

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.azure-firewall:1.0.0`. + +- [Addpip](#example-1-addpip) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [Custompip](#example-3-custompip) +- [Hubcommon](#example-4-hubcommon) +- [Hubmin](#example-5-hubmin) +- [Using only defaults](#example-6-using-only-defaults) + +### Example 1: _Addpip_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafaddpip' params: { // Required parameters @@ -202,14 +141,17 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafcom' params: { // Required parameters @@ -485,14 +427,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 3: Custompip

+### Example 3: _Custompip_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafcstpip' params: { // Required parameters @@ -596,14 +538,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 4: Hubcommon

+### Example 4: _Hubcommon_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafhubcom' params: { // Required parameters @@ -673,14 +615,14 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 5: Hubmin

+### Example 5: _Hubmin_
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafhubmin' params: { // Required parameters @@ -734,14 +676,17 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

-

Example 6: Min

+### Example 6: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module azureFirewall './network/azure-firewall/main.bicep' = { +module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-nafmin' params: { // Required parameters @@ -782,3 +727,280 @@ module azureFirewall './network/azure-firewall/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Firewall. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hubIPAddresses`](#parameter-hubipaddresses) | object | IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. | +| [`virtualHubId`](#parameter-virtualhubid) | string | The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. | +| [`vNetId`](#parameter-vnetid) | string | Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalPublicIpConfigurations`](#parameter-additionalpublicipconfigurations) | array | This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. | +| [`applicationRuleCollections`](#parameter-applicationrulecollections) | array | Collection of application rule collections used by Azure Firewall. | +| [`azureSkuTier`](#parameter-azureskutier) | string | Tier of an Azure Firewall. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Diagnostic Storage Account resource identifier. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Log Analytics workspace resource identifier. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallPolicyId`](#parameter-firewallpolicyid) | string | Resource ID of the Firewall Policy that should be attached. | +| [`isCreateDefaultPublicIP`](#parameter-iscreatedefaultpublicip) | bool | Specifies if a Public IP should be created by default if one is not provided. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`managementIPAddressObject`](#parameter-managementipaddressobject) | object | Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. | +| [`managementIPResourceID`](#parameter-managementipresourceid) | string | The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. | +| [`natRuleCollections`](#parameter-natrulecollections) | array | Collection of NAT rule collections used by Azure Firewall. | +| [`networkRuleCollections`](#parameter-networkrulecollections) | array | Collection of network rule collections used by Azure Firewall. | +| [`publicIPAddressObject`](#parameter-publicipaddressobject) | object | Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. | +| [`publicIPResourceID`](#parameter-publicipresourceid) | string | The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`tags`](#parameter-tags) | object | Tags of the Azure Firewall resource. | +| [`threatIntelMode`](#parameter-threatintelmode) | string | The operation mode for Threat Intel. | +| [`zones`](#parameter-zones) | array | Zone numbers e.g. 1,2,3. | + +### Parameter: `additionalPublicIpConfigurations` + +This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `applicationRuleCollections` + +Collection of application rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `azureSkuTier` + +Tier of an Azure Firewall. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, AzureFirewallApplicationRule, AzureFirewallDnsProxy, AzureFirewallNetworkRule]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Diagnostic Storage Account resource identifier. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Log Analytics workspace resource identifier. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallPolicyId` + +Resource ID of the Firewall Policy that should be attached. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hubIPAddresses` + +IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `isCreateDefaultPublicIP` + +Specifies if a Public IP should be created by default if one is not provided. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `managementIPAddressObject` + +Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `managementIPResourceID` + +The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +Name of the Azure Firewall. +- Required: Yes +- Type: string + +### Parameter: `natRuleCollections` + +Collection of NAT rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkRuleCollections` + +Collection of network rule collections used by Azure Firewall. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicIPAddressObject` + +Specifies the properties of the Public IP to create and be used by Azure Firewall. If it's not provided and publicIPResourceID is empty, a '-pip' suffix will be appended to the Firewall's name. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `publicIPResourceID` + +The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +Tags of the Azure Firewall resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `threatIntelMode` + +The operation mode for Threat Intel. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Alert, Deny, Off]` + +### Parameter: `virtualHubId` + +The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vNetId` + +Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `zones` + +Zone numbers e.g. 1,2,3. +- Required: No +- Type: array +- Default: `[1, 2, 3]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `applicationRuleCollections` | array | List of Application Rule Collections. | +| `ipConfAzureFirewallSubnet` | object | The Public IP configuration object for the Azure Firewall Subnet. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Azure Firewall. | +| `natRuleCollections` | array | Collection of NAT rule collections used by Azure Firewall. | +| `networkRuleCollections` | array | List of Network Rule Collections. | +| `privateIp` | string | The private IP of the Azure firewall. | +| `resourceGroupName` | string | The resource group the Azure firewall was deployed into. | +| `resourceId` | string | The resource ID of the Azure Firewall. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/public-ip-address` | Local reference | diff --git a/modules/network/azure-firewall/main.json b/modules/network/azure-firewall/main.json index 860263abc5..e51d5158ae 100644 --- a/modules/network/azure-firewall/main.json +++ b/modules/network/azure-firewall/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1618306039549240547" + "version": "0.22.6.54827", + "templateHash": "11388637561853566149" }, "name": "Azure Firewalls", "description": "This module deploys an Azure Firewall.", @@ -417,8 +417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -751,8 +751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -988,8 +988,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1887898957722092173" + "version": "0.22.6.54827", + "templateHash": "4317747709004918530" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address.", @@ -1322,8 +1322,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.22.6.54827", + "templateHash": "9976109177347918049" } }, "parameters": { @@ -1540,8 +1540,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4956524931122744714" + "version": "0.22.6.54827", + "templateHash": "11885290344977420864" } }, "parameters": { From be6eedf7c3f283aa428290dbd74b54042073b5b1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 23:08:18 +0200 Subject: [PATCH 5/7] Added docs --- utilities/tools/Set-Module.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index 17acac4c47..0acdcfdec6 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -15,6 +15,9 @@ Mandatory. The path to the module folder to generate the content for. .PARAMETER Recurse Optional. Set this parameter if you not only want to generate the content for one module, but also any nested module in the same path. +.PARAMETER Depth +Optional. Recursion depth for the module search. + .PARAMETER SkipBuild Optional. Set this parameter if you don't want to build/compile the JSON template(s) for the contained `main.bicep` file(s). From 081b987cc8ee63e651584b7d2ab393f84520396e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 23:25:22 +0200 Subject: [PATCH 6/7] Added silent continue on finally for non-cancel --- utilities/tools/Set-Module.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index 0acdcfdec6..8bc844b34a 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -162,7 +162,7 @@ function Set-Module { $job | Remove-Job } finally { # In case the user cancled the process, we need to make sure to stop all running jobs - $job | Remove-Job -Force + $job | Remove-Job -Force -ErrorAction 'SilentlyContinue' } } } From e1f8c6867fc43b6a2677904ae7067fe81f4a1112 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 16 Oct 2023 23:51:31 +0200 Subject: [PATCH 7/7] Update utilities/tools/Set-Module.ps1 Co-authored-by: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> --- utilities/tools/Set-Module.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utilities/tools/Set-Module.ps1 b/utilities/tools/Set-Module.ps1 index 8bc844b34a..d0435f66a7 100644 --- a/utilities/tools/Set-Module.ps1 +++ b/utilities/tools/Set-Module.ps1 @@ -161,7 +161,7 @@ function Set-Module { # Clean up the job. $job | Remove-Job } finally { - # In case the user cancled the process, we need to make sure to stop all running jobs + # In case the user cancelled the process, we need to make sure to stop all running jobs $job | Remove-Job -Force -ErrorAction 'SilentlyContinue' } }